3bf65fb5377e215e027f8e3fa21e59c2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3bf65fb5377e215e027f8e3fa21e59c2
Size

75KB
MD5

3bf65fb5377e215e027f8e3fa21e59c2
SHA1

975ca425d7ecf9eba758989ca2f9ad5caf8dc618
SHA256

5c58a6583619c7ab35048069aa215cdc522b5e35ec76081148c8f474c6ad432a
SHA512

28d89ff1f9c3c60eed33964b374a8c602f4ab4b12dbedba529893349d29c2258f1b0134bb6a44e84c73b2110adb1d16652c577be17108b4f414ba68097c45ca9
SSDEEP

1536:TYcD/Q5CSYu/t7SxxnPwK187ktjjXisOdht3H:TYw/gjF7S3r87uZOdht3H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3bf65fb5377e215e027f8e3fa21e59c2

Files

3bf65fb5377e215e027f8e3fa21e59c2
.exe windows:4 windows x86 arch:x86

75a75e13a364dc0077303736e58e2840

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeConsole
SearchPathA
GetCommandLineA
SetLastError
GetComputerNameA
CreateMutexA
GetLastError
TlsGetValue
SetEvent
FindClose
CreateSemaphoreA
OpenMutexA
GetModuleHandleA
DeleteCriticalSection
GetTickCount
CloseHandle
ReleaseMutex
VirtualProtect
Sleep
GetVersionExW

advapi32

LsaFreeMemory
CloseEventLog
IsValidSid
RegCreateKeyExA
RegEnumKeyExA
RegCloseKey
GetFileSecurityA
FreeSid
IsTextUnicode
LsaClose
OpenEventLogA
RegLoadKeyA
LsaSetSecret
CloseTrace
RegCloseKey

loghours

LogonScheduleDialog
DirSyncScheduleDialog
DialinHoursDialog
DialinHoursDialogEx
DirSyncScheduleDialogEx

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ