0c867b15ee440207e2dd9aedfbeb54a3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0c867b15ee440207e2dd9aedfbeb54a3
Size

10KB
MD5

0c867b15ee440207e2dd9aedfbeb54a3
SHA1

ff3ae6678074e1676ad5b12ef30fb26548310a1d
SHA256

71f3378fdeb4488770daac0f0e26df7241eda9ed92e22a744d35e0bad8ba3908
SHA512

dfd09fc0e905b82bad41d7d86f24192f0a3c8e3367ce999b3a2e4b0a5c54ecf0a88c3884228a224b58d861fe50315207fb6737015a8130f55e83c1424d05cabb
SSDEEP

192:F4WFDD0IT5qrmRQTWLwCH9Nf5OyU91K/ZZLQJQMSBrMSg:eWp0e5WmRQcJB+9qnMJQMSBrt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c867b15ee440207e2dd9aedfbeb54a3

Files

0c867b15ee440207e2dd9aedfbeb54a3
.exe windows:4 windows x86 arch:x86

9add77c7b69e561d295658d70f5913ef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA
CharLowerA

kernel32

ExitProcess
GetModuleFileNameA
GetTempPathA
GetThreadContext
GetTickCount
GlobalAlloc
GlobalFree
ResumeThread
RtlUnwind
SetThreadContext
Sleep
DeleteFileA
WaitForSingleObject
WriteFile
lstrcatA
lstrcpyA
lstrlenA
SetProcessAffinityMask
HeapAlloc
HeapFree
GetProcessHeap
CreateProcessA
GetVersionExA
GetComputerNameW
VirtualFree
DeviceIoControl
LocalFree
CreateFileA
CopyFileA
CloseHandle
TerminateProcess
VirtualAlloc

ntdll

ZwMapViewOfSection
ZwUnmapViewOfSection
ZwClose
ZwOpenSection
ZwQuerySystemInformation
ZwSystemDebugControl
_snwprintf
strstr
strrchr
strcmp
strcat
memcpy
memset
strlen
wcscat

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
SetSecurityInfo
GetUserNameA
SetEntriesInAclA
GetSecurityInfo

shell32

ShellExecuteA
SHGetFolderPathA

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 562KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE