6e18fac94e4277b4e1b7c7e84e88c1d4e626f4c48393ce316915316a4078f96d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6e18fac94e4277b4e1b7c7e84e88c1d4e626f4c48393ce316915316a4078f96d
Size

205KB
MD5

3107668fb6cfe5b3294cbf8343502df2
SHA1

0b72bf122e77c2999af5aa6a7c5ec8de67bca3f9
SHA256

6e18fac94e4277b4e1b7c7e84e88c1d4e626f4c48393ce316915316a4078f96d
SHA512

a22c4cfb7eabef2b293e5e3d8e5fd34656de5cc486eff77d88055acfcf1235cee2358f10ca8817c3b86bcfb262719859e509a907649c36b1877d07da133cddb3
SSDEEP

6144:CyCrMignV3/I6ts1qbDA5+GeorehVdJXpX:lMYsA/A59eoqlJZX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6e18fac94e4277b4e1b7c7e84e88c1d4e626f4c48393ce316915316a4078f96d

Files

6e18fac94e4277b4e1b7c7e84e88c1d4e626f4c48393ce316915316a4078f96d
.exe windows:4 windows x86 arch:x86

491750d8ad02c742b70cebff62cbf489

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

UnhookWindowsHookEx

gdi32

StartDocA

advapi32

RegDeleteKeyA

shell32

SHGetMalloc

comctl32

ImageList_DragShowNolock

winspool.drv

ClosePrinter

comdlg32

GetSaveFileNameA

oleaut32

VariantClear

Sections

.text
Size: 190KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE