b70d64a549fa4530d0d90aed313436e1 | Triage

Sharing

General

Target

b70d64a549fa4530d0d90aed313436e1
Size

51KB
MD5

b70d64a549fa4530d0d90aed313436e1
SHA1

45fa6fd2f2ce5cd140495cb5e77e726f0ecd409e
SHA256

6696620469d06375cb5094281955214eb7bee9300c9caeb0665adc3323a0c0a5
SHA512

074cbe5d2c423f1051b5b170c9df20ac0d2f6c550da4aafddcf0b9f18575a45b281c50477c59ce341e73dec11c8f83bdee1aacae62ed8aa1b66951a8a875abde
SSDEEP

1536:bmOLeuCDf/u9iptKk6g/Mrn9iZGgQchY7iR:b9CMiT/6g/YuGT4R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b70d64a549fa4530d0d90aed313436e1

Files

b70d64a549fa4530d0d90aed313436e1
.exe windows:4 windows x86 arch:x86

4e3d786049a223083f4b9ac9c617368b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle

ntdll

RtlStatMemoryStream
RtlUnicodeStringToAnsiString

user32

ValidateRgn
PaintDesktop
WindowFromDC

gdi32

DeleteObject
GetPixel
GetFontData
GetDCPenColor
ExcludeClipRect
CreatePen
ArcTo
LineTo
RemoveFontMemResourceEx
StrokePath
SetTextAlign
SetPixelV
SetMiterLimit
RemoveFontResourceA
GetROP2

shlwapi

SHRegEnumUSValueA
PathQuoteSpacesA

powrprof

ReadProcessorPwrScheme

Exports

Exports

E3ip
RTMKTl3W4Pg
X05j46L38SgwSifSw6HXRE
lFIVRz8zpvkm66
onBAv1UgVBZ92

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 686B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ