3fcf05ce2379c11321fd7f01dd0c7011 | Triage

Sharing

General

Target

3fcf05ce2379c11321fd7f01dd0c7011
Size

636KB
MD5

3fcf05ce2379c11321fd7f01dd0c7011
SHA1

a00604b4cf1140d438ace74bfc8b0b0875a3c628
SHA256

e4cd24d8cdea3cb6286d4fc6a006b05c32e7d10fe3cafb67d178bedff79ce162
SHA512

8659d7c1da497868cb143dda9cb525b399b344e3512edbabca4d831964ffb7ef574dff6bd0ef1ed191fad4f0f1a0c45bb2a2da27fd633fb7ee847d3923ce3247
SSDEEP

12288:zaWbWxrYcOgLAxB7iX/IH2wfR9e3nOLdypJPONcgyvK9aLP1d9//:nCduvxB7ivwjfR96nHpJPJQaLv9/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3fcf05ce2379c11321fd7f01dd0c7011

Files

3fcf05ce2379c11321fd7f01dd0c7011
.exe windows:4 windows x86 arch:x86

3e1cd2c65248e5c0f6c3c8b716a75e7a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
LoadLibraryExA
GetConsoleCP
InterlockedExchange
CompareFileTime
GlobalUnlock
GetVersion
GetModuleHandleA
HeapCreate
WaitForMultipleObjects
GetSystemDefaultLangID
SuspendThread
WaitForSingleObject
lstrlenA
HeapReAlloc
GetAtomNameA
GetCommandLineA
LocalSize
GetConsoleDisplayMode
CloseHandle
GetTickCount

gdi32

CreateFontA
EqualRgn
EngLineTo
BeginPath
DeleteDC
Escape
EndPath
GetMetaRgn
AbortPath
CreateICA
DeleteObject
GetRgnBox
GetTextColor
GetMetaFileA
GetStringBitmapA
CreatePalette
GetFontData
Ellipse
FloodFill

rastapi

DeviceConnect
DeviceDone
PortClose
DeviceListen
AddPorts

dhcpsapi

DhcpAddServer

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ