ade6e1fc6cd398a60e1fc3f7393c43d236fffb1781906b328643d7ae9e5dd52e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ade6e1fc6cd398a60e1fc3f7393c43d236fffb1781906b328643d7ae9e5dd52e
Size

1.4MB
MD5

fa04a5a158a4e3c075996e81ee2fb173
SHA1

b146f00ab6dad12f6229af1ecff0b0e5809d9be2
SHA256

ade6e1fc6cd398a60e1fc3f7393c43d236fffb1781906b328643d7ae9e5dd52e
SHA512

dd0c743626e5e4d8964064e74d1408b25bbd36f77c3f9bccbfc04250397b5aa07b8dc49a46b082c90ad7f38dd01487d1235fcff8ede1e8ad837466cc1ae7dd63
SSDEEP

24576:WgGvdDAcsF8roeuLx4JWw0KAlFy82OZtPTIr6nK2SL3PP2CQQjK:cyiolLxkb07zpkr6XSzPV7j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ade6e1fc6cd398a60e1fc3f7393c43d236fffb1781906b328643d7ae9e5dd52e

Files

ade6e1fc6cd398a60e1fc3f7393c43d236fffb1781906b328643d7ae9e5dd52e
.exe windows:5 windows x64 arch:x64

c57e4f526395288c8406444b38b1e657

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

shlwapi

StrStrA

user32

GetDC

gdi32

BitBlt

advapi32

FreeSid

shell32

SHChangeNotify

oleaut32

OleLoadPicture

version

VerQueryValueW

setupapi

CM_Get_Parent

Exports

Exports

LoadEnvi
MemoryCompare
MemoryCopy
MemorySet
WndProc1
WndProc1_
WndProc2
WndProc2_
WndProc3
WndProc3_
dllMain_Name
main
main1
main5
mainB
mainB_
mainW
main_

Sections

.MPRESS1
Size: 504KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 964KB - Virtual size: 964KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE