3[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

3.exe
Size

1.3MB
MD5

246d6d7a9ec9d72555e737c55bee2333
SHA1

ad251cad0f2e8e9ae9cff307fc5bf2159ef4618a
SHA256

6b8e69734ce8e917a44ee51a7b8dd8623544e52a5f9477e69da4b6f3c39080a8
SHA512

92261275ad39992c28cd7a81f31bda7d937c3ee6289946eac5d17d907ab15cd5704b73d0374f9db2d0d55d4babb41f494823eace9072da31984ed7c0bae2f858
SSDEEP

24576:JAmoJC+sowTSMPC877DdBVR1jMz3lRP5WfrBy8i1RiV:9y3MPl77DdBVAjArB/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3.exe

Files

3.exe
.exe windows:5 windows x86 arch:x86

4f6a3ca9174e990c3542e07181632aea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\projects\funny\publish\xkfucker.pdb

Imports

kernel32

GetVersionExA
ReadFile
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

LoadBitmapA

gdi32

GetViewportExtEx

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA

advapi32

RegCreateKeyExA

shell32

ShellExecuteA

comctl32

InitCommonControlsEx

shlwapi

PathStripToRootA

oledlg

ord8

ole32

OleInitialize

oleaut32

SysFreeString

psapi

GetModuleFileNameExA

crypt32

CertFreeCertificateContext

ntdll

ZwClose

ws2_32

ioctlsocket

wininet

InternetSetStatusCallback

Sections

.text
Size: - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data30
Size: - Virtual size: 827KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data31
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f6a3ca9174e990c3542e07181632aea

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

psapi

crypt32

ntdll

ws2_32

wininet

Sections

.text Size: - Virtual size: 284KB

.rdata Size: - Virtual size: 74KB

.data Size: - Virtual size: 31KB

.data30 Size: - Virtual size: 827KB

.data31 Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 512B - Virtual size: 200B

.rsrc Size: 226KB - Virtual size: 226KB

.text
Size: - Virtual size: 284KB

.rdata
Size: - Virtual size: 74KB

.data
Size: - Virtual size: 31KB

.data30
Size: - Virtual size: 827KB

.data31
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 512B - Virtual size: 200B

.rsrc
Size: 226KB - Virtual size: 226KB