0b4a015bd8e1b8c7560a3505af591f1e | Triage

Sharing

General

Target

0b4a015bd8e1b8c7560a3505af591f1e
Size

803KB
MD5

0b4a015bd8e1b8c7560a3505af591f1e
SHA1

02404a9eb9310bafd5790b9ab2729c812bcfec2b
SHA256

5e85ea56946017ac7d7b088f0d9fc7650d5e35b1b9cb1ec1b523d253318da51f
SHA512

b4c9936c8b7377ab208e62d8c7023b44871fe46618c458d4e41231cac5c496153d3c1cff4a4ab1430bfaa07d67204d05ab4d0ca760ce25b7a4eaca14bb3b0f71
SSDEEP

24576:gof2W90Ub4GwCQB+9N4SUzUhZRfggufqL:/bHfQB+9N/hZpufy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b4a015bd8e1b8c7560a3505af591f1e

Files

0b4a015bd8e1b8c7560a3505af591f1e
.exe windows:4 windows x86 arch:x86

30cf63f10cf0327a2ccd82a698cacb52

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

HeapDestroy
IsValidLocale
PulseEvent
GetTickCount
GetModuleFileNameA
LeaveCriticalSection
GetVolumePathNameA
InterlockedExchange
DeleteFileW
OpenEventW
GlobalFlags
GetProcessVersion
FindAtomW
CreateFileW
OpenMutexW
VirtualProtectEx
DeleteFileW
GetModuleHandleA
GetFileAttributesA
CreateFileW
GetCurrentThreadId
SetFilePointer
GetDriveTypeW
CreateDirectoryA
SetFileTime

user32

LoadCursorA
GetWindowTextA
DispatchMessageA
PeekMessageA
IsMenu
GetWindowLongA
DestroyIcon
SetRect
MessageBoxA
SetFocus
DestroyMenu
wsprintfA
GetWindowLongA

dpnhpast

DllRegisterServer
DllUnregisterServer
DllGetClassObject
DllCanUnloadNow

advapi32

IsValidAcl

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 793KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE