0dcffbe08282278674a33afd3da8f558 | Triage

Sharing

General

Target

0dcffbe08282278674a33afd3da8f558
Size

749KB
MD5

0dcffbe08282278674a33afd3da8f558
SHA1

8b58276512752a88c96f5bea8f74afdc42df280e
SHA256

56a2e2fea64238393937a73fc5308b68e26fd5b3d55a1cb999698b874a28d262
SHA512

f4c07648bb4dcb901252db9fe6ea906dd7f0feb1a0ccfc120e7ade7b15f2e122f8cc2c33d363636ee8523bc5f055dd5e559d916bef6695ab758094f7c6ea39c3
SSDEEP

12288:ryPSaqCk87ihd2UPCgcHBLSJFZWoCV+rs9FaGrQrj9ZVsyLC+MSTqF+jp92DCMdG:b7Vhd2U6gcDoyqs94qUC+MSTqEj2P4Kb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0dcffbe08282278674a33afd3da8f558

Files

0dcffbe08282278674a33afd3da8f558
.exe windows:4 windows x86 arch:x86

83e586bad616febd7f2c662042601b18

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryW
RemoveDirectoryA
OpenEventA
Sleep
ResetEvent
VirtualProtect
ReleaseMutex
CancelIo
GetCommandLineA
lstrlenA
SetStdHandle
CreateEventW
GetFileType
ReleaseSemaphore
FindClose
GetModuleHandleA
FindClose
WriteConsoleW
CreateFileMappingW
GetLastError
CreateFileA
WriteFile
HeapFree
RemoveDirectoryA
DeleteFileA

user32

GetWindowLongA
GetSysColor
MessageBoxA
FindWindowA
CreateIcon
IsWindow
DispatchMessageA
DestroyMenu
DrawTextW
PeekMessageA
DestroyMenu
IsZoomed
GetClassInfoA

dimsroam

DimsRoamEntry
DimsRoamEntry
DimsRoamEntry
DimsRoamEntry

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 740KB - Virtual size: 740KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ