37ac6b5501be6111e8d11088710cf3bc89f485a8057418229a1eab9f15e7aa80N | Triage

Sharing

Copy URL Twitter E-mail

General

Target

37ac6b5501be6111e8d11088710cf3bc89f485a8057418229a1eab9f15e7aa80N
Size

64KB
MD5

1f1486207a2346b456b8b492f3c37fe0
SHA1

662862da2424a50996117f575b9f554469e662e0
SHA256

37ac6b5501be6111e8d11088710cf3bc89f485a8057418229a1eab9f15e7aa80
SHA512

449dda25aeb2a2377b86a6f4f84bf33178351334e41eee1930c8c693a219b548a170246d03cbf48be452860f6fe628ac1431027dd932570d927a66bddcadd34e
SSDEEP

1536:sGlvMRpynnnnNLy50Zu0f3+rAairR33333333:PlvMKnnnnNLM0ZuAuEaQ33333333

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37ac6b5501be6111e8d11088710cf3bc89f485a8057418229a1eab9f15e7aa80N

Files

37ac6b5501be6111e8d11088710cf3bc89f485a8057418229a1eab9f15e7aa80N
.exe windows:5 windows x86 arch:x86

7cf5c992375ebab2a3235959a61deda8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
GetDiskFreeSpaceA
Sleep
GetLongPathNameW
WaitForMultipleObjects
GetPrivateProfileIntW
lstrcmpA
GetPrivateProfileIntW
CreateDirectoryA
GetModuleHandleA
GetDiskFreeSpaceA
HeapCreate
SetEnvironmentVariableW
InterlockedExchange
FindResourceW
lstrcmpiA
GetFileAttributesA
GetPrivateProfileSectionA
Sleep
Sleep
GetExitCodeProcess
LoadLibraryExW
SetFilePointer

catsrv

DllCanUnloadNow
OpenComponentLibraryTS
GetCatalogCRMClerk
CreateComponentLibraryTS

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 58KB - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE