3766646d032ae30b154c3d91be1c6e1e[.]exe | Triage

Sharing

General

Target

3766646d032ae30b154c3d91be1c6e1e.exe
Size

288KB
MD5

3766646d032ae30b154c3d91be1c6e1e
SHA1

b85b7f996b9a4400254db8e42ef5f1e578a20896
SHA256

4af7dd47164faa6fb7c4e979026fd4badf5330f68c1ee65df0d74532ff060cd7
SHA512

244e2c789ae99db462ada5b258fb8e1e83a91cb7a77eb9df0124c4ef72fc98662dbd5ef24a0ee52dc4bec6020547b01676795bf07f35a77a193316ae2892c13f
SSDEEP

3072:p6QlU5T0+vk+wYDgN3XwmbvV4Ynnbe9rhNifQMpnIjZ9jAPUn4CbwKL0Fo3dgqT1:pXEwZSZeKZVA6BNL0F1h31eMgIfY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
3766646d032ae30b154c3d91be1c6e1e.exe

Files

3766646d032ae30b154c3d91be1c6e1e.exe
.dll regsvr32 windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

DllRegisterServer
DllUnregisterServer
NevtAmdfxsoZubqmdnz
QotlcerqxcgFjxvwybou
ResumeServer
StartServer
StartW
StopServer
SuspendServer

Sections

.text
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ