0b89f6d23c98e3f659858871212e2337 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0b89f6d23c98e3f659858871212e2337
Size

9KB
MD5

0b89f6d23c98e3f659858871212e2337
SHA1

9057cf853e1f62c1fff83636bdbec9002ff1377c
SHA256

7b979b7c6fa2fb55191e97bb600bff953161c480a60ef2c25e387008c8294163
SHA512

dd74cd6829d03798963a5edf097e8f837a3fa831ed63b7fb99409d4ceb97d2607bb63be6f60fecdb961cc95efee65661c88f9fc23c59021862f4b93f2033c9d8
SSDEEP

192:iiRLzTdCoxNXrvn7Bv7s4RMQo/H/7zAw7W6yn:xRLzx7XrzBTuQo/ow7ly

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b89f6d23c98e3f659858871212e2337

Files

0b89f6d23c98e3f659858871212e2337
.exe windows:4 windows x86 arch:x86

812c04c2b214e2b2b9a514b1542d9752

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtQueryInformationProcess
NtQuerySystemInformation
strncmp

kernel32

CreateRemoteThread
ResumeThread
WideCharToMultiByte
CloseHandle
GetCurrentProcess
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
VirtualFree
VirtualAlloc
DuplicateHandle
OpenProcess
Thread32Next
SuspendThread
OpenThread
GetCurrentThreadId
Thread32First
WriteProcessMemory
VirtualProtectEx
VirtualAllocEx
VirtualFreeEx
ReadProcessMemory
Sleep
GetCurrentProcessId
IsBadReadPtr
VirtualProtect
GetProcAddress
GetModuleHandleA

user32

MessageBoxA

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE