c6e2fbe0778cc31f0b8dac15019006d2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c6e2fbe0778cc31f0b8dac15019006d2
Size

188KB
MD5

c6e2fbe0778cc31f0b8dac15019006d2
SHA1

de3c0aed7efaf824c14083f275b659bfa3d91721
SHA256

1e77d81b83f7a75de03e2edbde97ad13f77c8dd5a1072da25aead537fd79b47f
SHA512

7056a236dde28860de1fd4a0d6acf55c899b01c3a3717d73ec9d07a9571dcefeb00f08897ba27ce2fed91be8f01300041a8deb40c9709293564a88e4f10d0dd5
SSDEEP

3072:9YaPqZ6OWosS4z/y3r8i3UJZtOxnvqPS5dibdfvB3S3sOHPY63FsbX0vqKAX4zN4:9jPqEjOH3q6z+dh3qs8Pj1sbEy7k6a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c6e2fbe0778cc31f0b8dac15019006d2

Files

c6e2fbe0778cc31f0b8dac15019006d2
.exe windows:4 windows x86 arch:x86

97fb619677c73acc9e7dfbe33157d41c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

shell32

ShellExecuteA
Shell_NotifyIconA

shlwapi

StrRetToBSTR
PathIsRelativeW
PathFindExtensionW
PathAppendW
StrCmpIW
PathCombineW

oleacc

CreateStdAccessibleObject

kernel32

GetWindowsDirectoryA
GlobalFindAtomA
FlushInstructionCache
VirtualQuery
InitializeCriticalSection
CreateThread
LeaveCriticalSection
Sleep
GetDiskFreeSpaceA
SetLastError
EnterCriticalSection
QueryPerformanceCounter
InterlockedExchange
EnumResourceLanguagesW
GetModuleHandleA
GetLocaleInfoA
GetSystemDirectoryA
CloseHandle
ResetEvent
SetEvent
CreateEventA
GetPrivateProfileStructW
GetVersion
GetComputerNameA
DeleteCriticalSection
CreateSemaphoreA
CompareStringA

Sections

.text
Size: 94KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ