0b6a7fc684725c320b77c0757dc39047 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0b6a7fc684725c320b77c0757dc39047
Size

59KB
MD5

0b6a7fc684725c320b77c0757dc39047
SHA1

995b656f36ba7c9bfd94f33b9f9378a7ee3d585c
SHA256

f770ca2308043a19540bf79217c1b36054b9feb6d9d0732ad485c66fd253fb2e
SHA512

bd0b9a233ad7a915193fe2564d62f34d485c6374e418372e735ba70770a5f99cb99dc05c5c3dfd3615c231e35610f81bc302a3df54d588e85582f56a41b09a46
SSDEEP

1536:/UzMXeNnt+wHRq+FNLNnmVAvXe8a8rnGaACqoR:8zMi8Yr0VAve+RAd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b6a7fc684725c320b77c0757dc39047

Files

0b6a7fc684725c320b77c0757dc39047
.exe windows:4 windows x86 arch:x86

309f08ff082177aa51d7ff00190137f2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

_chkstk
strcat
_vsnprintf
isalpha
memset
strcpy
strstr
strlen
_stricmp
memcpy
RtlUnwind
NtQueryVirtualMemory

kernel32

GetVolumeInformationA
SetThreadAffinityMask
GetProcessAffinityMask
CreateFileA
MapViewOfFile
UnmapViewOfFile
HeapAlloc
GetCurrentProcess
HeapFree
WaitForSingleObject
SetEvent
GetCurrentThread
GetProcessHeap
ExpandEnvironmentStringsA
GetWindowsDirectoryA
WriteFile
GetCommandLineA
OpenProcess
WideCharToMultiByte
Sleep
CreateEventA
CreateProcessA
TerminateProcess
GetSystemDirectoryA
GetLastError
SetLastError
GetProcAddress
GetLongPathNameA
LoadLibraryA
CreateFileMappingA
GetSystemInfo
GetModuleHandleA
CreateMutexA
GetVersionExA
CloseHandle
DeviceIoControl

advapi32

AdjustTokenPrivileges
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
LookupPrivilegeValueA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
OpenThreadToken
OpenProcessToken

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE