d0e890ffaf91efd5128cdfce25f681d0N | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d0e890ffaf91efd5128cdfce25f681d0N
Size

317KB
MD5

d0e890ffaf91efd5128cdfce25f681d0
SHA1

d9c95746d7fa24693a3deb0b38d65b4f240fcbd9
SHA256

49bc195557de742f36e1c0fa437b506cc48a3e4bb8cc2ea7ba48cc94f56f0658
SHA512

2038471c178d97b69fdee1d124e5866e58ae7cd0325b90d2d1fe068c824347ee8af3644aad9ce6dfaaa2be2cf903ddf642691a83acc80556da4d1a64f63c6391
SSDEEP

6144:bHs3eC/4nXA13lwjbjHMGcnr6hDLCF1bzzFD5BrOSMInBOwUsD1N:bHHnX5Hrlcnr6hDLstzzYSMaBOwUsRN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0e890ffaf91efd5128cdfce25f681d0N

Files

d0e890ffaf91efd5128cdfce25f681d0N
.exe windows:4 windows x86 arch:x86

909d4ae977c4e531c9c536ec30a56565

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadResource
DeleteAtom
FreeConsole
GlobalAddAtomA
GetACP
GlobalFree
GlobalUnlock
SetConsolePalette
GetStdHandle
IsBadCodePtr
lstrcpyA
GetLastError
VirtualProtect
CloseHandle
RaiseException
HeapCreate
EnterCriticalSection
WriteProfileStringA
LocalFree
LoadLibraryExA
GlobalAddAtomA

user32

GetWindowTextLengthA
DrawEdge
GetWindowTextA
GetClassNameA
BeginPaint
ValidateRect
GetParent
GetFocus
GetWindow
GetActiveWindow
GetClassInfoExA
EndPaint
ReleaseDC
AlignRects
IsIconic
ShowWindow
GetForegroundWindow
CloseWindow
GetDC

mprapi

MprAdminUserGetInfo
MprAdminUserWrite
MprAdminUserOpen
MprAdminUserRead
MprAdminUserClose

linkinfo

CreateLinkInfoA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ