3096b0ccf1e0c41827057e9c2134a516 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3096b0ccf1e0c41827057e9c2134a516
Size

1.4MB
MD5

3096b0ccf1e0c41827057e9c2134a516
SHA1

2ef9ebda25aa9c55f545b5976f64d44456fbae32
SHA256

817134f47a4bf2309d52a24b10af6285002a62bed47c6fe28fa306f169041db1
SHA512

c6aa598b857a744207394e5e8f11c951673ebca39a547b2b27e8b594f576ec175f0e6f5ab01a8bf9cc4e68110e3a419cd1d3f39f3753658798b643e3d82b2ed3
SSDEEP

24576:TfQRYG46aPZaVMlzkciEPWzfVhrMHcVu8CggNTgfZdQkZvk9uJYXpiUStxJhCLbt:GfagcinzNOHmu8CRYdtkTijAt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3096b0ccf1e0c41827057e9c2134a516

Files

3096b0ccf1e0c41827057e9c2134a516
.exe windows:5 windows x86 arch:x86

bacd831f00c4835c2c57a1c00c255f7e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

ole32

CoTaskMemRealloc
StringFromGUID2
CoTestCancel

user32

SetRect
GetFocus

msvcrt

wcsncmp
_amsg_exit

kernel32

SetConsoleCP
LoadLibraryA
CompareStringA
GetLastError
GetACP
SetEndOfFile
ExitProcess
VirtualProtect
LockResource
InterlockedCompareExchange
GetCurrentProcess
Sleep
MoveFileA
InterlockedExchange
GetProcessHeap
SetStdHandle
GetTempPathA
GetOEMCP
GetStartupInfoA
FreeEnvironmentStringsA
VirtualQuery
GetModuleHandleA
SetHandleCount
GetCurrentThreadId
GetEnvironmentVariableW
HeapAlloc
UnhandledExceptionFilter

gdi32

GetStockObject

lz32

LZClose

advapi32

CloseServiceHandle
RegOpenKeyExA

Sections

.text
Size: 275KB - Virtual size: 275KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 689KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ