3e1bf5c06b121d84dba86251458f5f13 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3e1bf5c06b121d84dba86251458f5f13
Size

7KB
MD5

3e1bf5c06b121d84dba86251458f5f13
SHA1

9162d39b964960bc015cd97d515a913b760bbd81
SHA256

6e1c0fa0e6800caf1410257245e00746459dad9ff02b5d9182b784a536906a2d
SHA512

9739d011bcc5559bc948e85ef7833ec88c9783f93e8acfc9eff2bd6a12f10390b44a12ba0c442e60460d68e72919f1e4e906acc35b4240753d08044b5ab82e2e
SSDEEP

192:zZqzWqRltfMouE6PHkPy2SliHlyDm9Whl4Yhw:9qzWqRl9BuEFPPoiHlyDm9KKYhw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CC7DF9911B2737023AF155C624F66E19.EXE

Files

3e1bf5c06b121d84dba86251458f5f13
.rar
CC7DF9911B2737023AF155C624F66E19.EXE
.exe windows:1 windows x86 arch:x86

9ca2c7229b7d3b9d5e0de18cb57f3f1a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

CopyBindInfo
GetComponentIDFromCLSSPEC
IsJITInProgress
IsLoggingEnabledA
IsLoggingEnabledA

wsock32

WEP
WSAAsyncGetProtoByNumber
WSAAsyncSelect
WSAAsyncSelect

advapi32

AbortSystemShutdownA
AddAccessDeniedAce
BackupEventLogA
BuildExplicitAccessWithNameA
BackupEventLogA
BuildExplicitAccessWithNameA

comctl32

LBItemFromPt
MakeDragList
MenuHelp
PropertySheet
ImageList_LoadImage
RemoveWindowSubclass
ShowHideMenuCtl

Sections

.text
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE