0a79ccb88ebda0a865ae185bba9e3b9b | Triage

Sharing

General

Target

0a79ccb88ebda0a865ae185bba9e3b9b
Size

25KB
MD5

0a79ccb88ebda0a865ae185bba9e3b9b
SHA1

d0a74d41cdb1fd2dc92f2e6c15b09bd4d441e6d9
SHA256

63a5c575e393c5192eb590cc7084a55b4e550e6d757f11f97b112e1bfffa0773
SHA512

d8eea2df3d1c53b3e3ccf5836492f9e8c86a2e555d25f068474ad1797805f3456c91f1d384ad3a96b45fcd797b8e6147c23ce53a8304919746cf2ab98c44ce9a
SSDEEP

768:KUcn+32UqfY0MdVrGfvg0UHFHMJkKXJ8W93W:gpUP0MGfGHxQ8Wk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a79ccb88ebda0a865ae185bba9e3b9b

Files

0a79ccb88ebda0a865ae185bba9e3b9b
.exe windows:4 windows x86 arch:x86

cc9d2c8e3eda18fcb38b6ebd57e51090

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

shell32

ShellExecuteA

wininet

InternetReadFile

Sections

CODE
Size: 20KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE