c2666b3e350640e33eaad35ab143b64d2908c29eac4e3d2db8f77bff89bec9c3 | Triage

Sharing

General

Target

c2666b3e350640e33eaad35ab143b64d2908c29eac4e3d2db8f77bff89bec9c3
Size

1.4MB
MD5

3e8e9e38bac5a473dbd5ebbd5fc68b40
SHA1

3328bea0011882036de082c28c19cfd791f2b61a
SHA256

c2666b3e350640e33eaad35ab143b64d2908c29eac4e3d2db8f77bff89bec9c3
SHA512

7235f8b527fed0969635b7bc418c56988fb55db8f9e110959e048bf1deccc5db505bcc6ad55973a3c0f92a6f8a97021155bb1f6809c2ab86774e9e129f0300e2
SSDEEP

12288:n0DudXezE09Si/ckGHt6pshsPSGkYl2XIQCb+Lk1TWbPXQnAN5L:0gXe4i7ojhsP5Lgrk1TWb4AN5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c2666b3e350640e33eaad35ab143b64d2908c29eac4e3d2db8f77bff89bec9c3

Files

c2666b3e350640e33eaad35ab143b64d2908c29eac4e3d2db8f77bff89bec9c3
.exe windows:6 windows x64 arch:x64

9a66e65f22017f3d7b9d3b2daf36e546

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Rainmeter4\x64-Release\Obj\Application\Rainmeter.pdb

Imports

kernel32

FindResourceW
GetLastError
GetProcAddress
ExitProcess
SetErrorMode
LoadLibraryW
lstrcatW
SetCurrentDirectoryW
GetCommandLineW

user32

wsprintfW
MessageBoxW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteW

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 702B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE