03d49ce319034726d97db567b9fbdd57[.]exe | Triage

Sharing

General

Target

03d49ce319034726d97db567b9fbdd57.exe
Size

97KB
MD5

03d49ce319034726d97db567b9fbdd57
SHA1

0a630339ec179edc35a7e74b231ae6f525b01f0c
SHA256

1b55fb9622ee90e30a271551a554c22902a2e9862b28f5c6e893491be2318c10
SHA512

d0d08f658e3365ffa86c2d2391df7f23175b819a3273d8b9fb1c2953ded2d79394eb97b7f7227f12c3d2fdf0fc0bef0178f75084274ad6295fbd1422d2404724
SSDEEP

3072:Sp7Ho6pzq9OSqC8xp/AKXJ0Lr1Ww1q/BHugcG0c:Sp7JpKOSkaKxwiBHZZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03d49ce319034726d97db567b9fbdd57.exe

Files

03d49ce319034726d97db567b9fbdd57.exe
.exe windows:4 windows x86 arch:x86

278352c6c492667fe3da57b72ca76d8e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathCombineW
UrlApplySchemeW
UrlGetPartW
UrlCombineW
UrlCanonicalizeW
PathAppendW

oleacc

GetOleaccVersionInfo
AccessibleObjectFromEvent

kernel32

RtlUnwind
SetUnhandledExceptionFilter
HeapFree
GetACP
IsDebuggerPresent
LoadLibraryA
InterlockedExchange
GetCPInfo
GetOEMCP
WriteFile
EnumResourceTypesW
LZCopy
GetStringTypeW
GetCurrentProcess
VirtualAlloc
LCMapStringA
GetStringTypeA
LCMapStringW
GetLocaleInfoA

msimg32

TransparentBlt

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSUnRegisterSessionNotification
WTSEnumerateSessionsW
WTSRegisterSessionNotification

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ