6e2d3cba3c6b8c1671296060de226c5fc7cfcfcb813c49fad6d5d1ef6ab7d798N | Triage

Sharing

General

Target

6e2d3cba3c6b8c1671296060de226c5fc7cfcfcb813c49fad6d5d1ef6ab7d798N
Size

241KB
MD5

f28d491518efc6c4cb9b47721fda78f0
SHA1

aaf604a5dff684e72dd45b4c9dd2d56dccda1114
SHA256

6e2d3cba3c6b8c1671296060de226c5fc7cfcfcb813c49fad6d5d1ef6ab7d798
SHA512

785d47b940e4211f81f4392d839f287bb5b0118ddd5ff09c855b62f7b6b05dbdb0643edc43658522bfbf5885547d87b8707e6d440f716b68993590b28d755b1f
SSDEEP

6144:ZbQcUMbOf2fMQULZ/JXgHzJr2EiEBCJR4D:FqMbGBZLqFiKCJRk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6e2d3cba3c6b8c1671296060de226c5fc7cfcfcb813c49fad6d5d1ef6ab7d798N

Files

6e2d3cba3c6b8c1671296060de226c5fc7cfcfcb813c49fad6d5d1ef6ab7d798N
.exe windows:4 windows x86 arch:x86

d25d64268dfc4847981d3d83560bc28a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
TlsFree
GetStdHandle
LocalAlloc
GlobalFree
LocalHandle
GetOEMCP
CompareStringA
VirtualAlloc
GetPriorityClass
CreateThread
TlsGetValue
OpenSemaphoreA
GetUserDefaultLangID
LoadResource
GlobalLock
GetVolumeInformationA
GlobalFindAtomA
GlobalFlags
GetProcessHeap
ReleaseMutex

user32

EndPaint
GetForegroundWindow
GetActiveWindow
GetParent
ReleaseDC
GetClassNameA
GetDC
DrawEdge
ValidateRect
GetWindow
GetClassInfoExA
ShowWindow
BeginPaint
IsIconic
RegisterClassA
CloseWindow
GetFocus
GetWindowTextA
GetWindowTextLengthA

shell32

SHGetMalloc
SHGetFileInfoA
SHGetFolderPathA
SHChangeNotify
SHBrowseForFolderA

userenv

GetGPOListA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ