0c1bab3369d42b0e176746b4d2e50cad | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0c1bab3369d42b0e176746b4d2e50cad
Size

673KB
MD5

0c1bab3369d42b0e176746b4d2e50cad
SHA1

3efea036b0c19a0ab4dee12d532165f33e660056
SHA256

5c9b3f384f7a2f142133c2424ea2102ea3f44ab99c990d2a47f5742d3cb644c6
SHA512

0c5a382911a9ae9f5dd3218cf512ef7093faa75f038dbb76c3f37215f46245da48a71ba2f3424902b1b71e0886f6d37f6faf0412f6ac5d9d0b3a8c4640f989d7
SSDEEP

12288:kAueXkXA/QU4WffZLOhYUGxQ9s458/8CRdpajQplgG31T8wxnU8Ii8CiUBA4H6/k:kS0QYpCfZLQGK9s45u8CFFpeAdLxn1nv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c1bab3369d42b0e176746b4d2e50cad

Files

0c1bab3369d42b0e176746b4d2e50cad
.exe windows:4 windows x86 arch:x86

43d84983dccd48e4c4d7426d4e451fd5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

CreateStreamOnHGlobal

comctl32

ImageList_SetIconSize

wininet

InternetGetConnectedState

wsock32

WSACleanup

Sections

CODE
Size: 649KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE