b7fee5e406f3722287f8c6594d16ee17 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b7fee5e406f3722287f8c6594d16ee17
Size

716KB
MD5

b7fee5e406f3722287f8c6594d16ee17
SHA1

93edf09802b34a8cde6c661447053a70c54bd39c
SHA256

e2991da24e1c7bfa679acc2672b23fee1236df8993bdc8536174bc66609b9a99
SHA512

1288556bfd6c4382645cfb845597bbce0fa04225bffd571bf1f17f412a0d287f27d1cd7f8eedaf086cba1e492ca8222da433bb1194ee7e4027a2e4700a7b1e0c
SSDEEP

12288:dea+MbZQknFU0GLzhAli0g6+TNm6ovS+UCOjuILrAoVJAtOYr/P8Te+OkJmR9W1X:dUknF2n+AH6H/UCOj3r/ItpbPqe+9Jms

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7fee5e406f3722287f8c6594d16ee17

Files

b7fee5e406f3722287f8c6594d16ee17
.exe windows:4 windows x86 arch:x86

0b73ca4f2c46591ac56245137b667e54

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
GetTickCount
SetEvent
CloseHandle
WaitForSingleObject
LoadLibraryW
CompareFileTime
InterlockedExchange
TlsFree
HeapWalk
VirtualProtect
GlobalUnlock
HeapReAlloc
FindAtomA
lstrlenA
GetAtomNameA
GetVersion
GetConsoleCP
GetProfileIntA
ResetEvent
GetModuleHandleA

user32

GetDlgItem
MessageBoxA
GetWindowTextA
PostQuitMessage
DestroyMenu
GetMenu
DialogBoxParamA
InsertMenuA
SetSysColors
EqualRect
GetParent
UpdateWindow
GetKeyboardLayout
GetWindowLongA
InflateRect
ShowWindow
CopyRect
GetMenuStringA
ModifyMenuA
DispatchMessageA
PostMessageA
SetPropA
TranslateMessage
SetWindowPos
GetScrollRange
LoadIconA
GetSubMenu
EnableScrollBar
ScrollDC

userenv

FreeGPOListA
GetProfileType
LoadUserProfileA
GetGPOListA
RefreshPolicy

apphelp

ApphelpCheckExe

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ