c9dbe3ff23231dfffaf0b15aae95ca463d3b6b82cc27699a078a4bdeb79ad907 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c9dbe3ff23231dfffaf0b15aae95ca463d3b6b82cc27699a078a4bdeb79ad907
Size

1.1MB
MD5

9209ea823a709d491589ec952ef32325
SHA1

b34537585b14de4db2da71dd2f5f57fa9e5917a7
SHA256

c9dbe3ff23231dfffaf0b15aae95ca463d3b6b82cc27699a078a4bdeb79ad907
SHA512

f541575f4f0392e8914d2b3f9cb851e935513fa63de0e800da446602e6d973e5fa67859a1d5159349f3487c5d40a93282555c9c5fb7b7d327cda0d17708c821f
SSDEEP

24576:kNdNe5lk1M9Ae1eNlSqkO41lebE8OFYmFsNIg5uxuR:kNdN0Z2lqv1gbExYmyGg+uR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c9dbe3ff23231dfffaf0b15aae95ca463d3b6b82cc27699a078a4bdeb79ad907

Files

c9dbe3ff23231dfffaf0b15aae95ca463d3b6b82cc27699a078a4bdeb79ad907
.dll windows:5 windows x64 arch:x64

d3599f0e92d7d1da84cc6a0cf4f7067c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

GetDC

gdi32

LineTo

advapi32

FreeSid

shell32

SHChangeNotify

oleaut32

OleLoadPicture

version

VerQueryValueW

setupapi

CM_Get_Parent

shlwapi

StrChrW

Exports

Exports

LoadEnvi
MemoryCompare
MemoryCopy
MemorySet
WndProc1
WndProc1_
WndProc2
WndProc2_
WndProc3
WndProc3_
main
main5
mainB
mainB_
mainW
main_

Sections

.MPRESS1
Size: 1.1MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE