65dd8ccdb073162e916b5a5013a2dfbd | Triage

Sharing

General

Target

65dd8ccdb073162e916b5a5013a2dfbd
Size

86KB
MD5

65dd8ccdb073162e916b5a5013a2dfbd
SHA1

3ee7ef2250ea9cee2da93f7bd6c06a127a87eb70
SHA256

d64f8e7f289aee3070a42e29bf9cf10634f22229abc3ceea15e7c930e33d09c5
SHA512

719cd8e1d9759418b7811c1ecddf79d0043af5737cd564022dc32bb2c773e63abab7223814e368ddd8c6e1f0cc63244be9054b11cdf0543a2e68d7d2b06c6e2d
SSDEEP

1536:BMxsECebjcZQEgIQEBPr4ETqj0zKLJEq:hECekZQEpQ5Hm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
65dd8ccdb073162e916b5a5013a2dfbd

Files

65dd8ccdb073162e916b5a5013a2dfbd
.exe windows:5 windows x86 arch:x86

07dfab96dadee4f55066295a3a6b67c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
GetCommandLineA
GetModuleHandleA
CloseHandle
CreateFileA

user32

CopyAcceleratorTableA
LoadCursorA
DdeDisconnectList
DefDlgProcA
DestroyMenu
LoadIconA
CreateDesktopW
ChangeMenuW

gdi32

MoveToEx
StrokeAndFillPath
TextOutA
SetMapperFlags
StartPage
RemoveFontResourceExA
EnumFontFamiliesExW
GetBitmapBits
GetTextExtentPointA
PaintRgn
SetDIBits
SetPixelV
PolyBezierTo
ScaleViewportExtEx
FrameRgn
GetDCPenColor
GetROP2
GetTextMetricsW
CreateEllipticRgnIndirect

shlwapi

StrRChrIA
StrChrA

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.NLF
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ