0bf97d1a36599ce64d5a797de3aa03a9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0bf97d1a36599ce64d5a797de3aa03a9
Size

68KB
MD5

0bf97d1a36599ce64d5a797de3aa03a9
SHA1

8cb117bbcaf93fde0e7c21954530671cc3552714
SHA256

bd68a010802465db395744af3c591335b7d91933f2fe334215c7b068516e01b1
SHA512

01e8b9a62b35dc48d0467bc4b481a73115649114fc013f498aef2b46412ddde068c9790d9b2168aab82ef1a459f3066c06b05dfa9dc72fb378ceb95951a1eeb9
SSDEEP

1536:eDS3n+yi7OU+zgS2H3Xh8+5hTzTKnDy+giXheh21eVgf:SQn1i7QzgSinW+5hunO0n1uq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0bf97d1a36599ce64d5a797de3aa03a9

Files

0bf97d1a36599ce64d5a797de3aa03a9
.exe windows:4 windows x86 arch:x86

c62249dcf92ad34e05c5107b294478c1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteA

kernel32

GetModuleHandleA
WriteFile
CloseHandle
CreateFileA
ExitProcess
GetFileSize
GetModuleFileNameA
GetTempPathA
GlobalAlloc
GlobalLock
ReadFile
RtlMoveMemory

Sections

.text
Size: 512B - Virtual size: 446B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ