a790827f9e4e98fe918e2df31e8526b7c9fada1ba558d591a358dbda0afc49db | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a790827f9e4e98fe918e2df31e8526b7c9fada1ba558d591a358dbda0afc49db
Size

4.2MB
MD5

189c1c9e3551ea301393ca9881197ae7
SHA1

b183fed98da9c30d8a77f769525e3343454c5e6f
SHA256

a790827f9e4e98fe918e2df31e8526b7c9fada1ba558d591a358dbda0afc49db
SHA512

d1295a5ecdf0f051cf862ea628f0b7db0bcc5613aadce0bfc1b334a1e09958226956a1db5e0e1e5efd6a9057e4c7f5babb30bb2d7a10129c0aaa1896c601c459
SSDEEP

98304:q2vWMRY/JWe/Fv6zWDDbO9wDLJe9FduyQVOAYjKAUKz9IAuC:q2vWMRY/b/FCkCKD1e9bkVJAZBIAn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a790827f9e4e98fe918e2df31e8526b7c9fada1ba558d591a358dbda0afc49db

Files

a790827f9e4e98fe918e2df31e8526b7c9fada1ba558d591a358dbda0afc49db
.exe windows:6 windows x86 arch:x86

2f93cd80e5dfeca07d7e8b0f35545fb5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

wsprintfA

gdi32

CreateCompatibleBitmap

advapi32

RegQueryValueExA

shell32

ShellExecuteA

ole32

CoInitialize

ws2_32

WSAStartup

crypt32

CryptUnprotectData

shlwapi

PathFindExtensionA

gdiplus

GdipGetImageEncoders

setupapi

SetupDiEnumDeviceInfo

ntdll

RtlUnicodeStringToAnsiString

rstrtmgr

RmStartSession

Exports

Exports

Start

Sections

.MPRESS1
Size: 4.0MB - Virtual size: 10.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE