eef534082ad7fb438a6de4de571ec810N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

eef534082ad7fb438a6de4de571ec810N.exe
Size

3.2MB
MD5

eef534082ad7fb438a6de4de571ec810
SHA1

33958d89af0c18fab2cb52c3e33b9b3826d22d12
SHA256

3ae641598afc9ca1b87e34288420c5c8594668a191c2a96bba13a6c1a2879329
SHA512

c7cad7dcce9e19ae1670baa510f33e1aea693274400ce2bf6cb5bcff14442acb5c5a10a73b71de0452fb9d3a441bd00e5e6958517d1f26d243e11ac7cbca514f
SSDEEP

49152:YJyLbszNOGRyv0sL2oYekXhloEOy2eHa4qnhUfWp6Dc9vYh5m2dmed/MH/JVZLFD:TspOGU7Ll2P205f0iO+fMBnYgL4IH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eef534082ad7fb438a6de4de571ec810N.exe

Files

eef534082ad7fb438a6de4de571ec810N.exe
.exe windows:6 windows x64 arch:x64

af24d87e3047017d7c795dcfbe25a09c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

winmm

PlaySoundW

winspool.drv

ClosePrinter

comdlg32

FindTextW

comctl32

ImageList_Add

shell32

ShellExecuteW

user32

GetDC

version

VerQueryValueW

oleaut32

VariantInit

netapi32

NetWkstaGetInfo

wtsapi32

WTSRegisterSessionNotification

advapi32

RegLoadKeyW

ole32

IsEqualGUID

api-ms-win-crt-string-l1-1-0

memset

gdi32

Pie

Exports

Exports

__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.MPRESS1
Size: 3.0MB - Virtual size: 9.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE