0d4297971bea886a301edca478a4db82 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0d4297971bea886a301edca478a4db82
Size

75KB
MD5

0d4297971bea886a301edca478a4db82
SHA1

b99441cb5f09a5a8c1b1a86d38a3455709d21ad4
SHA256

75f0a674ab89f446e305b4dbc09f21f4e3a37f3e66389eb638288c72a345f375
SHA512

54e2b6d7d6245c0fffb26391a0214de3a3c15c74f40cc2bb665d460784a390f570261f7368faa19452c1bcc8b6ed103956ddf0dd77450b51daaacf47e355ced1
SSDEEP

768:cJDDAu45UBjcpmkpd9sOi5a0ELYpTPf7iz/9GDnipERViOPKYCI6KnRrYeHGJFi5:Kcu45UFPaYOCprfskKELiOPfOKeE9P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d4297971bea886a301edca478a4db82

Files

0d4297971bea886a301edca478a4db82
.exe windows:4 windows x86 arch:x86

483ec8343fcef50ce35f0821df9b8ff4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
GetVersionExA
IsBadReadPtr
ResetEvent
FormatMessageA
GetLocalTime
CreateEventA
lstrcpynA
lstrcmpA
FreeResource
GetLastError
RaiseException
SetErrorMode
lstrlenW
DeleteCriticalSection
GetCurrentThread
HeapAlloc
GetCommandLineW
GetCurrentThreadId
lstrlenA
CloseHandle
ExitProcess
VirtualAlloc
VirtualFree
GetCurrentProcess

advapi32

GetLengthSid
RegEnumKeyA
RegDeleteKeyA

gdi32

GetObjectA
GetTextAlign
GetBitmapBits
SetPixel
CreateBrushIndirect
SelectObject
GetBkColor

comctl32

ImageList_Destroy

user32

DrawMenuBar
LoadIconA
CharNextA
LoadCursorA
GetMenu
LoadBitmapA

Exports

Exports

00rvSfzRQ5J
_e0hhABxKcZU@20
_WzaysJHTYL
_4IS5qR

Sections

.text
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ