9e3abe1e978219dd4626dbf41f691a29eff7f0aa995eca5b245fbd9d06fe0ba2 | Triage

Sharing

General

Target

9e3abe1e978219dd4626dbf41f691a29eff7f0aa995eca5b245fbd9d06fe0ba2
Size

68KB
MD5

f894a0a88d75702aa9245b24d888547b
SHA1

8a186759207be99df3ebd8f778d10ad4770c901a
SHA256

9e3abe1e978219dd4626dbf41f691a29eff7f0aa995eca5b245fbd9d06fe0ba2
SHA512

b18764282ee1a9a4219b158bdb983e47379da3532d6eda03de6d264851336cd721a8908b94527b0091f6f5a0ffa6eb1e613ad2207b8172373acbc363fe7df525
SSDEEP

1536:dB8GgPtAELj0OK6QYKKpsTwbRXNRu1q9xzGC1tj:dB8GgP56KcowqyC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
9e3abe1e978219dd4626dbf41f691a29eff7f0aa995eca5b245fbd9d06fe0ba2

Files

9e3abe1e978219dd4626dbf41f691a29eff7f0aa995eca5b245fbd9d06fe0ba2
.exe windows:4 windows x86 arch:x86

11ec931bb8880c04aef9be47c0d96949

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
CloseHandle
CreateProcessW
GetLastError
GetProcAddress
LoadLibraryA
ExitProcess
FindResourceW
LoadResource
SizeofResource
LockResource

wsock32

htons
bind
listen
gethostbyname
accept
WSAStartup
connect
shutdown
closesocket
recv
send
socket

rasapi32

RasSetEntryPropertiesW
RasEnumDevicesW
RasGetEntryDialParamsW
RasDialW

advapi32

CloseServiceHandle
OpenServiceW
CreateServiceW
OpenSCManagerW
StartServiceW

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ