0b2908dc17323ffd7a842efb355da2f5 | Triage

Sharing

General

Target

0b2908dc17323ffd7a842efb355da2f5
Size

129KB
MD5

0b2908dc17323ffd7a842efb355da2f5
SHA1

0a8b60dcefd7225e3fc652eaaf64d03a383052a6
SHA256

78603cd8f25c858b1abed05857899a341fa4e44df151392914052b5ecdd0a347
SHA512

b902f4534e053aad2d9a9ee9c19453020e577f24dfdf4dc0f9f757af389279f6c8facc37b1fccadf9629a64f2971955811279a3d3bc34871d0f0be6069c6f09d
SSDEEP

3072:tayL+YK4CfgiHspNVNpeuhXN8UFBKgV1x3/ymT:FL+rPIigzeuhXLxPyC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b2908dc17323ffd7a842efb355da2f5

Files

0b2908dc17323ffd7a842efb355da2f5
.exe windows:5 windows x86 arch:x86

9c46d29ff79610a3148ba89961d44f1b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
WriteConsoleOutputA
GetConsoleSelectionInfo
CompareFileTime
EndUpdateResourceA
GetLastError
GetFileTime
QueryInformationJobObject
GetProcessShutdownParameters
GetExitCodeThread
GetFileSize
CommConfigDialogA
ExpandEnvironmentStringsA
DeleteTimerQueueEx
GetFullPathNameA

user32

EnumWindowStationsA
GetRawInputDeviceList
EnumWindowStationsA
GetTabbedTextExtentA
DefDlgProcA
DeregisterShellHookWindow
PostThreadMessageW
GetQueueStatus
PostThreadMessageA
SetWindowLongA
IsDialogMessage
GetParent
GetKeyNameTextA
ReleaseDC
GetDlgCtrlID

Exports

Exports

OpenVicsgkw
Xlbprpk
CreateMjyfupeckr
GetCyejwyjhw
Xvqbwysh
InitKktbhcuxl
CreateEhpqvpwwn
Doeyvrss
EndTxnrlgyebvr
Mcxqmlpojh
Txoxfdvlq
Paapoybna
GetSemxjhxt
Llqaodct
Vsumgihujt
ReadNgbxthl
Crkqvro
InitPohiqjih
Ngowsitus
AddNdllilw

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ