003a75dc998e884260b788c614f89db9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

003a75dc998e884260b788c614f89db9
Size

171KB
MD5

003a75dc998e884260b788c614f89db9
SHA1

02a62e078f71d263f20bebee5624ddf4248d8af6
SHA256

2749e8f424208119fc2624af1937cd4bf62a6a9322bcb0a483127a719354948b
SHA512

99be15fdba5ae8996a3f586cf0bb1beb2f1770e091d6f5eec2e980a115fceacd42e5db8f6e28ddb3182557c8554041c6ebf38a1bbbc89a01b05bc5d0dfdaab8e
SSDEEP

3072:hbmK2ctVJBG0khEgn5Mb4ALa44qF7hOMM:h7e01b4ALajqhOM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
003a75dc998e884260b788c614f89db9

Files

003a75dc998e884260b788c614f89db9
.exe windows:4 windows x86 arch:x86

d68f366a236dd335befb33f0e6c071f8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mciSendCommandW
sndPlaySoundW

shlwapi

PathAddBackslashW

kernel32

GetVersionExW
CreateFileA
AddAtomW
LoadLibraryExW
ExitProcess
GetLastError
TlsAlloc
GetConsoleCP
TlsSetValue
UnmapViewOfFile
InterlockedDecrement
GetTempPathW
InterlockedIncrement
GetProcAddress
CreateFileMappingA
MapViewOfFile
HeapAlloc
WriteConsoleW
EnumResourceNamesA
GetConsoleMode
TlsGetValue
GetEnvironmentVariableW
GetProcessHeap
HeapFree
TlsFree
IsBadStringPtrW
SetLastError
GetModuleHandleW
FlushFileBuffers
GetModuleHandleA
GetVersionExA
CreateFileW
Sleep

setupapi

CM_Get_Depth_Ex
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyA
CM_Get_DevNode_Status

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ