3b22f509c663fe2dbe97e5e747547606 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3b22f509c663fe2dbe97e5e747547606
Size

24KB
MD5

3b22f509c663fe2dbe97e5e747547606
SHA1

b079fbc3fbe73ec7e4008942c19ed747340eb6ac
SHA256

8ee410b90bbd734a5cc1f4493c0f389c154222271e57d2fc5479d0458b49150f
SHA512

90c777c0134d03e33a1a40381122059c48e42f6fc840566255f42388667dfb4f5bbe9c0cd03d64ea27c7ff4d4a4a5a085b5d7022c39c94c6ebdaeefc8c6bc47b
SSDEEP

192:0nKDoR3Lp3rxMjqMG2Ddd2IAhjYuPHY68PfmN0RcLoxwqrFUQCe/PPtZoTRA6:Q3Lp32mMp2Kmb4RZr9Ce/NZolA6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b22f509c663fe2dbe97e5e747547606

Files

3b22f509c663fe2dbe97e5e747547606
.exe windows:4 windows x86 arch:x86

fd29e4f90408dc8e9ef597226ecd16b2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
OpenEventA
SetEvent
Sleep
lstrcatA
DeleteFileA
lstrcpyA
GetCurrentProcess
GetModuleHandleW
GetProcAddress
CloseHandle
PulseEvent
SetFileAttributesA
ExitProcess
GetModuleHandleA
GetCommandLineA
WriteFile
OpenProcess
HeapFree
HeapAlloc
GetProcessHeap
CreateFileA
GetFileAttributesA
GetTempPathA
CompareStringA
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateProcess
RtlUnwind
InterlockedExchange
VirtualQuery
VirtualAlloc
HeapReAlloc

user32

CharToOemA
MessageBoxA
ExitWindowsEx
wsprintfA
IsWindow

advapi32

RegDeleteValueA
RegSetValueExA
OpenProcessToken
LookupPrivilegeValueA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyA
RegCloseKey
RegDeleteKeyA

shell32

ShellExecuteA

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE