0d623bce1856f20ed0feebffc982d661 | Triage

Sharing

General

Target

0d623bce1856f20ed0feebffc982d661
Size

803KB
MD5

0d623bce1856f20ed0feebffc982d661
SHA1

e57acd827370b7c126e1fa2d98d4d6bdbc3d7b55
SHA256

1b24c1da96bcd5a3cd5ec12aeb4c831f153544aba7b446812d8405995088a8f7
SHA512

9445589c2d4847390b928bb497d0bb0ed110214682d6dea9bc91ba56c85cc9f0b5cc12f60c8070f2fc9cfb2032dd1e06f5ba9dba83f8ea03beba6ccf82f852e5
SSDEEP

12288:HEOMajtYag2ae+Rvv/S7w2eDrL4gHotqMVCO/qkc09W9jrSBfJnrhnOTOnji:zMaj1g2M9aoLlotlCOBuHwJrhnOTZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d623bce1856f20ed0feebffc982d661

Files

0d623bce1856f20ed0feebffc982d661
.exe windows:5 windows x86 arch:x86

8405c9add9a8cfb0676e8828ac689cec

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
OpenMutexA
DeleteFileW
PulseEvent
GetDriveTypeW
FindAtomW
OpenEventW
GetConsoleMode
GetModuleFileNameA
GlobalFlags
InterlockedExchange
GetTickCount
GetVolumePathNameA
CreateFileW
HeapDestroy
SetFilePointer
GetCurrentThreadId
DeleteFileW
GetFileAttributesA
GetProcessVersion
CreateFileW
CreateDirectoryA
GetModuleHandleA
VirtualProtectEx
SetFileTime

user32

IsMenu
DestroyMenu
GetWindowLongA
SetFocus
LoadCursorA
SetRect
MessageBoxA
wsprintfA
GetWindowTextA
GetWindowLongA
PeekMessageA
DestroyIcon
DispatchMessageA

dot3msm

Dot3MsmDeInit
Dot3MsmFreeProfile
Dot3MsmDisconnect
DllMain

advapi32

IsValidAcl

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 793KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE