f39af57919d6119847e6ecd6a9495fd0b0996a95b0bdf1d2440b6d6f296b1d18[.]exe | Triage

Sharing

General

Target

f39af57919d6119847e6ecd6a9495fd0b0996a95b0bdf1d2440b6d6f296b1d18.exe
Size

4.0MB
MD5

5fe48966c2f11e09fd518e77118d6b1e
SHA1

71ac5d567f1485454b0a3b04cece2d40cf8c0fa0
SHA256

f39af57919d6119847e6ecd6a9495fd0b0996a95b0bdf1d2440b6d6f296b1d18
SHA512

392f086ce8eebaa66896a81b3795543f57086142d880f426b97240d106f8e4501222fb0725038750d70ce8d0e810d82c1048f2f761212b13cdbc632d4a7b4575
SSDEEP

98304:R+++MEQcFUcyrwHeeLn/I9QJo+W9NKdj5tskdoNr+OqWl:sMN9MeeLn/hJoZNKLtskdoNr+Za

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f39af57919d6119847e6ecd6a9495fd0b0996a95b0bdf1d2440b6d6f296b1d18.exe

Files

f39af57919d6119847e6ecd6a9495fd0b0996a95b0bdf1d2440b6d6f296b1d18.exe
.exe windows:6 windows x86 arch:x86

2f93cd80e5dfeca07d7e8b0f35545fb5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

wsprintfA

gdi32

CreateCompatibleBitmap

advapi32

RegQueryValueExA

shell32

ShellExecuteA

ole32

CoInitialize

ws2_32

WSAStartup

crypt32

CryptUnprotectData

shlwapi

PathFindExtensionA

gdiplus

GdipGetImageEncoders

setupapi

SetupDiEnumDeviceInfo

ntdll

RtlUnicodeStringToAnsiString

rstrtmgr

RmStartSession

Exports

Exports

Start

Sections

.MPRESS1
Size: 3.9MB - Virtual size: 10.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE