6ae70375de2bfde8cc621b835a58aa56f37ddfb1bb502c3bdc8c8c5bf216cb05 | Triage

Sharing

General

Target

6ae70375de2bfde8cc621b835a58aa56f37ddfb1bb502c3bdc8c8c5bf216cb05
Size

308KB
MD5

15838d10b19ebf00c803a986fadf6589
SHA1

7eeb440be07b8c89b7cd21f84636598ddeb15542
SHA256

6ae70375de2bfde8cc621b835a58aa56f37ddfb1bb502c3bdc8c8c5bf216cb05
SHA512

230f35aa639fb7cb37e1084ff27c28179785a84a82bf07fa5449c7bc766c7271dcd3dbf1fe1bb44dc5bcc423448abf7d6863b568f3999713ddc682dc336def9a
SSDEEP

6144:p/JGVem9KIUchiVlJe4/zCwmGfy5BEjJhxGDZ//FqA9ExpmOpa7:dckmkIUKk8CzOZB4qNncvuOm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6ae70375de2bfde8cc621b835a58aa56f37ddfb1bb502c3bdc8c8c5bf216cb05

Files

6ae70375de2bfde8cc621b835a58aa56f37ddfb1bb502c3bdc8c8c5bf216cb05
.exe windows:8 windows x86 arch:x86

f6afc33bcbe9a42914e56500a4c8cacd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileIntA
GetDiskFreeSpaceW
FindResourceW
GetPrivateProfileSectionA
WaitForSingleObject
ReadFileEx
LoadLibraryA
VirtualAllocEx
InterlockedIncrement
lstrcpyW
GetACP
SetEnvironmentVariableA
InterlockedDecrement
GetDiskFreeSpaceW
GetStringTypeW
GetLongPathNameA
ExitProcess
GetExitCodeProcess
Heap32First
GetModuleHandleW
GetPrivateProfileIntA
lstrcmpA
GetCurrentDirectoryA

apphelp

ApphelpCheckIME
SdbCreateMsiTransformFile
AllowPermLayer
ApphelpCheckExe

shell32

SHFree
ShellMessageBoxA
DragFinish
ShellAboutA
DragQueryFileA
DuplicateIcon
SHGetSettings
SHGetMalloc
ExtractIconA
DragAcceptFiles
StrChrA
DllUnregisterServer
SHGetDiskFreeSpaceA

dbghelp

ImageRvaToVa

Sections

.text
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dbg
Size: 304KB - Virtual size: 308KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE