e84586aeca34b2bc1b952a3cec67a20552d362be9479b010abdca9196d387061 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e84586aeca34b2bc1b952a3cec67a20552d362be9479b010abdca9196d387061
Size

1.2MB
MD5

1f302beb2a470de36b2a18d42cd1c80e
SHA1

9351561fc06b536296304469e6a358176743f837
SHA256

e84586aeca34b2bc1b952a3cec67a20552d362be9479b010abdca9196d387061
SHA512

9915fee9e28c8616533bba9d1866a9d1b50fe1f28f616e4b9ad324d01c46f35ab776d4c05271a4b1981bfc2b80d8672c334c844ab8347c2a0f53c8afeab767c7
SSDEEP

24576:mNdNe5lk1M9Ae1eNlSqkOIN+JltROC66vTD0Mqwdp2v8lTsNbZ:mNdN0Z2lqR8lPz66/Bqwdp2vY8bZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e84586aeca34b2bc1b952a3cec67a20552d362be9479b010abdca9196d387061

Files

e84586aeca34b2bc1b952a3cec67a20552d362be9479b010abdca9196d387061
.dll windows:5 windows x64 arch:x64

d3599f0e92d7d1da84cc6a0cf4f7067c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

GetDC

gdi32

LineTo

advapi32

FreeSid

shell32

SHChangeNotify

oleaut32

OleLoadPicture

version

VerQueryValueW

setupapi

CM_Get_Parent

shlwapi

StrChrW

Exports

Exports

LoadEnvi
MemoryCompare
MemoryCopy
MemorySet
WndProc1
WndProc1_
WndProc2
WndProc2_
WndProc3
WndProc3_
main
main5
mainB
mainB_
mainW
main_

Sections

.MPRESS1
Size: 521KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 686KB - Virtual size: 685KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE