ab535e0bbe90ed51b89fbbf333bb1b77c05c5e15df36bbf94bd70520ff624a94 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ab535e0bbe90ed51b89fbbf333bb1b77c05c5e15df36bbf94bd70520ff624a94
Size

4.4MB
MD5

acd982b59745f98519bb2d153fbb3d58
SHA1

d4d3fe56873a8cd9c75d76fb57d5a8bd325edd98
SHA256

ab535e0bbe90ed51b89fbbf333bb1b77c05c5e15df36bbf94bd70520ff624a94
SHA512

a5401b116a276b618c6be8ac337f295893328dbe87b7c1fa9719e0535f1275dba4e7532d08518fed4234ec40d9cfc0a16749e75e36a01a34432d0b439dfe352d
SSDEEP

98304:txA/KyPjXvVC+eABfLYJzFAmjMUoGFiMZzm+phWJi33q1+sk:tW/KojXvQeZLyzFAuMUoGFFZzm+pQoHq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab535e0bbe90ed51b89fbbf333bb1b77c05c5e15df36bbf94bd70520ff624a94

Files

ab535e0bbe90ed51b89fbbf333bb1b77c05c5e15df36bbf94bd70520ff624a94
.exe windows:5 windows x64 arch:x64

c57e4f526395288c8406444b38b1e657

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

shlwapi

StrStrA

user32

GetDC

gdi32

BitBlt

advapi32

FreeSid

shell32

SHChangeNotify

oleaut32

OleLoadPicture

version

VerQueryValueW

setupapi

CM_Get_Parent

Exports

Exports

LoadEnvi
MemoryCompare
MemoryCopy
MemorySet
WndProc1
WndProc1_
WndProc2
WndProc2_
WndProc3
WndProc3_
dllMain_Name
main
main1
main5
mainB
mainB_
mainW
main_

Sections

.MPRESS1
Size: 4.3MB - Virtual size: 12.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE