b556738a3e9209149390a70dadc779fe | Triage

Sharing

General

Target

b556738a3e9209149390a70dadc779fe
Size

288KB
MD5

b556738a3e9209149390a70dadc779fe
SHA1

1cc70b7d93cfec4356f925200a52fedee77bad43
SHA256

6d4411a4ee731410e5b6f60863fafea71feb36760bb3375704421a380c256a86
SHA512

afac0d06d60b2db8555fca672118309c1905b29e1d537e673612b3d4ecea3afe68ddd50810878fa80334e9f13f23d1d28cf16c8710ef0c03269f2f2ee0fb9aa3
SSDEEP

6144:+FnyO9ZlLWExBDajNY/iJh+wBsYMXsCJbPFepShTfvAhy:njQ/Y47T0pSVL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b556738a3e9209149390a70dadc779fe

Files

b556738a3e9209149390a70dadc779fe
.exe windows:4 windows x86 arch:x86

3228b0de41574e07a6fa2c9457c0956e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

shell32

ShellExecuteA
Shell_NotifyIconA

oleacc

CreateStdAccessibleObject

shlwapi

StrRetToBSTR
PathAppendW
PathIsRelativeW
PathFindExtensionW
StrCmpIW
PathCombineW

kernel32

ResetEvent
GlobalFindAtomA
LeaveCriticalSection
SetLastError
CreateThread
GetDiskFreeSpaceA
FlushInstructionCache
EnterCriticalSection
GetLocaleInfoA
GetModuleHandleA
SetEvent
VirtualQuery
EnumResourceLanguagesW
CloseHandle
InitializeCriticalSection
GetWindowsDirectoryA
CreateSemaphoreA
GetPrivateProfileStructW
InterlockedExchange
QueryPerformanceCounter
GetVersion
DeleteCriticalSection
CreateEventA
GetSystemDirectoryA
GetComputerNameA
Sleep
CompareStringA

Sections

.text
Size: 150KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ