36754c17de5c603ffb1050a9ab0fad68b73f35d620cae038c00ead2a92ea0997 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

36754c17de5c603ffb1050a9ab0fad68b73f35d620cae038c00ead2a92ea0997
Size

649KB
MD5

de5fdea1407c91cb5588e8a6215eb407
SHA1

8fcae865a803fb1a9156bc744fc7dfa08a3d45a5
SHA256

36754c17de5c603ffb1050a9ab0fad68b73f35d620cae038c00ead2a92ea0997
SHA512

1279e38a5063b901ad83a0ee000529ec502ab6c034a0d91e76e6da4bafcad615ce702755a93d0cc1b7742c5d642e57a054b41db7ccdebc8191d42e53a25a99ad
SSDEEP

12288:MfmFUNwsN+ze8CyMLuvcfQvNvAeQ6jWIEWqxxxxxxxxxxxxxxxxxxCxxxxxxxxxR:Mfs8wlzekX1Q6jWXWqxxxxxxxxxxxxxM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36754c17de5c603ffb1050a9ab0fad68b73f35d620cae038c00ead2a92ea0997

Files

36754c17de5c603ffb1050a9ab0fad68b73f35d620cae038c00ead2a92ea0997
.exe windows x86

91c2141c1015cc522bfdbb122dbb0cc7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcp140

?_Xbad_alloc@std@@YAXXZ

vcruntime140

memset

api-ms-win-crt-runtime-l1-1-0

exit

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.MPRESS1
Size: 281KB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 363KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE