3f401058dd97bb0e3f996fc4857ab64f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3f401058dd97bb0e3f996fc4857ab64f
Size

214KB
MD5

3f401058dd97bb0e3f996fc4857ab64f
SHA1

f43df99990a9fc4ac8f261828168ca23c30db11d
SHA256

9ce2b6690969af8f89a597a45fbf31bf4c8183f9c6451f94decd5ad2c0dfd7b8
SHA512

f4f9c4829728b309dd357ac7cc7c66871f04c27997d34a9aa7a34d6c0d0acf90d19e1bbd7cf73e79247209cd1718ee02fc2379da9a9501becefc54f0e7e6cf6e
SSDEEP

6144:RRGTC9b2jfyRVtPux0V4EEGTBvzzpS3DlfG:eOJPQx0ouRklG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f401058dd97bb0e3f996fc4857ab64f

Files

3f401058dd97bb0e3f996fc4857ab64f
.exe windows:5 windows x86 arch:x86

fbfbbab5b821897f94d8675adb5783f5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ulib

??0PROGRAM@@IAE@XZ
?ValidateVersion@PROGRAM@@UBEXKK@Z
?Initialize@WSTRING@@QAEEPBDK@Z
?DisplayMessage@PROGRAM@@UBEEKW4MESSAGE_TYPE@@@Z
?IsValueSet@ARGUMENT@@QAEEXZ
?DisplayMessage@PROGRAM@@UBAEKW4MESSAGE_TYPE@@PADZZ
?Compare@OBJECT@@UBEJPBV1@@Z

ntdll

wcsncmp
NtQueryValueKey
NtQueryVirtualMemory
RtlExpandEnvironmentStrings_U
NtOpenProcessToken
NtSetInformationFile
RtlEnumerateGenericTableWithoutSplaying
RtlNormalizeProcessParams
wcslen
DbgBreakPoint
NtClose

msvcrt

time
_controlfp
_iob
_strnicmp
__wgetmainargs
??2@YAPAXI@Z
strncmp
??3@YAXPAX@Z
__getmainargs
rand

kernel32

GetThreadLocale
InterlockedDecrement
ResetEvent
GetCurrentThread
SetEvent
InterlockedIncrement
LocalAlloc
InterlockedExchange
GetConsoleOutputCP
EnterCriticalSection
lstrcpyA
LeaveCriticalSection
LoadLibraryW
GlobalFree
GetStartupInfoW

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE