033810b36c9f01677a5e450044ee9325 | Triage

Sharing

General

Target

033810b36c9f01677a5e450044ee9325
Size

406KB
MD5

033810b36c9f01677a5e450044ee9325
SHA1

afc88f4cead9e5a10a472a2491b9d92ad6b2205f
SHA256

bdc5a1cf991cf18ad72ddd7ce05ad26b9bc5563e8ee80ec3ba9e644db6fe53bf
SHA512

3817b376b9df63604aa754ccff3739fc87d94b5ceb469f9df407ed1f08bae33d1719b68b81b1c2cfd4a1db4318f88a0cfdb858f6145f22996c9f85615f5aaf84
SSDEEP

12288:zWewL/wxCQcO4Q9etbdaeGWZYKqqKysqMBi29:zW8w24QybdSUJqq2Bz9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
033810b36c9f01677a5e450044ee9325

Files

033810b36c9f01677a5e450044ee9325
.dll windows:4 windows x86 arch:x86

2d76c2ec22019bc9db3d36c3d8597332

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemTimeAsFileTime
GetProcessHeap
GetCurrentProcessId

msvcrt

wcslen
wcstoul
wcscat
wcscpy

netshell

NcFreeNetconProperties

advapi32

RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

samlib

SamAddMemberToAlias

ntdll

NtAllocateVirtualMemory

ole32

CoUninitialize
CoInitializeEx
StringFromGUID2
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ