0ce846d2773d168c9dec9fb2655ef257 | Triage

Sharing

General

Target

0ce846d2773d168c9dec9fb2655ef257
Size

223KB
MD5

0ce846d2773d168c9dec9fb2655ef257
SHA1

06fb90646dae785d8a09fecd9ebe5965469e00b7
SHA256

7de99828f82e6e594f101fe136dca8c17357fbdbf3191d982283ba825411a80c
SHA512

ef822ede90c159ba7935b13e60f7b39681b991fa4eac4b92df2809b2182fc095c6d72d0bff1ee206b73392a21f2babc8d2ec4a96bdc06c47e385fbad643e8f1c
SSDEEP

3072:FOSqJTW96sH+WXWgN/luZtIMvOpzAjRQ1mOLiFNo5uJR1cVZuVj+/h9UhF7LrVqD:Fo63DQIMGpGQQFNQSuVZ0j+/7UbLrQe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ce846d2773d168c9dec9fb2655ef257

Files

0ce846d2773d168c9dec9fb2655ef257
.exe windows:4 windows x86 arch:x86

f0a114ef423cf4261aa5728e4eb7ee65

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
VirtualAlloc
ExitProcess
GetCurrentThread
GetStartupInfoA
GetPriorityClass
GetProcessHeap
CloseHandle
GetCurrentProcessId
GetProcessTimes
GetLastError
Sleep
GetModuleHandleA
GetCurrentProcess
LoadLibraryA
GetCommandLineA
GetTickCount
GetCurrentThreadId
ExitThread
FreeLibrary
GetThreadPriority

user32

GetWindowTextLengthA
OpenIcon
GetSystemMetrics
GetWindow
GetClassLongA
GetWindowLongA
GetFocus
IsWindowVisible
GetDC
GetActiveWindow
GetWindowDC
GetWindowTextA
GetForegroundWindow
UpdateWindow
ShowWindow
CreateWindowExA
RegisterClassA
BeginPaint
ReleaseDC

advapi32

RegCreateKeyExA
IsTextUnicode
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
GetUserNameA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerLanguageNameA
VerQueryValueA

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ