b1ccda9f7ba76b222d9387f6ee8cbbd3222af3dc3723a247c6e80cb0a5626676 | Triage

Sharing

General

Target

b1ccda9f7ba76b222d9387f6ee8cbbd3222af3dc3723a247c6e80cb0a5626676
Size

3.2MB
MD5

ecf0a7dfe54de2c55c42b8c8c34f4a3f
SHA1

393d36cd7cf9536ebc8abe26c51553c57eb4e38c
SHA256

b1ccda9f7ba76b222d9387f6ee8cbbd3222af3dc3723a247c6e80cb0a5626676
SHA512

4e51da10f9c75b20776aba885c863d622b4eee8b1c023e909151ed893b1f78812b1aaa1c26c10a3050f8aaccfe148dd9bcc27100e27f9f34eedc5c581573c7db
SSDEEP

49152:3EF4FiPD6m4ivio49aPVYYZJbEU5Jn0KRYElP1Dn9S/FPc63qZ1sRrT:EairJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
b1ccda9f7ba76b222d9387f6ee8cbbd3222af3dc3723a247c6e80cb0a5626676

Files

b1ccda9f7ba76b222d9387f6ee8cbbd3222af3dc3723a247c6e80cb0a5626676
.exe windows:6 windows x64 arch:x64

0158a3636934ffb944ac5d771a8466a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

getenv
strstr
free
_time64
malloc
memcmp
??_U@YAPEAX_K@Z
fwrite
sprintf
system
rand
strtoul
fclose
??2@YAPEAX_K@Z
_wcsicmp
fopen
srand
??_V@YAXPEAX@Z
memcpy

kernel32

LoadLibraryW
MultiByteToWideChar

user32

DrawTextA
OemToCharBuffA
RealGetWindowClassW
PrivateExtractIconsW
OpenIcon
PtInRect
OpenDesktopW
PeekMessageW
PaintDesktop
OemToCharA

gdi32

GetTextMetricsA
SaveDC
SelectObject
RealizePalette
TextOutW
TextOutA
SetBkMode
SetDIBits
DeleteObject
CreateEllipticRgn
CombineRgn

Sections

.text
Size: 518KB - Virtual size: 517KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ