0afc50142d63f15915d503210c8c7c9e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0afc50142d63f15915d503210c8c7c9e
Size

9KB
MD5

0afc50142d63f15915d503210c8c7c9e
SHA1

0abafa91be994405aa3702495b48ed11de90d858
SHA256

8f6709d178d719669b9de21d4fc4324bbbc4500093877a156daf58acce46eda2
SHA512

8eb2c35a389fc6df101b0c5d949ba2bd22b0a7603743fd016ae6b374bfad45b0cecc3ddd84a1f56d6448b85203a6e21d6260062e5dd14b566abb6fe454a40a64
SSDEEP

192:vQSe8enFvpZq/E8e3FbyLbVPauO+85Eb69yYQV0IPWf/DCWP:vQPFvTqM+OkYQV0iWf/DCWP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0afc50142d63f15915d503210c8c7c9e

Files

0afc50142d63f15915d503210c8c7c9e
.exe windows:4 windows x86 arch:x86

da5addf43d770296cefc2375f8aebb73

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
CreateMutexA
lstrcmpiA
lstrcatA
GetModuleFileNameA
FreeLibrary
GetCurrentThreadId
ExitProcess
LoadLibraryA
GetCurrentProcessId
lstrcpyA
WaitForSingleObject
CreateProcessA
CreateToolhelp32Snapshot
GetTickCount
GetSystemDirectoryA
CreateThread
GetProcAddress
Sleep

user32

MessageBoxA
wsprintfA
GetMessageA
TranslateMessage
DispatchMessageA
PostMessageA

advapi32

RegOpenKeyA
RegCloseKey
RegEnumValueA
RegOpenKeyExA

msvcrt

fgets
_except_handler3
strchr
_itoa
fgetws
fopen

Sections

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ