0813bed0002a50f740c16d6fc9e5841a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0813bed0002a50f740c16d6fc9e5841a
Size

3.5MB
MD5

0813bed0002a50f740c16d6fc9e5841a
SHA1

48de99bc486d3345d1bbe4170a1130e5e581d014
SHA256

cbdfcca7b56315c14cc10785350260b689476f929bacef1b27889f8036908279
SHA512

40239288b151ac73e3d7baa6f39bedf9a5bbd414b803a4ce2307dfdd2423f48dda03f02dc9b3b334a78a5fe7335bb4be8940d26fb782c3e43edd9479b44ac427
SSDEEP

98304:eJ4y0MMOp9FeNSv0OfLg7lrARducXzF2:7MMSFeNqq7lhcXz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0813bed0002a50f740c16d6fc9e5841a

Files

0813bed0002a50f740c16d6fc9e5841a
.exe windows:4 windows x86 arch:x86

f7f37180964a0c310633fe70296d5c70

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

CoUninitialize

comctl32

ImageList_SetIconSize

wininet

InternetGetConnectedState

comdlg32

GetOpenFileNameA

Sections

CODE
Size: 3.5MB - Virtual size: 13.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE