0ac64aa64820eefb41f907a47f2afb79 | Triage

Sharing

General

Target

0ac64aa64820eefb41f907a47f2afb79
Size

36KB
MD5

0ac64aa64820eefb41f907a47f2afb79
SHA1

4d650b1c40cb6d221166de7ee1b3121ca6cde8be
SHA256

08dc7ebf28c6465e3b184d4cd2c0cd7de4a934fe9474e9f86a970cd15fa462c7
SHA512

76af198947e9c15967d96ac3d6d3774c36b0dc1b2da3fe4eefd9157cb04e880bec5c41398dde98bfc2d7b6e05f18e11499be2bef3e3e3805c79892b8d3826d6c
SSDEEP

768:Nfe/a+JGcAVijd5Gn4bUD7iP80aj2dN/lKLU467D:5e/a+ZAV8bGneUaEyNKLU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ac64aa64820eefb41f907a47f2afb79

Files

0ac64aa64820eefb41f907a47f2afb79
.exe windows:4 windows x86 arch:x86

34e4461ddfef46628fc1a5a99d903b42

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

GetUserNameA

msvcrt

_itoa

shell32

ShellExecuteA

user32

ToAscii

wininet

InternetOpenA

ws2_32

recv

Sections

.MPRESS1
Size: 31KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE