87ba028eeb38b0d4e98f021c9c2d456306237050acd232b9bfaecf50979deb2d | Triage

Sharing

General

Target

87ba028eeb38b0d4e98f021c9c2d456306237050acd232b9bfaecf50979deb2d
Size

3.8MB
MD5

dc00582614832bb3bc6940be5383858f
SHA1

1b3e6eaef63dd480ab86a5c9aef8aca8d70d0029
SHA256

87ba028eeb38b0d4e98f021c9c2d456306237050acd232b9bfaecf50979deb2d
SHA512

6d928601ae2412e074659875352efa2d2b72997d793e1c5d25103a5533629cf63fa050d2b46643c1154091a143a66e75166c3b207193f133bfc0806daab6beea
SSDEEP

98304:p+VStoE1ZwxvEpK4EcIBb/7P1cLxU3L1vKa/tpoBt8NreG7p:cVSNZMvEp5MBn1cLxKL1ilQrd7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87ba028eeb38b0d4e98f021c9c2d456306237050acd232b9bfaecf50979deb2d

Files

87ba028eeb38b0d4e98f021c9c2d456306237050acd232b9bfaecf50979deb2d
.exe windows:6 windows x86 arch:x86

2c948f84df90d09d5ec0ed0cc0486ab7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

RegOpenKeyExA

ole32

CoInitialize

wtsapi32

WTSSendMessageW

user32

GetProcessWindowStation

Sections

.MPRESS1
Size: 3.8MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE