010bd83a02c9fd39daba260d9a1784e8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

010bd83a02c9fd39daba260d9a1784e8
Size

7KB
MD5

010bd83a02c9fd39daba260d9a1784e8
SHA1

6d55c70faee203e2cd58dae3b3e23b07dc27484a
SHA256

194bf5333017e18e4c821d274811b62f5df0403d15613f92c19d1df242da33ad
SHA512

ef17ca683bc48332c443fa2cbd4a44b5eed9501e3ad9a2c33ecf4b2ae690633a873475e2f8f9579c21eba28623c60a7dde0c55f5ccab03e87a39a5916a31977f
SSDEEP

96:cbmt5Zd6CX82vp6qAkRlstjodkfLB3ibNVnuTaCgGi:qmLZdtX48Utg8NGNVnMaCNi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
010bd83a02c9fd39daba260d9a1784e8

Files

010bd83a02c9fd39daba260d9a1784e8
.exe windows:1 windows x86 arch:x86

e3a5ae9624007587d472caa8fd1e98ff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
FreeLibrary
GetCommandLineA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
CloseHandle
GetVersionExA
LoadLibraryA
CopyFileA
OpenProcess
RtlUnwind
CreateFileA
SetFilePointer
TerminateProcess
WriteFile

user32

GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
DefWindowProcA

advapi32

RegFlushKey
RegOpenKeyExA
RegSetValueExA

crtdll

__GetMainArgs
_sleep
_stricmp
_stricmp
exit
raise
signal
strchr

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 668B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE