0848d781177b1c49580c7633dfa6fa11 | Triage

Sharing

General

Target

0848d781177b1c49580c7633dfa6fa11
Size

179KB
MD5

0848d781177b1c49580c7633dfa6fa11
SHA1

55201626b8610e660ea181dabd583e4d63a3ba6b
SHA256

275c8305aa35959d00b7989c4af2e0ef1c81f63a56db6d640e6e9635cbb5f9c2
SHA512

65de7941081ed0ce0e4e231eb38c7bab87f123d9fc1a7440fc48f59a25c1dd0afdcb7968983eca6d0ffa3843a0774bf56c7faf730570b488e05b6e8795687471
SSDEEP

3072:A6WQ079Fqa2Xk91/oyUpVHYSZSl5Vnm8XMPb3Zz2l3eZEECkJS7K6UTT/RV4y9sh:nW598rkbapRBi55m/1W3VJk1Cy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0848d781177b1c49580c7633dfa6fa11

Files

0848d781177b1c49580c7633dfa6fa11
.exe windows:4 windows x86 arch:x86

66f2991ab0c49503534219a911d38603

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLocalPrimaryComputerNameA
SetDefaultCommConfigA
lstrcmpA
CloseHandle
ReleaseSemaphore
ReadConsoleA
PulseEvent
HeapAlloc
GetProcessHeap
_lread

ntdll

RtlIpv4AddressToStringExA
RtlAllocateHeap
RtlAddAtomToAtomTable

ole32

CoFileTimeNow

advapi32

SetServiceObjectSecurity

gdi32

CreateBitmap
CreateSolidBrush
PtInRegion
ResizePalette
SetMapMode
SetPixel
SetRectRgn
GetArcDirection

comsvcs

CoLeaveServiceDomain

netapi32

NetRemoteComputerSupports

usp10

ScriptStringAnalyse

Sections

.text
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ