9b1e991e39fa3bc6c24d5f73d7496340 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9b1e991e39fa3bc6c24d5f73d7496340
Size

636KB
MD5

9b1e991e39fa3bc6c24d5f73d7496340
SHA1

a130305fe87c57e817bfb73972ab1c9b175f8ed9
SHA256

c272d3ca5e2024f9bb29f18fb308db0cbe3920dd9a520879a536be6b02869a9c
SHA512

785bf7c8c726e6cb13fd2ce7240cbf83dafaf6f863c03add4a4499f1c5ca44895347bb4587e49652f0c725dab9e6360ddefcdf4ae040783e2f44a5b1a24c35b0
SSDEEP

12288:C7jpS31ZxKSpzluJzNo15jH78WtvspyjriT/bmUH4Cu:IjcZxKcUt2JH7ztdmTA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9b1e991e39fa3bc6c24d5f73d7496340

Files

9b1e991e39fa3bc6c24d5f73d7496340
.exe windows:4 windows x86 arch:x86

d5b0c50629cf1376d24a6457e822837e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
GetTickCount
GetConsoleCP
HeapCreate
LoadLibraryExA
WaitForMultipleObjects
GetAtomNameA
VirtualProtect
CompareFileTime
SuspendThread
WaitForSingleObject
GetVersion
GetCommandLineA
GetSystemDefaultLangID
InterlockedExchange
LocalSize
CloseHandle
GetStdHandle
GlobalUnlock
GetModuleHandleA
lstrlenA

gdi32

DeleteObject
BeginPath
GetFontData
DeleteDC
CreateICA
Ellipse
GetMetaRgn
GetRgnBox
EngLineTo
CreatePalette
CreateFontA
Escape
FloodFill
GetMetaFileA
GetTextColor
AbortPath
EndPath
EqualRgn
GetStringBitmapA

winmm

auxSetVolume
auxGetVolume
OpenDriver
PlaySoundA
CloseDriver

secur32

AddCredentialsA

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ