12bc6dfe8a3546db987fc9a869daafb3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

12bc6dfe8a3546db987fc9a869daafb3
Size

686KB
MD5

12bc6dfe8a3546db987fc9a869daafb3
SHA1

2e455aebde377782b583e3f9fcc6ac6599434f67
SHA256

556511f32d76b6c0e8b11fc85d922d1b33906b48082508b9f78e8cc15de748d6
SHA512

f621a9956e55ea653ee9a2dc496cdffbc66168e25f9c53724cadcdb9a6e895556dd83f04300abdc106d085b04950a860bcd58a33ee0521454049f7ae8a896ccb
SSDEEP

12288:wY3gIDK6AwGzTRvMufhl5bFFvumxQ0kgI3gInmw/Bhor1q7vi2UXLeZ+zKTw:wYQIDKMudVjFvMBg4ZBWqzi/7Dz4w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12bc6dfe8a3546db987fc9a869daafb3

Files

12bc6dfe8a3546db987fc9a869daafb3
.exe windows:1 windows x86 arch:x86

6ff2851b509663a096ff060525482f91

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
ExitProcess
GetModuleHandleA

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

VariantChangeTypeEx

mpr

WNetOpenEnumA

gdi32

UnrealizeObject

ole32

CoTaskMemFree

comctl32

ImageList_SetIconSize

winspool.drv

OpenPrinterA

shell32

ShellExecuteA

Sections

pec1
Size: 139KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 544KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE