6d9e3634cf655fa1644323194382ea4e | Triage

Sharing

General

Target

6d9e3634cf655fa1644323194382ea4e
Size

173KB
MD5

6d9e3634cf655fa1644323194382ea4e
SHA1

acadd678be642504a95dbfdafa210ce81b36df79
SHA256

e6769b3a72aa78124fd630713dc91e2d5c0e7f576751a1cc7cfc2f8b2ea33268
SHA512

d3862d208087acfa3799dc7da0e77204fc40edd49cf7ed374144ea5049d76e16fc67e9c0ee0923784e9204d1a94577abfde5bbf8c913c00f898c0f180ebf4c0f
SSDEEP

3072:EJnGurmKcrrYfZHfFVhX+mTc8Ihfvp4phwKAC0Q8/+2xfh7lQ6hpQ:EJGuSLrYRHdXX9IhfaVACO/NBplQ6I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6d9e3634cf655fa1644323194382ea4e

Files

6d9e3634cf655fa1644323194382ea4e
.exe windows:4 windows x86 arch:x86

7ee9b3dffee36817e9176091a06b52e0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

ShellExecuteW

comctl32

InitCommonControlsEx

clusapi

CloseCluster

user32

EnumDisplaySettingsW

kernel32

GetCurrentProcessId
ReplaceFileW
IsDebuggerPresent
GetCurrentThreadId
Sleep
GetProcessId
InterlockedExchange
QueryPerformanceCounter
EnumResourceTypesA
TerminateProcess
GetStartupInfoW
UnhandledExceptionFilter
ExitProcess
GetTickCount
SetUnhandledExceptionFilter
InterlockedCompareExchange
GetSystemTimeAsFileTime
GetCurrentProcess

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ