0dd2d29dadc89cf64ef430a7c704af20 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0dd2d29dadc89cf64ef430a7c704af20
Size

2.6MB
MD5

0dd2d29dadc89cf64ef430a7c704af20
SHA1

ea6dcdf648c352b87a0b92deb27fdfe4a511764c
SHA256

fd1628fa076200e4b73855a8a3ac7c2450b592156b6f6ab015718ff9c2cde9f4
SHA512

b227cf9453492504fd9a29260c72bc82d45fb49bf0ff1fdaaa9ca03834211c12eeb5a16875dc7f088fdbe932003003ce79601ffd0de8018dcaa38a1ebc041b79
SSDEEP

49152:xewFvdfLgyjRQxYQoGS9o/FDUZUQt9bnMDR0abTIdWG:gCUYwFAuQt1MdYdd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0dd2d29dadc89cf64ef430a7c704af20

Files

0dd2d29dadc89cf64ef430a7c704af20
.exe windows:4 windows x86 arch:x86

a52150260066d3d1529c887a65617b97

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
WriteFile
LockResource
LoadResource
FindResourceA
CloseHandle
SizeofResource
WaitForSingleObject
lstrlenA
DeleteFileA
lstrcatA
lstrcpyA
GetModuleHandleA
GetCommandLineA
FreeResource
CreateProcessA
GetTempFileNameA
GetTempPathA
lstrcmpiA

user32

LoadStringA
MessageBoxA

advapi32

RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA

Sections

.text
Size: 4KB - Virtual size: 897B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 740B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7.5MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ