649086bc2f8eee8436b1a494927902c9914b6550552b06b65f5085ed73df04a8 | Triage

Sharing

General

Target

649086bc2f8eee8436b1a494927902c9914b6550552b06b65f5085ed73df04a8
Size

3.3MB
MD5

c75744b48db5281244347af175f66e59
SHA1

474107c8df12572e6d83661fad2bc493057f7c00
SHA256

649086bc2f8eee8436b1a494927902c9914b6550552b06b65f5085ed73df04a8
SHA512

42a9d186a069950b22d99aba440b13400495f14ea9df0fdca509c0e38b5f498d5976a026e59123d25450a2f88cc6cc6d1ab71ba191dab401b018f315b018672b
SSDEEP

49152:DZmfVAGdVP/EEtcCisHTPtNiCkq/9A8SryB1WVaZnEz9FEiZ4oYbYbkX3Y9OrMSO:DZAVnrnr5TPtrSrWZ4M7bYcrY38D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
649086bc2f8eee8436b1a494927902c9914b6550552b06b65f5085ed73df04a8

Files

649086bc2f8eee8436b1a494927902c9914b6550552b06b65f5085ed73df04a8
.exe windows:6 windows x64 arch:x64

fd1076cf47b8d093e1c56ba8f7971e46

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

CharNextA

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

CoInitializeEx

oleaut32

VariantClear

Sections

.MPRESS1
Size: 3.1MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE