e9f765ba3c25951e6d6ad8d13133c569862ae77ccaf65de7683c3d40c903cf90 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e9f765ba3c25951e6d6ad8d13133c569862ae77ccaf65de7683c3d40c903cf90
Size

5.1MB
MD5

fbfbadacf7a4c8bc252021dcf719e9b9
SHA1

af855ddd1a0157b9edf432bc81fbfbc44edd97a8
SHA256

e9f765ba3c25951e6d6ad8d13133c569862ae77ccaf65de7683c3d40c903cf90
SHA512

267654f51561cbfe40efba8f370d3b93a337218982ae526611fdef324e7e49f037f76991d8751dad160a88381617a9661245ca2e9ee794fe6dfec6de082f2551
SSDEEP

98304:XsOcGj2RJmXvKp14A7HrCaSMlz+t8WdWfz3dqb8XPM6pZwpydRxJCe4eeMcfr1Wn:cOcdRwXviaAzraSYR6z3Q8zm6xJCeCcn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e9f765ba3c25951e6d6ad8d13133c569862ae77ccaf65de7683c3d40c903cf90

Files

e9f765ba3c25951e6d6ad8d13133c569862ae77ccaf65de7683c3d40c903cf90
.exe windows:6 windows x86 arch:x86

fd9eeeace25d14a32630a51938da6592

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

ReleaseDC

gdi32

CreateCompatibleBitmap

advapi32

SystemFunction036

shell32

SHGetFolderPathA

ole32

CoCreateInstance

ws2_32

shutdown

crypt32

CryptUnprotectData

shlwapi

PathFindExtensionA

gdiplus

GdipSaveImageToFile

setupapi

SetupDiGetClassDevsA

ntdll

RtlUnicodeStringToAnsiString

Sections

.MPRESS1
Size: 5.0MB - Virtual size: 13.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE