50149ae9338f1b279ade6b7c0d196e78cebaf39af16463ab43148dcd64524efe | Triage

Sharing

General

Target

50149ae9338f1b279ade6b7c0d196e78cebaf39af16463ab43148dcd64524efe
Size

723.8MB
MD5

ba40babd45125190db63df7c47d2f225
SHA1

c4a4b59c924c16bf4aecb60a875bb418f6c4bd66
SHA256

50149ae9338f1b279ade6b7c0d196e78cebaf39af16463ab43148dcd64524efe
SHA512

a52103d34bf3010ee7f363ad3bea2dc1764bdbda4ed951cc947187d1d697c11a071760b44ab34257a0ecb1d64348c60c06af3a755d91d8dff54ba6add6845f95
SSDEEP

98304:dp6Ni2CCmlA2TdkrvHFG8RM2m5sEMznmW57/dRH3MPEFP9m3BGm3xFuQbo9/bgCr:iQN9MvHFFM2bnTmg1RHcPemMaTCr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
50149ae9338f1b279ade6b7c0d196e78cebaf39af16463ab43148dcd64524efe

Files

50149ae9338f1b279ade6b7c0d196e78cebaf39af16463ab43148dcd64524efe
.exe windows:6 windows x86 arch:x86

31a14226d3e64a75d1fc504da54b963c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

CharNextA

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateInstance

wtsapi32

WTSSendMessageW

Sections

.MPRESS1
Size: 5.6MB - Virtual size: 15.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE