ff3991c113db90f20fc4339a358b3209 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ff3991c113db90f20fc4339a358b3209
Size

810KB
MD5

ff3991c113db90f20fc4339a358b3209
SHA1

e95f66a1d5e0c6b60bcd8e54fd0651c507111041
SHA256

7b931b5ee2f33a0ca19a3b2ebeb53ec98a7f66f13ee32cdfc64487c5b4fe15d8
SHA512

f251702b963b14c6ae3a821c01f2999c53264846ac6a4266ba5eb50aff479f257fbb0a5271d78610371bbec5965d28fc3d9314b7bee718532690d137ece96378
SSDEEP

12288:btKsUx1HhuRgsoavrE8efzFoqqapH2eb69aRsI5ET8WdKjAB8XuoAetiXJeKp7f:IIgsA8KJpDWLSuX0jAqXk4iX1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff3991c113db90f20fc4339a358b3209

Files

ff3991c113db90f20fc4339a358b3209
.exe windows:4 windows x86 arch:x86

db3cc049907a3836b1873a4e5743f39f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

_wcsnicmp
rand
_initterm
iswspace
_wcsupr
_jn
_beginthreadex
_errno
_unlock
__dllonexit
_lock
_onexit
swscanf
memset
_vsnprintf
_CxxThrowException
towlower
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
toupper
iswctype
wcsrchr
memcpy

kernel32

GetProcessHeaps
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
TlsAlloc
TlsGetValue
TlsFree
TlsSetValue
HeapCreate
HeapSize
HeapValidate
HeapReAlloc
HeapDestroy
SwitchToThread
DeleteTimerQueueTimer
TryEnterCriticalSection
InitializeCriticalSection
LocalFileTimeToFileTime
SystemTimeToFileTime
CompareFileTime

gdiplus

GdipGetImageThumbnail
GdipCloneImage
GdipDrawImageRectI

Sections

.text
Size: 543KB - Virtual size: 543KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ