0028ebd6a2cbe65ae1c8a49c86d7bd90 | Triage

Sharing

General

Target

0028ebd6a2cbe65ae1c8a49c86d7bd90
Size

262KB
MD5

0028ebd6a2cbe65ae1c8a49c86d7bd90
SHA1

e4be297050efc009da890d9a66726d522655217b
SHA256

71f670dbf477a5c4b74994f598c108b15f7a8baa326b133f990921525659e72f
SHA512

0f7328731a73d8250555b363353a729fccb916b741d67a5691bbad179af3a4fcdd4d755f25fe021a4152e813634e6ef035b224c9002134fa8e3d184af98b5551
SSDEEP

6144:1i52Rbz45Zl3xkhuB13f8NQNoI1BGiBeFx7/0Z3cz:1igRbz4FHE2NoAezrsO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0028ebd6a2cbe65ae1c8a49c86d7bd90

Files

0028ebd6a2cbe65ae1c8a49c86d7bd90
.exe windows:5 windows x86 arch:x86

984923158010b8f60fbc77aeb87a2d2a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathAddExtensionA
StrFormatByteSize64A

kernel32

GetProcAddress
LoadLibraryA
VirtualAlloc
ExitProcess
VirtualProtect

user32

LoadBitmapW
GetMessageW

Sections

.text
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ