0f8cecb149a2a6d50dc6431b09cda852 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f8cecb149a2a6d50dc6431b09cda852
Size

180KB
MD5

0f8cecb149a2a6d50dc6431b09cda852
SHA1

9cd9fe2c0f589d2bc9dc4d209a5a62ac16710067
SHA256

5423128105e535ddc5abf63dee5739d4c3302d9bb19c8e80424cf3f6ac1e3510
SHA512

d8d53717b308ba90d20319b125d8321daecbba1945b491360244cf01127b3bf3c2a253768cf50703b9e58824233cf49af71843ae80806324d3611e1f34248cac
SSDEEP

3072:sGuA5Qe40hcJNxeydeJlsFoRkepFmdIlokR7np7/rwQPAaeHre8tiO5+TIgxVvZn:UcX4a0UyslsFoWJdI17nJrwQPLMavODT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f8cecb149a2a6d50dc6431b09cda852

Files

0f8cecb149a2a6d50dc6431b09cda852
.exe windows:4 windows x86 arch:x86

cf4557924f8dd3a2caff8bf9fab4a997

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExA
RegCreateKeyW
RegCreateKeyA
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegEnumValueW
RegDeleteValueW

kernel32

LoadLibraryExW
MultiByteToWideChar
SetProcessWorkingSetSize
CreateProcessW
FindFirstFileA
InterlockedCompareExchange
lstrlenW
CopyFileW
GetExitCodeThread
CreateDirectoryExA
GetTempPathA
lstrcmpA
lstrcmpiW
DeleteFileA
EnumResourceNamesW
lstrlenA
GetFileAttributesA
lstrcmpiA
HeapSetInformation
Heap32ListNext
RemoveDirectoryA
WideCharToMultiByte
LoadLibraryW
CreateEventW
FindClose
LocalAlloc
FindNextFileA
SetFileAttributesA
LocalFree
DeleteFileW

ole32

IIDFromString
CoCreateInstance

psapi

GetModuleBaseNameW

Sections

.text
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ