d6333c90effbae12400daf181da4e249 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d6333c90effbae12400daf181da4e249
Size

96KB
MD5

d6333c90effbae12400daf181da4e249
SHA1

989e179e63abf7a1a59164ba24e7b08c11f5d24f
SHA256

d69ce6a003b7f365325c804f7aa88d1b671048863833b2f1d24958171791402d
SHA512

dc298fe6eeb97764826a92153f86631dc96ac92813e7cd16018433ff43168f892a3d2a08a2adb5e295688593eb410a831321e1befd58f8123cd02c4ef34be13c
SSDEEP

1536:fc3gPjHVBLlfnV6+Eqo+cZSBatMTYd/7rvxpQn6Ey9mL2/WY+gCa:LHbxfntEaBatwYd/7jxpY6XcC+Y+gC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6333c90effbae12400daf181da4e249

Files

d6333c90effbae12400daf181da4e249
.exe windows:5 windows x86 arch:x86

475a3f49e12d98b3edec04fc7839e6c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFiberEx
VirtualAlloc
LoadLibraryA
GetEnvironmentVariableA
AttachConsole
EnumResourceTypesW
CreateNamedPipeA
GetProcAddress

gdi32

SetGraphicsMode
ExtFloodFill
GetMetaRgn
GetCurrentPositionEx
StrokePath

advapi32

LsaFreeMemory

Exports

Exports

bhgbvguocq
fmutydyfgd
uyprtsvhobnckrs

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 687B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ