3da34d9f30c44291c040680dee0bbdb6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3da34d9f30c44291c040680dee0bbdb6
Size

382KB
MD5

3da34d9f30c44291c040680dee0bbdb6
SHA1

9bcd896e4d8071f2700a3c22b6589d810e7606e7
SHA256

38e59b4145391a1e074375f42da224e3842632671c2b5dd7a239586219d2f386
SHA512

db7a780608d6b1dbe74e0a4eaf0bd932ea1ccc64c025d054e1ee86155951af7bcc6932af669cab092b258823dff52b4575c7145b3b57e97e18301dc02115a641
SSDEEP

6144:k/2NRM8fI8mJ+ehSemWfSZSzuhgrE9dYCb8xf4I7GVltNyEe6EofQKKfnGIYt3yo:7NRMCI8mJlmWp6hgricAQG3Xxai5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3da34d9f30c44291c040680dee0bbdb6

Files

3da34d9f30c44291c040680dee0bbdb6
.exe windows:4 windows x86 arch:x86

84939c65b4289c6048a74b545571a2a3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResumeThread
WriteFile
VirtualAlloc
LocalFree
GetCommandLineA
lstrlenA
ResetEvent
FindVolumeClose
GlobalSize
GlobalFree
CreateMutexA
GetPrivateProfileIntW
GetACP
InterlockedExchange
CloseHandle
CreateEventA
GetExitCodeProcess
GetModuleHandleW
GetStdHandle
GetEnvironmentVariableW

advapi32

IsTextUnicode
IsValidSid
RegEnumKeyW
ClearEventLogW
RegQueryValueW
ControlService
IsValidSecurityDescriptor
RegCreateKeyExW
RegCloseKey
RegDeleteValueA
CloseEventLog
CreateServiceA
RegDeleteKeyA

asycfilt

DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow

hdwwiz.cpl

InstallNewDevice

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 372KB - Virtual size: 371KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ