3da76b370dbad12a0d7a1aff610073bdb8c6f935419faf24501f78eea4ec7cce | Triage

Sharing

General

Target

3da76b370dbad12a0d7a1aff610073bdb8c6f935419faf24501f78eea4ec7cce
Size

3.6MB
MD5

2ff2c81fc478de88e3919d052ec6c9c3
SHA1

79200046ae3effff79cf0dc9f36fe11713f51b17
SHA256

3da76b370dbad12a0d7a1aff610073bdb8c6f935419faf24501f78eea4ec7cce
SHA512

9f3352ebec1e55fa0095f20008049178cade1a8f509e445f88457e343f50941d529eb159e1ab9e063a2e192b9127da1240c4c31dce895ab3723fdbbda882403e
SSDEEP

49152:n+xnMQ4/DSpXMLILnnXFjPJd8uLyFVEFZ4VS5pliaKsHs5bEkzszSjPYCG:n+xn9IDSHnn1jxdJL9lt5Hs5bEQ3HG

Score

3^/10

Malware Config

Signatures

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
sample	embeds_openssl

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3da76b370dbad12a0d7a1aff610073bdb8c6f935419faf24501f78eea4ec7cce

Files

3da76b370dbad12a0d7a1aff610073bdb8c6f935419faf24501f78eea4ec7cce
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 771KB - Virtual size: 770KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27.2MB - Virtual size: 27.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ