0b6db8ed4dfcaeb1c0f5dbb1e35037ff | Triage

Sharing

General

Target

0b6db8ed4dfcaeb1c0f5dbb1e35037ff
Size

192KB
MD5

0b6db8ed4dfcaeb1c0f5dbb1e35037ff
SHA1

07a347c80e1592e7747c14a180b94f4273a81171
SHA256

649f13472963e2d53e74c85e57ec86559c30326bdbdb3913a92dc2d5b23e7f14
SHA512

d8f63c08c1d4b5b3fbe9e205f78207d119c91aa7a16b6c44c7934cf448f3ebcfd41c46c368ee0ea33d91f3f35425042c56030f25161ad77a796d5fb699187158
SSDEEP

6144:HUZU5ybhYu41iU6cVNauoAw7Gh+WiZ9BZYwQSixCi/ic:HU51Yu41iUCuLThYZYw8xCiJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b6db8ed4dfcaeb1c0f5dbb1e35037ff

Files

0b6db8ed4dfcaeb1c0f5dbb1e35037ff
.exe windows:4 windows x86 arch:x86

443f171adf78102839491b6270071b07

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA

oleacc

LresultFromObject
CreateStdAccessibleObject

shlwapi

PathAddBackslashA

kernel32

GetStartupInfoW
GetAtomNameW
GetSystemTimeAsFileTime
GetTickCount
IsDebuggerPresent
lstrlenW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetModuleHandleW
UnhandledExceptionFilter
CreateProcessW
RaiseException
EnumResourceNamesA
GetEnvironmentVariableW
GetACP
MultiByteToWideChar
InterlockedCompareExchange
GetCurrentThreadId
WideCharToMultiByte
GetCurrentProcess
TerminateProcess
TzSpecificLocalTimeToSystemTime
GetCurrentProcessId
Sleep
lstrlenA
GetLocaleInfoW
LocalAlloc
InterlockedExchange
GetThreadLocale

setupapi

InstallCatalog
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

winmm

mciSendCommandA
sndPlaySoundA

Sections

.text
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ