0b948d6fc5435622a84eccb6ef950734 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0b948d6fc5435622a84eccb6ef950734
Size

164KB
MD5

0b948d6fc5435622a84eccb6ef950734
SHA1

74e0bc9784a5ceab3d4a84610969efa70efd6ad2
SHA256

4108f72b8659c69a1faa611e44cfa0ff1ec4c516c1534355db9fd0f8235fc3ed
SHA512

c4abc123264b448ab750160e76a6a324cca5a44f1f14915598cc3421191820f95a99fe4208409161399de53e2b573f8e290a6d09422d6a1dfb0b14b6606b6bfd
SSDEEP

3072:Zjkl946cVfZIFl66GQy+7jQSmY1kH9EAAtMe24pES9dXlXJcEADNkzJQvSa+QG:tkC5ZIP6JAvFRkCIV6XlZcFhkY+5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b948d6fc5435622a84eccb6ef950734

Files

0b948d6fc5435622a84eccb6ef950734
.exe windows:4 windows x86 arch:x86

bcd81398dc4991f2840c355c1d92baa4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
MultiByteToWideChar
GetModuleHandleA
GetFileSize
FlushInstructionCache
GetTickCount
VirtualProtect
GetLastError
GetProcAddress
LocalFree
LoadLibraryA
Sleep
LocalAlloc
VirtualProtect

user32

wsprintfA
wvsprintfA

Sections

0FsMKf^N
Size: - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

EVfPSu!]
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Zv]2<Yo'
Size: - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

yP[2kIMb
Size: - Virtual size: 616B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

=qL9' 'n
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

q;K)*:uc
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fqP]54(+
Size: 4KB - Virtual size: 613B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ