9b75869adb97a8613cdc9443c98eade5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9b75869adb97a8613cdc9443c98eade5
Size

9KB
MD5

9b75869adb97a8613cdc9443c98eade5
SHA1

2eb6686dff7bf8f11e79187af5abcb8c197dd712
SHA256

03c2873a2f3099efed6337e3e1b77fbf1b38847ddabd038189fce69e453d2d6e
SHA512

c8391c0789d64438cc1ed1c4797c54faa734a4370341bebbd82b96bf3f769b3c228acc46f975ef5be905edd02a5dc8327a2f7ef51a90bbdc8a06dcb07819db01
SSDEEP

192:/rnejFKdmTwrCduH14LJWX1ixqEnnnnnEwnnnnnnk:Tn+ImTRuHKZqEnnnnnHnnnnnn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9b75869adb97a8613cdc9443c98eade5

Files

9b75869adb97a8613cdc9443c98eade5
.exe windows:4 windows x86 arch:x86

21b711d1cd6dcdb97ebf72e1d2482aa4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptSetHashParam
RegQueryValueA
LookupAccountNameA
GetExplicitEntriesFromAclA
RegisterServiceCtrlHandlerA
IsTokenRestricted
LsaNtStatusToWinError

comctl32

ImageList_Replace
GetMUILanguage
ImageList_AddMasked
PropertySheetW
ImageList_Destroy
FlatSB_GetScrollPos
ImageList_DragMove
ImageList_SetFilter

shlwapi

UrlIsNoHistoryA
SHSetThreadRef
PathBuildRootA
PathFindFileNameA
SHDeleteEmptyKeyA
StrFormatKBSizeA
PathIsURLW

oleaut32

VarR4FromUI4
VarI2FromUI1
VarDecFromR4
VarI1FromDisp
VariantTimeToDosDateTime
VarUI4FromDisp

msvcrt

_wcsupr
_wfsopen
iswspace
_adj_fdiv_r
wcsrchr
_snwprintf
iswctype
_mbsnset

ole32

IsValidInterface
HBITMAP_UserFree
HMETAFILE_UserUnmarshal
OleCreateLinkFromDataEx
HWND_UserMarshal
STGMEDIUM_UserUnmarshal

Sections

.text
Size: 4KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE