3a3287953db684e207917a6b79f9ffd9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3a3287953db684e207917a6b79f9ffd9
Size

64KB
MD5

3a3287953db684e207917a6b79f9ffd9
SHA1

9bae3eb279872e8e706f07bc9dacae291e98e99c
SHA256

b0dbdfe780243f4a36be132d3195f867cb2d3a4021ebb4a69be03c37e397b051
SHA512

1ad77d2f5e2f038af92398bb030f2cb18879329f01acecab38234f1781420a271acf7a54a08a5c30f8deaaf4001e29e9904ad2ef517f6311a272bfd078d3f091
SSDEEP

1536:cj83JtoHCmzRiG/2ms3bUGjsVfCeerzaMgVqn1fFnTk2sCU:cj8Ztoi4Rm4GjefcXnzTg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a3287953db684e207917a6b79f9ffd9

Files

3a3287953db684e207917a6b79f9ffd9
.exe windows:4 windows x86 arch:x86

c80f39c8b77287e114ec8b68b36d0043

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindFileNameW
PathMatchSpecW
wnsprintfW
PathFileExistsW
PathCombineW
StrCmpNIA

user32

PeekMessageA
GetWindowThreadProcessId
GetCursorPos
GetClipboardData
CloseDesktop
GetKeyState
CharLowerBuffA
FindWindowExA
GetKeyboardState
SetProcessWindowStation
GetMessageA
GetDlgItemTextA
DispatchMessageA

kernel32

GetFileAttributesA
lstrcpyA
lstrcpynW
Sleep
OpenMutexW
GetFileSize
VirtualProtect
LeaveCriticalSection
GlobalUnlock
GetFileTime
ReleaseMutex
MultiByteToWideChar
HeapAlloc
GetTimeZoneInformation
WaitForSingleObject
CreateThread
CreateFileA
GetUserDefaultUILanguage
CreateEventW
GlobalLock
HeapReAlloc
lstrcatA
VirtualAlloc

advapi32

CryptDestroyHash
CryptReleaseContext
CryptCreateHash
RegEnumKeyExA
CryptGetHashParam
CryptAcquireContextW
RegCloseKey
CryptHashData
RegSetValueExA
RegQueryValueExA
DuplicateTokenEx
RegDeleteValueA

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE