5c748ac8e28c264262cc80c9a2605080a8430af32dded1a32a0b53ea7cbea212 | Triage

Sharing

General

Target

5c748ac8e28c264262cc80c9a2605080a8430af32dded1a32a0b53ea7cbea212
Size

4.3MB
MD5

a318b3cfca6a4079f8f5ad521f6f067b
SHA1

6681ed132b355039311a64ae260a390faa0ab20d
SHA256

5c748ac8e28c264262cc80c9a2605080a8430af32dded1a32a0b53ea7cbea212
SHA512

714301b234b21ec79266694bc3c51f8d1d0e9b76267229d14da7bfbca9f86a9867d2fa6f8a63154fad28b85b69c68c49daecc620e4496bb2cf537b6b1abec699
SSDEEP

98304:ratspVwC5otbDiV7zKgdxcdluCJTUcQh2mnAk1YHhZBlsR:OAVpS/iVbxcpJTUOmT1Y4R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c748ac8e28c264262cc80c9a2605080a8430af32dded1a32a0b53ea7cbea212

Files

5c748ac8e28c264262cc80c9a2605080a8430af32dded1a32a0b53ea7cbea212
.exe windows:5 windows x64 arch:x64

234ecae781a7845c972346b1edefdddc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

shlwapi

StrStrA

user32

GetDC

gdi32

BitBlt

advapi32

FreeSid

shell32

SHChangeNotify

version

VerQueryValueW

setupapi

CM_Get_Parent

Exports

Exports

LoadEnvi
MemoryCompare
MemoryCopy
MemorySet
WndProc1
WndProc1_
WndProc2
WndProc2_
WndProc3
WndProc3_
dllMain_Name
main
main1
main5
mainB
mainB_
mainW
main_

Sections

.MPRESS1
Size: 4.2MB - Virtual size: 11.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE