3b79ebfdb24af00bdd3d169bc002fbb0_exe32[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3b79ebfdb24af00bdd3d169bc002fbb0_exe32.exe
Size

18KB
MD5

3b79ebfdb24af00bdd3d169bc002fbb0
SHA1

a5898f29420dacc61a4ea7441cb951faffbc83b2
SHA256

0565d8a2dbe4663a32e6a446efcfc71ce0964af8ccc9f273e7abc2504d7db7a2
SHA512

eac8e0408c6448ab6e75e9a6b770bfbf70ef38b535712b2047a956fec62864d2b2fcb4a40e0670eb84d30aa1544a260e564c15aa584eb1301114f195c48b6c31
SSDEEP

192:Letu1blKnQ1HlW77lnLHmy3xcv8zGgAtpB/TCwOwVn17mXOWY2JvX+F:0u1MfDP3WwG1pB/yQWOO/+F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b79ebfdb24af00bdd3d169bc002fbb0_exe32.exe

Files

3b79ebfdb24af00bdd3d169bc002fbb0_exe32.exe
.exe windows:4 windows x86

8b952403cd7980f20cd10a1500bc5902

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

StgOpenStorage
CoInitialize

kernel32

RaiseException
HeapSetInformation
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
InterlockedExchange
Sleep
TerminateProcess

advapi32

CredFree

dhcpcsvc

DhcpDeRegisterParamChange

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ