3b60ec0cb5349ac16ab3af47ed975a21 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3b60ec0cb5349ac16ab3af47ed975a21
Size

80KB
MD5

3b60ec0cb5349ac16ab3af47ed975a21
SHA1

6503c34d26262d45e1769f06dd67ad45f25f85aa
SHA256

bdc3c1462aab0ce5cdc67693c1fa14026e56b42c9f48dda6ae017e3d03240853
SHA512

c9b9a20cbd60303da900bd41f2de84b3af7ee04361471a82bf40e7167d8410d4da33a1f044c118d22cc4700dd5e137ad164ef6bd1e29bb0774cb03eda4d4a75a
SSDEEP

768:R1+VGFeTJO0FzYNVuaUEpmjKl2Uk0jBBQARQkeY9cl:b+VGFel3YNtmjKloKBBQARuiS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b60ec0cb5349ac16ab3af47ed975a21

Files

3b60ec0cb5349ac16ab3af47ed975a21
.exe windows:4 windows x86 arch:x86

ee9ca16531db65b23906cd8e7c84259b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetCurrentProcess
GetFileAttributesA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetQueuedCompletionStatus
GetSystemDirectoryA
GetTempPathA
LoadResource
LockFileEx
LockResource
MoveFileExA
FindResourceA
Process32First
Process32Next
RtlZeroMemory
SizeofResource
Sleep
TerminateProcess
VirtualAllocEx
WriteFile
WriteProcessMemory
lstrcatA
lstrcmpiA
lstrcpyA
ExitProcess
DeleteFileA
CreateToolhelp32Snapshot
CreateRemoteThread
CreateFileA
CopyFileA
OpenProcess
CloseHandle

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegRestoreKeyA

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 781B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ