d8fbb68526394132a8d72ebf9fee635f | Triage

Sharing

General

Target

d8fbb68526394132a8d72ebf9fee635f
Size

147KB
MD5

d8fbb68526394132a8d72ebf9fee635f
SHA1

4fa9de1e5b40dbc2c70ad36cbe73e04995a87313
SHA256

9a5b1d0b07b40ec0cc2df2c47790ae49a6d85c009a57a73f20a4c830cefce2df
SHA512

e72b888c291a7ad71d3933ccc051103ed26e02bc9ea71575e627a940c2264688fa9d72a30fb609a92b7c61794d4c90fc895acca19c4732826f27ab8098cad5cc
SSDEEP

3072:Awe1u7ffuWeMFTFbNwQpm/POBQlIN9STDJTp2ZL0gMarC9bOpCYQmJsY1:Ac7HB5Lb/pWPts9STJp24arC0CYQg1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/003968f5.exe

Files

d8fbb68526394132a8d72ebf9fee635f
.rar
003968f5.exe
.exe windows:4 windows x86 arch:x86

a95855ce0893f0d72d730cace5699b35

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetTextColor
GetBkColor
GetMapMode
GetTextExtentPoint32W
CreateFontIndirectW
CreateSolidBrush
GetStockObject
CreatePatternBrush
DeleteDC

rpcrt4

RpcStringBindingComposeW
RpcStringFreeW
RpcSmDestroyClientContext
RpcBindingFromStringBindingW

shell32

SHGetFolderPathW
DragQueryFileW
DragFinish
CommandLineToArgvW
SHFileOperationW

user32

wvsprintfA

kernel32

GetCurrentDirectoryW
GetSystemTimeAsFileTime
GetProcessHeap
FindFirstVolumeA
GetModuleHandleW
CreateProcessA
GetTempFileNameA
HeapFree
HeapAlloc
LoadLibraryW
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
GetCurrentProcess

oleaut32

LHashValOfNameSys
DispGetIDsOfNames
VarUI4FromDec
SysFreeString

Sections

.text
Size: 85KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ