389b3676fe362e4a6ca84b41c6160ed3 | Triage

Sharing

General

Target

389b3676fe362e4a6ca84b41c6160ed3
Size

806KB
MD5

389b3676fe362e4a6ca84b41c6160ed3
SHA1

8d10ab51643feabcb84eeb3b879826784ce28e97
SHA256

58c9019199db7381696fda94b6d02a0940f7159be195388466746eb9e08427cc
SHA512

84ea0002dfcf3e35af14a2377dd6649fa8f2bc8969eb5d1c05033183744991b8a293fdcc0c2823f83fdefc6b625b4cc9a0d86a2449a7d2a5d2a90624aa705365
SSDEEP

12288:eMHLQHY6/X1S1w9S9Xtf4sbrZh7LfmuN5FEVOzCUjVHMpbSqFZuf1Om4RcgbcNzX:fs1n89LbrPf5FEhUBIhFLm/gbctX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
389b3676fe362e4a6ca84b41c6160ed3

Files

389b3676fe362e4a6ca84b41c6160ed3
.exe windows:4 windows x86 arch:x86

d57ce9cee8f99f9676f765a6cab3da3d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentVariableA
GetMailslotInfo
CreateThread
LocalSize
VirtualAlloc
lstrlenA
GetDriveTypeW
FreeConsole
GetModuleHandleW
GlobalFree
GetPrivateProfileIntW
FindVolumeClose
ResumeThread
ResetEvent
WriteFile
CloseHandle
GetExitCodeProcess
LocalFree
InterlockedExchange
GetACP

user32

IsWindow
GetClientRect
SetFocus
GetCursorInfo
CreateWindowExA
DispatchMessageA
GetKeyboardType
GetSysColor
EndDialog
GetClassInfoA
CallWindowProcW
DrawStateW
GetSysColor

qedit

DllUnregisterServer
DllUnregisterServer
DllGetClassObject
DllUnregisterServer
DllUnregisterServer

sysdm.cpl

NoExecuteAddFileOptOutList

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 797KB - Virtual size: 796KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ