80017516ebc534184fc06fac342d5def | Triage

Sharing

Copy URL Twitter E-mail

General

Target

80017516ebc534184fc06fac342d5def
Size

636KB
MD5

80017516ebc534184fc06fac342d5def
SHA1

5e03bc67924fbdcf07dbd9377f08b22c58e47587
SHA256

a33982fc8639c93a9e1502359f4edc24d9933c2f6b15c8d68cfd0d2f949906c5
SHA512

a9d22a8438b26aa021f45b8efe8019bf93951bc6a5a57f6ecc9ddbb15a710cd879258f2d3d1677e32e2756e95b70739f2a96c0b5dae73c6e9d107a021c87c2bb
SSDEEP

12288:T+roMKjjU+4/9ZE80kOt2OYDImcutIH0GDyArDcKvn4rZerbj2KNN0vvHJIi:TrMf+e9ZeVt2O5EktB4r2jTYKi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
80017516ebc534184fc06fac342d5def

Files

80017516ebc534184fc06fac342d5def
.exe windows:4 windows x86 arch:x86

a85f82d1b263f3294aea2065a3dbd840

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExA
GetTickCount
HeapReAlloc
GetVersion
GetAtomNameA
HeapCreate
WaitForSingleObject
lstrlenA
LocalSize
GetConsoleDisplayMode
CloseHandle
GetCommandLineA
CompareFileTime
GetModuleHandleA
SuspendThread
GetConsoleCP
GlobalUnlock
VirtualProtect
InterlockedExchange
WaitForMultipleObjects
GetSystemDefaultLangID

gdi32

GetFontData
GetMetaRgn
GetRgnBox
GetTextColor
Escape
DeleteObject
EqualRgn
BeginPath
EngLineTo
EndPath
CreateFontA
DeleteDC
CreatePalette
CreateICA
GetStringBitmapA
GetMetaFileA
FloodFill
Ellipse
AbortPath

httpapi

HttpGetCounters
HttpRemoveUrl
HttpAddUrl
HttpTerminate
HttpInitialize

clbcatq

GetDllType

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ