341b07eb40729414ef277d00b0489e1f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

341b07eb40729414ef277d00b0489e1f
Size

731KB
MD5

341b07eb40729414ef277d00b0489e1f
SHA1

e5d6a999eba2464d67a1ad79e2902c0314fcebcb
SHA256

b948d135d8d0a03a366fc5f481a58fd9326cc2cc6fdfb2431278d2e9dfae8114
SHA512

61ff4954d5c692863442bc5c7a075ea602818c9fe3501f999adb79d1aa4764d838d22ea06534dd801515cbc409e076c37384886d663d71a772007788f88c0082
SSDEEP

12288:AIPEFk0DOPDXb7aZR9JvYmDW7oTMeMNMZvakCChgteQQeD69a/NvmmtTU7kHfX30:AI8pDGDyZvNna7oTMnNMZ35lQ+aVrT7H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
341b07eb40729414ef277d00b0489e1f

Files

341b07eb40729414ef277d00b0489e1f
.exe windows:4 windows x86 arch:x86

bfa676c589e33b0a4556a8d3843092bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler3

kernel32

WaitForSingleObject
CreateThread
lstrcatA
lstrcmpA
lstrcpyA
GetModuleFileNameA
GetProcAddress
LoadLibraryA
GetModuleHandleA
IsDebuggerPresent
ExitProcess
CloseHandle
WriteFile
CreateFileA
lstrcmpiA
HeapFree
HeapAlloc
GetEnvironmentVariableA
GetStartupInfoA
GetCommandLineA
GetProcessHeap
lstrlenA
GetCurrentProcess

advapi32

AllocateAndInitializeSid
FreeSid
CheckTokenMembership

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 886B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 717KB - Virtual size: 717KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ