5ec1c6b009af0e3630dde14db02348a8b759d344539ffe4726b272650d1930f2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5ec1c6b009af0e3630dde14db02348a8b759d344539ffe4726b272650d1930f2
Size

1.5MB
MD5

78b4aadfec6bf97134c4fca61c8b7fc6
SHA1

00896fc23417d16222bd5209ee317231399d612d
SHA256

5ec1c6b009af0e3630dde14db02348a8b759d344539ffe4726b272650d1930f2
SHA512

4ab1637b7ad6bc5ac3983d3fc8fb730438a7a8e8e1987e110364b9c5957fc9bbb241034c308db250d622a417f8a624484bf62477803281c340ac46de822b449d
SSDEEP

24576:+lMjpGhAUHHXXVQE1ouWiDJ/g3+JltROCQ6vTD0MaTKdpiu/pTp6pkV1SFQlZG0N:KRVN2iDhnlPzQ6/Ba+dpiu/pTp6pkV18

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ec1c6b009af0e3630dde14db02348a8b759d344539ffe4726b272650d1930f2

Files

5ec1c6b009af0e3630dde14db02348a8b759d344539ffe4726b272650d1930f2
.exe windows:5 windows x64 arch:x64

234ecae781a7845c972346b1edefdddc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

shlwapi

StrStrA

user32

GetDC

gdi32

BitBlt

advapi32

FreeSid

shell32

SHChangeNotify

version

VerQueryValueW

setupapi

CM_Get_Parent

Exports

Exports

LoadEnvi
MemoryCompare
MemoryCopy
MemorySet
WndProc1
WndProc1_
WndProc2
WndProc2_
WndProc3
WndProc3_
dllMain_Name
main
main1
main5
mainB
mainB_
mainW
main_

Sections

.MPRESS1
Size: 472KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE