0fb5a9a0b788650fdb3962d7b779f9b7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0fb5a9a0b788650fdb3962d7b779f9b7
Size

745KB
MD5

0fb5a9a0b788650fdb3962d7b779f9b7
SHA1

b0e7fd76ba92750152fc96baa8178cc40d19b86d
SHA256

44e955aacf06031508a2ae026b9340783574f4c9d444bc6053bd6bd22ff37852
SHA512

911c41734f0a41eb8521da87f56f5c4e4caae5cd356cceea037e3962f4a0f0be4356bb1e26185e60ebc7d8a30130fb94dd67b485ae219107abf8e9d0059c095d
SSDEEP

12288:6Q9RMTKu+rJZj9eaKlLEIBYkJe5vubfGPgOdrbJVHHoSRNCwgUjOuOGd4WkyFk4z:ZRMTA7K5EKdJe5vmjOdrtxISRNrdOuOi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0fb5a9a0b788650fdb3962d7b779f9b7

Files

0fb5a9a0b788650fdb3962d7b779f9b7
.exe windows:4 windows x86 arch:x86

f0e04ee2a71c0d49b0bd05c991cebf02

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetNumberFormatA
CreateEventW
GetCurrentProcessId
InitializeCriticalSection
ReadFile
ResumeThread
LocalFlags
lstrlenW
FindClose
LocalFree
TlsGetValue
LoadLibraryW
GetConsoleAliasA
HeapCreate
GetPrivateProfileStringA
GetCurrentThreadId
SuspendThread
FindAtomA
GetDriveTypeW
GetEnvironmentVariableW

user32

EndDialog
CreateWindowExA
GetKeyboardType
GetSysColor
GetClientRect
GetSysColor
DrawStateW
IsWindow
CallWindowProcW
DrawTextA
SetFocus
DispatchMessageA
GetClassInfoA

srclient

EnableSR
EnableSR
EnableSR
EnableSR
EnableSR

clbcatq

DllGetClassObject

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 735KB - Virtual size: 734KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ