3096da9478400ad6f7cc994fca1bdf1e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3096da9478400ad6f7cc994fca1bdf1e
Size

24KB
MD5

3096da9478400ad6f7cc994fca1bdf1e
SHA1

2ee461ddbf09f2a3c0b283085bae9f88030ea072
SHA256

6d1b5c0bb0d1d16df9ec956e13f0cd9861851d11c6545e737bc21ac2332ae28e
SHA512

d60be1373cb21bd345934899726d6899f56574da98abb75ee60ce2473f5594cefdb734f5cbabd0ef25598750a2beada8a8a109a5cf14871e32b70ede909b14c5
SSDEEP

384:9MdkDjruX3MWJDRrwmn04lvGEsEbTxPQaShaFLSpphSuLDG3d3Yzx6Fp:9R3qNDRrdlvRTxPQab8vSuLD5zxsp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3096da9478400ad6f7cc994fca1bdf1e

Files

3096da9478400ad6f7cc994fca1bdf1e
.exe windows:4 windows x86 arch:x86

690bfab8e14f75d9b996a8e13c14e2a4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

IsValidURL
CreateAsyncBindCtx
DllCanUnloadNow
IsAsyncMoniker
ZonesReInit
IsValidURL
URLDownloadW

wsock32

htons
sethostname
WSAStartup
ioctlsocket
bind
htonl
SetServiceA
gethostbyaddr
listen

user32

CloseDesktop
DrawStateA
FlashWindow

Sections

.text
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE