0b425d3be3a6a5103c61d1a0598027ac | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0b425d3be3a6a5103c61d1a0598027ac
Size

263KB
MD5

0b425d3be3a6a5103c61d1a0598027ac
SHA1

62b3e8af03d2559ec86ec3305fb1bdc681b0c761
SHA256

0afa92d00c57d35619b985733653c42655fd1cfe6ed611c40e30c91e087edab4
SHA512

b6987b717b41686814445e727345e09cb9dffd91ba2ee6c2c92dd26d6e8acf4f26cc6ad1c2da7ad0a1f67be071b93e1d33eebab626004b1263dd6737735a09d3
SSDEEP

6144:eEFQQeUYzNWtdSh5o0+BqXb1a3Fhcj/xgMnZCL:PQQdYzwtA3+B6bQ3vyI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b425d3be3a6a5103c61d1a0598027ac

Files

0b425d3be3a6a5103c61d1a0598027ac
.exe windows:4 windows x86 arch:x86

bf01590842e5d05cdbcb4b51c3523cc7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
Sleep
lstrlenA
GetCurrentProcessId
InterlockedCompareExchange
CreateProcessA
GetStartupInfoA
RaiseException
EnumSystemLanguageGroupsW
LocalAlloc
GetSystemTimeAsFileTime
WideCharToMultiByte
MultiByteToWideChar
GetWriteWatch
InterlockedExchange
QueryPerformanceCounter
GetCurrentThreadId
GetEnvironmentVariableA
GetTickCount
lstrlenW

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

user32

LoadCursorA
IsWindow
FillRect
SetCursor
SetWindowLongA
GetDlgItem
GetSysColor
GetDC
ReleaseCapture
SetWindowPos
MoveWindow
GetWindowLongA
ReleaseDC
GetWindowInfo
SetCapture

ole32

CoTaskMemFree
ProgIDFromCLSID
StringFromCLSID

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow

winmm

mciSendCommandA
sndPlaySoundA

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ