b6a7abd510461d3d492a4c11db5aef58 | Triage

Sharing

General

Target

b6a7abd510461d3d492a4c11db5aef58
Size

636KB
MD5

b6a7abd510461d3d492a4c11db5aef58
SHA1

c4c6757629aad466a27ebd5ef7e4918bde469c6b
SHA256

8e99bc56a3008cbda4c10fb2bb76aa6c2f2c68efadee3b84789652935ded6e7f
SHA512

39f2ab3cb01d7d6ab6f93696ddcfc0742d3fdc4b5f080a182808c0d71ae3b66203db9f4ac4a1f56bd2b141adb4415b085ecf19b0380fcd132a24a6bb9078be8f
SSDEEP

12288:YhH+3KwNk6sFOHtuFySf1X5wAuyDEmjydkHEkzJEyMVz5SjHEe6:13JNk6fEFjZdDEDSHNqyYe6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6a7abd510461d3d492a4c11db5aef58

Files

b6a7abd510461d3d492a4c11db5aef58
.exe windows:4 windows x86 arch:x86

e8b52f8a312904a6cec171ecc23d75fb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
FormatMessageA
OpenSemaphoreA
GetThreadPriority
GetACP
GetExpandedNameA
FlushFileBuffers
HeapCreate
IsDebuggerPresent
GetEnvironmentStringsA
FindAtomA
WriteConsoleA
GetCurrentThread
GetSystemDirectoryA
InterlockedExchange
GetCompressedFileSizeA
GetCurrentProcessId
GetCurrentProcess
VirtualProtect
GetModuleHandleA
GetStdHandle

user32

FillRect
SetForegroundWindow
ReleaseDC
EndPaint
GetFocus
ValidateRgn
ShowWindow
GetWindowTextLengthA
wsprintfA
GetClassNameA
FrameRect
GetDlgItem
DrawTextA
GetCursorPos
IsIconic
BeginPaint
SetActiveWindow
GetParent
GetWindow

linkinfo

GetCanonicalPathInfoA
ResolveLinkInfoA
IsValidLinkInfo
DestroyLinkInfo
GetLinkInfoData

rtutils

LogEventW

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ