f657cf1568b0aa611399a55e31bffed9 | Triage

Sharing

General

Target

f657cf1568b0aa611399a55e31bffed9
Size

170KB
MD5

f657cf1568b0aa611399a55e31bffed9
SHA1

335d58e229360654e116a1484dc2f3073d6c89de
SHA256

3fcaad92d5ba777770a47b66596a924de998b818462aa9d66186b0236368d900
SHA512

0a672a87f46246c792233c43ec3da3c7e2a9d53da47257427c55ccab0eaf8a7e3438ef4241591293f155eb91693e158feb4ca5e97ea9b9f4e4859b6d1720e7e5
SSDEEP

3072:X6qqgIuu6x23g+BrSqIsyAq/7F/z9hoLxOmVG0oqwYP8uObQxsuLWtoGqON:JCgx2n4l/7hz9Ogm0NXuYqM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f657cf1568b0aa611399a55e31bffed9

Files

f657cf1568b0aa611399a55e31bffed9
.exe windows:4 windows x86 arch:x86

7f7dd9cda21034a3c3dc93e8ff71d95d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

comdlg32

ChooseFontA
GetOpenFileNameA

setupapi

CM_Get_Depth
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

kernel32

GlobalAddAtomA
HeapFree
VirtualProtect
SetFilePointer
ExitProcess
GetSystemInfo
GetCurrentProcess
ReadFile
VirtualQuery
SetEndOfFile
EnumResourceNamesW
RtlUnwind
GetOEMCP
GetVolumeInformationA
FlushFileBuffers
HeapAlloc
WriteFile
FindAtomW

ole32

CoTaskMemFree
CoCreateInstance
CLSIDFromString
StgCreateDocfile

Sections

.text
Size: 90KB - Virtual size: 490KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ