011a0dce95a2470d2cb3263dd1b6bf2f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

011a0dce95a2470d2cb3263dd1b6bf2f
Size

139KB
MD5

011a0dce95a2470d2cb3263dd1b6bf2f
SHA1

1256c1f35a05aa6bc0b4df9d7d57b5031e1427a5
SHA256

2fbfaca473901affeafda7800f834826c63c68760a5d3a69b600f941f91b1c5e
SHA512

46ae23a43da579b46e09022fa2756a453db83e4a9ac43c01f2ec8ddb4720bdaeb8ff4862176b9f65ac9e41502236de93a199158e3dcff62f284844f51d24c158
SSDEEP

3072:rt3ndNfPZX4vylSXfmQo26cBtXqY1hMI9S9rnT8BLPtmvGGX/Fxtl:rt3ndNfPl4MSXfms6kk0H9S9rkPArP3t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
011a0dce95a2470d2cb3263dd1b6bf2f

Files

011a0dce95a2470d2cb3263dd1b6bf2f
.exe windows:4 windows x86 arch:x86

bb46e77ad2e808d6ed3d09817bc112eb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoUninitialize
CoFileTimeNow
CoCreateInstance
StgOpenStorage
CoInitialize

occache

FindControlClose

kernel32

MapViewOfFile
LockResource
LoadResource
GetCurrentProcess
FindClose
GetModuleFileNameA
GetSystemInfo
CreateFileMappingW
SetEndOfFile
UnmapViewOfFile
FindResourceW
FindFirstFileA
EnumResourceNamesW
SetFilePointer
FindNextFileA
GetTempPathA
SizeofResource
ExitProcess
CreateFileA
GetFileAttributesA
ReadFile
VirtualQueryEx
CloseHandle

shell32

SHGetSpecialFolderPathW
ShellExecuteExW

Sections

.text
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ