c3240d2595a0681ffb6e5367d2ef25bf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c3240d2595a0681ffb6e5367d2ef25bf
Size

6KB
MD5

c3240d2595a0681ffb6e5367d2ef25bf
SHA1

a1a9f9759d62d6d5941c327e763ea51993642ec6
SHA256

9aece766cbbaa909dd015fe2378a3a3966f4be7ad95061f1a9b84512f5f4c2a2
SHA512

a25f998067396b74662bde038a562dd67284ca196c634f54e7facd1081621bbaeb7eccf6fb4147959bec347931771c053a17ebf1febf2178ee9b560b54d75bd1
SSDEEP

96:rVOCy0owchwvOorhTgSw/OatC+rDuQIeIXmtu8:DhvzrhTgSw/O4rDVVgmtu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c3240d2595a0681ffb6e5367d2ef25bf

Files

c3240d2595a0681ffb6e5367d2ef25bf
.exe windows:4 windows x86 arch:x86

e42a57dab0fdc480847fb12a9ae37fe7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CloseServiceHandle
CreateServiceA
DeleteService
GetUserNameA
OpenSCManagerA
OpenServiceA
RegOpenKeyA
RegQueryValueA
RegSetValueExA
StartServiceA

wininet

InternetGetConnectedState

ws2_32

inet_addr
send
connect
closesocket
WSAStartup
socket
gethostbyname
recv

kernel32

lstrlenA
lstrcmpiA
lstrcatA
_lopen
WriteProcessMemory
WriteFile
WinExec
VirtualAllocEx
VirtualAlloc
UnmapViewOfFile
TerminateProcess
CloseHandle
CopyFileA
CreateFileA
CreateFileMappingA
CreatePipe
CreateProcessA
CreateThread
DisconnectNamedPipe
ExitProcess
ExitThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetShortPathNameA
GetSystemDirectoryA
GetThreadContext
GetWindowsDirectoryA
LoadLibraryA
MapViewOfFile
PeekNamedPipe
ReadFile
ResumeThread
RtlZeroMemory
SetCurrentDirectoryA
SetThreadContext
Sleep

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE