06be9e1a84e965b791e142a38363d2ba | Triage

Sharing

Copy URL Twitter E-mail

General

Target

06be9e1a84e965b791e142a38363d2ba
Size

7KB
MD5

06be9e1a84e965b791e142a38363d2ba
SHA1

1295169cfcbb4f89e52d04dfa42c5b57d84b4b23
SHA256

e60b5a2f392edf456bc8f1d4c8ebed611678ebb580ae53f6815d990d66ddb29b
SHA512

e918909bc887555d9651123ec6ee304418175fed78c997ea7db057ba38284b11c7944a5f97a3c9aca7b823af4b3a22062212de76844e745462f26642e73ba77a
SSDEEP

96:o/us2P20k08YhFYvd/uakC6NvFAPY/abyzJD3JsXsojaW:oIxMYhFY1/DkCwDJ+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06be9e1a84e965b791e142a38363d2ba

Files

06be9e1a84e965b791e142a38363d2ba
.exe .vbs windows:4 windows x86 arch:x86 polyglot

e8d3d8a05238c01262dfac20f8510afc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

UnhookWindowsHookEx
ToAscii
SetWindowsHookExA
GetWindowThreadProcessId
GetWindowTextA
GetMessageA
GetKeyboardState
GetKeyState
GetKeyNameTextA
GetForegroundWindow
GetClassNameA
CallNextHookEx

kernel32

GetSystemDirectoryA
GetTimeFormatA
IsDebuggerPresent
GetLastError
GetModuleHandleA
lstrcatA
WriteFile
WinExec
CloseHandle
CopyFileA
CreateFileA
CreateMutexA
CreateToolhelp32Snapshot
ExitProcess
GetComputerNameExA
GetDateFormatA
GetModuleFileNameA
GetLocalTime
Module32First

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
GetUserNameA

msvcrt

fflush
fopen
fprintf
fclose

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ