c1781a621abfe7144eb61612ebff1ac48a9d2a2834224cca2c05a09fed442207 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c1781a621abfe7144eb61612ebff1ac48a9d2a2834224cca2c05a09fed442207
Size

340KB
MD5

1d832c104c1df6bfae50de2ad0d79bf1
SHA1

8c308daef10fb8ae1d1ba0d3dd328ae416489d7a
SHA256

c1781a621abfe7144eb61612ebff1ac48a9d2a2834224cca2c05a09fed442207
SHA512

046c4efd0053189b981544f1b5129022587a0b14162fbf711b6d66cdb0fbb33ce8e7e06025efb90b3ebd7348806a520446e631b8c2e05ab148909450b920431d
SSDEEP

6144:b/qE9d70WIH9wFHf+MQYVA5TDT44zuQOIFlUMazNWHT7+z:uGIWiiHWnesT/483Ociy0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1781a621abfe7144eb61612ebff1ac48a9d2a2834224cca2c05a09fed442207

Files

c1781a621abfe7144eb61612ebff1ac48a9d2a2834224cca2c05a09fed442207
.exe windows:5 windows x86 arch:x86

aac73941c87ad61412ca8ad4d2283df3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

DestroyMenu

advapi32

RegQueryValueExW

shell32

ShellExecuteW

ws2_32

gethostbyaddr

iphlpapi

GetAdaptersInfo

oleacc

LresultFromObject

gdi32

DeleteDC

winspool.drv

OpenPrinterW

oleaut32

VariantClear

Sections

.text
Size: 295KB - Virtual size: 504KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE