36b89af67148f09773fabcc02764b280 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

36b89af67148f09773fabcc02764b280
Size

8KB
MD5

36b89af67148f09773fabcc02764b280
SHA1

43e42905fda15a7523b981625da2112d0797ed09
SHA256

45b2241a76ade87bbe287d821733224ae049727e653b865559aa1e315942720c
SHA512

912ecd64e899819bd17aefefb308ad389964de7ad971974f59b4d9a257b5d9ef6de92158c183f98a6c46adc3e6a94fd6803ba69b8a61e66e5b1cb906f019f721
SSDEEP

192:deoDFSXchbSSaX2NTk0FdE27+aQAKn/P66jvYdZFxr7fF97ULsHQ/GEh40:deAhNbNI0n17+aQAAPdjvYr7fHysMGEt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36b89af67148f09773fabcc02764b280

Files

36b89af67148f09773fabcc02764b280
.exe windows:1 windows x86 arch:x86

a38bd27e238c999d3f75ba666442541d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_DrawIndirect
ImageList_GetIconSize
ImageList_SetBkColor
ImageList_Write

shell32

SheFullPathA
StrStrIW
SHFreeNameMappings
StrNCpyA

kernel32

DuplicateConsoleHandle
ConvertThreadToFiber
ConvertDefaultLocale
DeleteCriticalSection

ntdll

NtInitializeRegistry
NtOpenEventPair
NtLockRegistryKey
NtFreeUserPhysicalPages
NtMapUserPhysicalPagesScatter

Sections

.text
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 4B - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 818B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE