3bbd8107a3c24d71a040d08b80206b70 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3bbd8107a3c24d71a040d08b80206b70
Size

24KB
MD5

3bbd8107a3c24d71a040d08b80206b70
SHA1

2d77a34d10f89cf0f543dc0f32f3dcdec901f3c8
SHA256

f8a4e677983d0188707565dc01676ee258e125ed33523f4b6a158b288a8796a4
SHA512

888199944c6f900fe0d35bcb765a4f0e04ee409e74f34db439aaabe8554c233531ada257265c080e5eb87c28766f227bf61c393736cf8562e483d56c2e5504e6
SSDEEP

384:fnXsFkAxf/b3GLkJrMsJqVXXpct5GN83:PcFjBbWFsJqVHat5GK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3bbd8107a3c24d71a040d08b80206b70

Files

3bbd8107a3c24d71a040d08b80206b70
.dll windows:4 windows x86 arch:x86

d07d8db1a00f70cae3b9e0b360ca4418

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??3@YAXPAX@Z
_adjust_fdiv
malloc
_initterm
free
strchr
atoi
memcpy
strcmp
strstr
fopen
fwrite
fclose
fread
time
memset
??2@YAPAXI@Z
_strlwr
_itoa
_strupr

kernel32

ExitProcess
GetCommandLineA
Sleep
lstrlenA
LoadLibraryA
CopyFileA
GetProcAddress
GetModuleFileNameA
CreateThread
GetTempPathA
lstrcpyA
ReadProcessMemory
lstrcatA
GetCurrentProcessId
GetCurrentProcess
VirtualProtectEx
WriteProcessMemory

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 886B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ