4e93e231a8414c142de58992a79d60b5c4625a1421903e52647b091f421782b8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4e93e231a8414c142de58992a79d60b5c4625a1421903e52647b091f421782b8
Size

3.3MB
MD5

2cd1c0c32272ec4d63f1c4d47528d8f5
SHA1

76ff3a803b1a7f133c23621e77e9befebacde140
SHA256

4e93e231a8414c142de58992a79d60b5c4625a1421903e52647b091f421782b8
SHA512

63460c1822a4431ff1941868d49c078c5493b7875f9f112dcda7dd1a4deb07435249e13605d2622e750c9e21b5e4820b2405a1023efcd5a7587fab7cea7dd116
SSDEEP

49152:7S4le0H+8RtHhu77Jx04Q1kq54w2W8X8grM0pk6ZnyEtYE7S0EfJt2:7g0/49xckq5I8ZKxzm5x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4e93e231a8414c142de58992a79d60b5c4625a1421903e52647b091f421782b8

Files

4e93e231a8414c142de58992a79d60b5c4625a1421903e52647b091f421782b8
.exe windows:6 windows x64 arch:x64

dde04a4a91a59ef24083f245b804ae7b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

GetCursorPos

advapi32

RegCloseKey

shell32

SHGetFolderPathA

ole32

CoCreateInstance

oleaut32

VariantClear

Sections

.MPRESS1
Size: 3.1MB - Virtual size: 11.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE