35A1[.]tmp[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

35A1.tmp.exe
Size

333KB
MD5

f4faa72add58accd4b689de19c7d617c
SHA1

1cd621b4f4c42cdf4509db3a4924b966485a2d0a
SHA256

797dea29d48f3e88c51142317926bd4026464906c950282f5de2256a52cd54aa
SHA512

674dafe949caffa78614ed614450d374eb8a25efbf289142a0c521d777fd5ab7c0699f4aa4045b4a9a095ff6657428c46f57845dc6ba18e6956edc2e8d1e12c1
SSDEEP

6144:H08sAv4SkVsimYTdry+V0iO78WvdJvB3hP4hFuVXA9riwwNmeiYmhjdAp3LQ1slp:n55Cznd0iOw0JZRg3u5A0wumeiY02pyQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35A1.tmp.exe

Files

35A1.tmp.exe
.exe windows x86

37366700dd7a367e4c9fd0ceaeed80f4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

wsock32

WSACleanup

winmm

mixerOpen

version

VerQueryValueW

comctl32

ImageList_Create

psapi

GetModuleBaseNameW

user32

GetDC

gdi32

BitBlt

comdlg32

GetSaveFileNameW

advapi32

RegCloseKey

shell32

DragFinish

ole32

CoGetObject

oleaut32

SafeArrayGetLBound

Sections

.MPRESS1
Size: 306KB - Virtual size: 848KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE