0b6e87e4d3b96a50bf7eda3ef3d663a2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0b6e87e4d3b96a50bf7eda3ef3d663a2
Size

5KB
MD5

0b6e87e4d3b96a50bf7eda3ef3d663a2
SHA1

536f481d29c258e7b37e81ef727d69d253627d7d
SHA256

e186e6a8693c84f6e4fe1167a58d5d65f7efb53b877c4a7b9a5e4ad9e7351eff
SHA512

9fed887c44da59838271220f6a7e172c7c35fbbd15bd0c2601911f8a1c274bc253e93456602167a702116bd391a656cae76d76e9266972b063e442a3a5c164a3
SSDEEP

96:u2wMotcYygw133CorikoK5dIlqnkpqrGvlAU0fMJ:u9GYyF13SgikF5eAnk8rqlAD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b6e87e4d3b96a50bf7eda3ef3d663a2

Files

0b6e87e4d3b96a50bf7eda3ef3d663a2
.exe windows:4 windows x86 arch:x86

5a0d64efc7821cad74c71d4c07f85896

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
FindFirstFileA
ExitProcess
GetProcAddress
LoadLibraryA
CloseHandle
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetModuleHandleA
OpenProcess
Sleep
WinExec
GetWindowsDirectoryA
GetExitCodeThread
Process32Next
Process32First
CreateToolhelp32Snapshot
WritePrivateProfileStringA
DeleteFileA
GetPrivateProfileStringA
GetSystemDirectoryA
GetModuleFileNameA

user32

FindWindowA
GetWindowThreadProcessId

shell32

ShellExecuteA

msvcr71

strncpy
_splitpath
strstr
atof
??2@YAPAXI@Z
strncat
_strlwr
exit
rename

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ