3946bdfcc0dc2dabdcca4a345d05b365 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3946bdfcc0dc2dabdcca4a345d05b365
Size

59KB
MD5

3946bdfcc0dc2dabdcca4a345d05b365
SHA1

0b67b0d3d91ef6718d562e6860c013a6e5da2c9f
SHA256

7b9927176e0d19d275c6a28c5e8fa711313b70cb6897ccb48b86bd49c87f7bb6
SHA512

aeeed02e2925ef1388fde9599488c3385d0265bc38bf8539712c170b1c79086175afac0c05242e4a58b02f0a7064b62c7f56cfabe60ad73d991939bec36a12ae
SSDEEP

1536:HEC3/qG601h+CiJqP0DPYq4lgV3G5JJVg:pyCkTFDQ15Ng

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3946bdfcc0dc2dabdcca4a345d05b365

Files

3946bdfcc0dc2dabdcca4a345d05b365
.exe windows:4 windows x86 arch:x86

2cb7838e78a7d8e2dd812be06e2c94ff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WinExec
FindFirstFileA
GlobalFree
DeviceIoControl
GlobalAlloc
Sleep
DeleteFileA
GetTempFileNameA
GetTempPathA
CreateProcessA
FindNextFileA
GetTickCount
GetProcAddress
GetModuleHandleA
GetLastError
GetModuleFileNameA
GetSystemDirectoryA
GetFileAttributesExA
CreateFileA
SetFileTime
GetVersionExA
CloseHandle
FindClose

advapi32

OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
OpenSCManagerA
DeleteService

msvcrt

_snprintf
??3@YAXPAX@Z
_stricmp
srand
rand
strrchr
fclose
fwrite
fopen
strlen
_strlwr
strncat
memset
__CxxFrameHandler
time
sprintf
strcat
memmove
memcpy
strcpy

shlwapi

SHSetValueA
SHGetValueA

rpcrt4

UuidToStringA
UuidCreate
RpcStringFreeA

setupapi

SetupIterateCabinetA

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.CRT
Size: 16B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ