7a675f1da6fe60457792efdb5c89b4e4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7a675f1da6fe60457792efdb5c89b4e4
Size

279KB
MD5

7a675f1da6fe60457792efdb5c89b4e4
SHA1

eeef3904f78855cc87d1d7cad4d52c690b8db7cf
SHA256

7381d21572fa0542099b1bf3b4fed8c2a10f18aa87e852f1659a973612a8397e
SHA512

3287b12320790f9f9242ac1168c552d0f4a3a26fb72983bf438e8be848d0a3a36930948ec1a091b394debfbab206ade31077348f3ae6bc91e5aa32ae422f279b
SSDEEP

6144:RV1LgQz2gA9VjkGjagLIGjTyKr886yyKHpy8c3ltrNccT7+AxcOtha2XW:3JSgUwuagVHyFuykpy/ltrN3T7CODm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7a675f1da6fe60457792efdb5c89b4e4

Files

7a675f1da6fe60457792efdb5c89b4e4
.exe windows:4 windows x86 arch:x86

cbaf102ac279bb896a1eaad3d04c596b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

ChooseFontA
GetOpenFileNameA

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

kernel32

GetSystemInfo
GlobalAddAtomA
WriteFile
GetOEMCP
VirtualProtect
FlushFileBuffers
SetEndOfFile
RtlUnwind
EnumResourceNamesW
GetCurrentProcess
VirtualQuery
SetFilePointer
HeapAlloc
GetLongPathNameA
ExitProcess
ReadFile
HeapFree
FindAtomW

ole32

CoTaskMemFree
CLSIDFromString
CoCreateInstance
StgCreateDocfile

setupapi

CM_Get_Depth
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

Sections

.text
Size: 146KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ