3d256ee2245935f1425d8800054197c0N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3d256ee2245935f1425d8800054197c0N.exe
Size

72KB
MD5

3d256ee2245935f1425d8800054197c0
SHA1

7a7ab331c58848db9847ffadade3cfc5049341f9
SHA256

fec38983c3bb0bc6c0ca0c6ad56bb16b6951ecada8426a58b0eaa4a5ca3a8c54
SHA512

9b22438116a1e2e069b5b34894fe5ddb97fc42a9398e0d1e9438f0df5eb0f7de0c6e44c595e7141692723d6ea82d87ad0a5ea0259011a4ba01163c0d03577a7c
SSDEEP

1536:lBYL8mIvuYwmPt1opqIrYfLqT2VS41Qgfpx:lBk8mIvuEPGb02TaQg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d256ee2245935f1425d8800054197c0N.exe

Files

3d256ee2245935f1425d8800054197c0N.exe
.exe windows:4 windows x86 arch:x86

c825d892ec1994311831ac7bb64ddf1c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
WSAGetLastError
recv
socket
connect
send
closesocket

kernel32

Sleep
LoadLibraryA
GetProcAddress
TerminateThread
lstrlenA
MultiByteToWideChar
ExitProcess

oleaut32

SysAllocStringLen
SysFreeString

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE