3eb4a91e2a224c1f75ba4833c094f0dd | Triage

Sharing

General

Target

3eb4a91e2a224c1f75ba4833c094f0dd
Size

22KB
MD5

3eb4a91e2a224c1f75ba4833c094f0dd
SHA1

c8fe3212560d15df2fd4da72705f3ef189c66c95
SHA256

e7129912c789b09a16085365e7dbd93fb420f8658be25bf419de64e57a137f4a
SHA512

910aadb8690d58a7f554ab74783ccd8a33674dd718abf7c80e38683ac8c2cbb6a2289777f2059b6813e71f1e7ff4da2c531b39f0d539ea0da0321da46195f281
SSDEEP

384:M91HIEZR1zZ6M/o/R7hhTOZK0B3Z/Tve9vY279LbeRG/6k1kZ:MPoEf36M/o/R7TObdEPnnik6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3eb4a91e2a224c1f75ba4833c094f0dd

Files

3eb4a91e2a224c1f75ba4833c094f0dd
.exe windows:4 windows x86 arch:x86

a0ba783a9427e9e22887aed22278cf2e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SizeofResource
FindResourceA
GetModuleHandleA
lstrlenA
lstrcmpiA
ResumeThread
SetThreadContext
FlushInstructionCache
WriteProcessMemory
VirtualProtectEx
GetThreadContext
GetModuleFileNameA
DuplicateHandle
GetLastError
GetCurrentProcess
RemoveDirectoryA
ExitProcess
Sleep
DeleteFileA
WaitForSingleObject
CreateProcessA
WinExec
SetFileAttributesA
LoadResource
GetSystemDirectoryA
GlobalAlloc
GlobalFree
FreeLibrary
OpenProcess
GetProcAddress
LoadLibraryA
TerminateProcess
GetVersionExA
OutputDebugStringA
LockResource
CreateFileA
WriteFile
CloseHandle
lstrcpyA
FreeResource

user32

FindWindowA
wsprintfA
wvsprintfA

advapi32

RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey

psapi

EnumProcessModules
GetModuleFileNameExA

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ