0856f96008f313fb2985e80f4802bad9 | Triage

Sharing

General

Target

0856f96008f313fb2985e80f4802bad9
Size

54KB
MD5

0856f96008f313fb2985e80f4802bad9
SHA1

3b9af4f1a92401fc3b7d5d4c9e678df3381df50f
SHA256

f4001ae8c1e241175a23677b0e98ecac1cf7ebe66ecd558c0a934172bbfb2162
SHA512

344a65b6db90c42b9bfaa86e42bbd7f31ea9596289b582d99bcf1b8674a47a578f0ca4785814e28b7e125e56c12d58a6cc89033b63bedfe07630f3e2754296db
SSDEEP

1536:2fmcmvHklgnCvJeKa5/xVr4ZYNcknDnQxz7vZ:Hcm8lpvXa/cZyckDnQZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0856f96008f313fb2985e80f4802bad9

Files

0856f96008f313fb2985e80f4802bad9
.exe windows:4 windows x86 arch:x86

82d8e844213157c66fcc45569db91a71

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

kernel32

FlushFileBuffers
GetModuleHandleA
GetStartupInfoA
ExitProcess
LocalAlloc
OpenFileMappingA
lstrcmpiA
CloseHandle
GetSystemTimeAsFileTime

advapi32

RegQueryValueA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: 42KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 36KB

IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ