3a6221ab1ef58a4499aec69733248baa | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3a6221ab1ef58a4499aec69733248baa
Size

10KB
MD5

3a6221ab1ef58a4499aec69733248baa
SHA1

c2d06efbf5ab3cacc4f64319dd55efb1b3e7595d
SHA256

bdc0e45c2acf5377327ffe52b3aa40648d2b619ad30d44deb77839191c4f2eab
SHA512

fefd2d4f1e18282de79c0b055f3d9ccbf7a6d0935caebf8150367effa4def9bd0d771c49d96353fbd37e78a04a0379d066fb6be3207950df38b80ba21dfe91be
SSDEEP

192:pDyORw9fD469qkW+kcxccamQywkGnPvWb8swHJv2jf59HcHk2L7Kan7y3xhM:pDygw9fD4NOkcxccafyOn+ZY8jf598Ep

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a6221ab1ef58a4499aec69733248baa

Files

3a6221ab1ef58a4499aec69733248baa
.exe windows:4 windows x86 arch:x86

76024567a9a1131187312667cae9788a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryA
GetModuleFileNameA
GetLastError
CreateMutexA
lstrlenA
Sleep
CreateThread
lstrcmpA
SetCurrentDirectoryA
CreateProcessA
ExpandEnvironmentStringsA
CloseHandle
WriteFile
CreateFileA
GetTempPathA
CopyFileA
ExitProcess
SetFileAttributesA
GetModuleHandleA
GetTickCount

user32

TranslateMessage
GetMessageA
ShowWindow
CreateWindowExA
wsprintfA
DefWindowProcA
MoveWindow
SetTimer
LoadIconA
RegisterClassExA
LoadCursorA
DispatchMessageA

advapi32

RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

shell32

ShellExecuteA

msvcrt

memcpy
sprintf
srand
rand
strtok
strncpy
atoi
strstr
strcpy
memset
strcat

wininet

InternetGetConnectedState
InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA

ws2_32

WSACleanup
WSAStartup
connect
gethostbyname
inet_addr
htons
WSAAsyncSelect
setsockopt
socket
recv
closesocket
send
sendto
htonl

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE