2c9942d3b3dac57c39c1221f045d736e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2c9942d3b3dac57c39c1221f045d736e
Size

26KB
MD5

2c9942d3b3dac57c39c1221f045d736e
SHA1

fe58c2c6bbcb55a6afab9875839313c01d1126fe
SHA256

b4b9a18d580215ce09dcfcb2d7f630395c38fc5c52b45f511472924d01d2738c
SHA512

1b7ea2d8ddf590e151e9c67fb28c8a1e2ddbe81e466da7aec0081ddddb429e40324810987c42eac75870615fdd014ecbe1f6ac70ae3c1549859474559069f1f4
SSDEEP

384:2IAMX0eeiQgCUIyhaHBeChTV6L9HCrBwrNgbwN4fZNOE0nkza7h6anwWOU7eY7YL:2IAMDQXJyhahe3xHzMPDH0fsB/+aH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c9942d3b3dac57c39c1221f045d736e

Files

2c9942d3b3dac57c39c1221f045d736e
.exe windows:3 windows x86 arch:x86

f0b1bae06c552fcea118d4a90b7406a3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsContentTypeA
UrlCreateFromPathA
SHRegCloseUSKey
SHRegQueryUSValueW
PathGetCharTypeA
StrFormatByteSizeW
StrRChrA

kernel32

RegisterWaitForSingleObjectEx
HeapValidate
ReadFileScatter
SetEnvironmentVariableW
GetVolumePathNameW
ReadConsoleOutputW
TryEnterCriticalSection

ole32

CoEnableCallCancellation
CoTaskMemFree
CoRegisterSurrogate
CoQueryProxyBlanket
MkParseDisplayName
HGLOBAL_UserUnmarshal

ntdll

NtSetTimer
ZwGetWriteWatch
NtQuerySecurityObject
RtlNumberOfClearBits
NtQueryEvent
DbgUiWaitStateChange
ZwOpenThread
ZwSetIoCompletion

gdi32

StrokeAndFillPath
PtInRegion
EndPage
GetPaletteEntries
MaskBlt
DrawEscape
GetSystemPaletteEntries
CreateBitmap

oleaut32

VarI4FromUI4
SysAllocStringLen
VarI2FromCy
VarCyFromR4
VarI4FromI2
VarBoolFromDisp
VarBoolFromUI4
VarI2FromStr

Sections

.text
Size: 5KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 20KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 960B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ