e8ab9d715beee44c8e2d0b8f1295dbc7cb8bb95d4ed21cf141a89aa28e035e16N | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e8ab9d715beee44c8e2d0b8f1295dbc7cb8bb95d4ed21cf141a89aa28e035e16N
Size

138KB
MD5

2a287023cbcf3992954b0856480248d0
SHA1

f548aa0576be8180a740df11c75b96f3c75f1b2a
SHA256

e8ab9d715beee44c8e2d0b8f1295dbc7cb8bb95d4ed21cf141a89aa28e035e16
SHA512

7a7ddd2af0e857e7889fc53e56185d90bfe92bc63b2bef8614542856bb382d764c4ee4b1de29d528bedf820a62658b27e6f39d3ee74141e8383fb21c3617b537
SSDEEP

3072:vXC3O5fxzd62wurbhyUY89BpWgIF1tMvl46xVJ1FMff:vOO700bhyU8X446xVJ1FMff

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e8ab9d715beee44c8e2d0b8f1295dbc7cb8bb95d4ed21cf141a89aa28e035e16N

Files

e8ab9d715beee44c8e2d0b8f1295dbc7cb8bb95d4ed21cf141a89aa28e035e16N
.exe windows:1 windows x86 arch:x86

cbdf6bc6f4550fc94d2d5d51e9b81610

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptBinaryToStringA

kernel32

GetComputerNameA
GetModuleHandleA
GetProcAddress
GetTickCount
LoadLibraryA
VirtualProtect
lstrcmpiA
lstrcpyA
lstrlenA
CreateFileA

user32

CreateWindowExA
DdeCreateStringHandleA
DdeFreeStringHandle
DdeGetData
DdeGetLastError
DdeInitializeA
DrawTextA
LoadIconA
LoadStringA
RegisterClipboardFormatA
SendMessageA
wsprintfA
DdeUninitialize

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA

gdi32

CreateCompatibleDC

ntdll

NtOpenKey
NtQueryValueKey
RtlAllocateHeap
RtlCompareUnicodeString
RtlFreeHeap
RtlFreeUnicodeString
RtlInitUnicodeString

Sections

AUTO
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DGROUP
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ