0fedd597991d8a76c808d66e654583f6f2b8658d887b8d546228186895a421be | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0fedd597991d8a76c808d66e654583f6f2b8658d887b8d546228186895a421be
Size

1000KB
MD5

8b2a8139c643f2e2c42932cc47467434
SHA1

67d8b81a868612cb95809ca68eb25f4c725359a8
SHA256

0fedd597991d8a76c808d66e654583f6f2b8658d887b8d546228186895a421be
SHA512

549b58af1754b81854d926e3b72585992029b176dfb4225c6285b9b7324a9b40e13e6caf8a14363712f250c6041c743945be4ea601813852409e15db5ea2264f
SSDEEP

24576:IlMjpGhAUHHXXVQE1ouWiDJtg3+JltROCQ6vTD0MaTqFJ3B5JDsr:gRVN2iDDnlPzQ6/BaALR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0fedd597991d8a76c808d66e654583f6f2b8658d887b8d546228186895a421be

Files

0fedd597991d8a76c808d66e654583f6f2b8658d887b8d546228186895a421be
.exe windows:5 windows x64 arch:x64

234ecae781a7845c972346b1edefdddc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

shlwapi

StrStrA

user32

GetDC

gdi32

BitBlt

advapi32

FreeSid

shell32

SHChangeNotify

version

VerQueryValueW

setupapi

CM_Get_Parent

Exports

Exports

LoadEnvi
MemoryCompare
MemoryCopy
MemorySet
WndProc1
WndProc1_
WndProc2
WndProc2_
WndProc3
WndProc3_
dllMain_Name
main
main1
main5
mainB
mainB_
mainW
main_

Sections

.MPRESS1
Size: 472KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 523KB - Virtual size: 522KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE