WWW14[1][.]bmp | Triage

Sharing

General

Target

WWW14[1].bmp
Size

5.6MB
MD5

3ae876e56ca9a650b3a9a3f3f66748e2
SHA1

73fcc337713a4cc0e7f9c32b6f7d282b827f16ef
SHA256

44ee2445a8afa4123bd2edb2bcbe258f8c344f73fda88d03097e22a7928d313d
SHA512

7f4e3dc2f34f87b689beffd81f17d020fcddc5da7359189d49b21101c094a05a73b689b045b524d87f764069bf9708a1447ca7a2101874116836167d03457cfb
SSDEEP

98304:P1h3ucOg+2rajZV1rrcl8SgvUImkTtR+To4eboVEdZlgCyPBJeWLZktIDyWM+hdl:NEc9vraVRc8sU/+E4r+dcC+BQW1kqDyS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
WWW14[1].bmp

Files

WWW14[1].bmp
.exe windows:6 windows x86 arch:x86

31a14226d3e64a75d1fc504da54b963c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

CharNextA

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateInstance

wtsapi32

WTSSendMessageW

Sections

.MPRESS1
Size: 5.3MB - Virtual size: 13.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE