36da64a6409cd377f26e7b90f75b39c6[.]exe | Triage

Sharing

General

Target

36da64a6409cd377f26e7b90f75b39c6.exe
Size

46KB
MD5

36da64a6409cd377f26e7b90f75b39c6
SHA1

32abc318a310cbd12a26f150ffe067c2bb7de4b8
SHA256

5664b10782bf2be8f9a5da5de78b175e1fca29ef8ecad81ed4655ff2ce265ef0
SHA512

a40089bf0ba8b5d45d201e20ad65ed56518e81983a316fe7f41f885263b343c555dd72404e7fc07abda052b3588b8f046c5959c2b3dfa0ab7d81f95f25af607e
SSDEEP

768:J87tomxsdgajRyTM0Ma58X46n44eu8xDo9gEPBCLBmEAhOYmwZejKqbHnax1:ytogaEQPX4s4nDUtCLruZemeHnar

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36da64a6409cd377f26e7b90f75b39c6.exe

Files

36da64a6409cd377f26e7b90f75b39c6.exe
.exe windows:5 windows x86 arch:x86

4a1b94b7410965a885168ee95b92d500

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegDeleteValueA
CryptCreateHash
RegQueryValueExA
DuplicateTokenEx
CryptGetHashParam
CryptReleaseContext

shlwapi

PathRemoveFileSpecW
wvnsprintfW
wvnsprintfA
StrCmpNIA
SHDeleteKeyA
StrStrW
StrCmpNIW
wnsprintfA
wnsprintfW
PathFindFileNameW
PathMatchSpecW
PathCombineW
PathFileExistsW

Sections

.cvwf
Size: 36KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zet
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.foduz
Size: 5KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RCryptor
Size: 219B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ