0bb0e80f9b4096108a383d50b4578b2e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0bb0e80f9b4096108a383d50b4578b2e
Size

354KB
MD5

0bb0e80f9b4096108a383d50b4578b2e
SHA1

96ed76ba1eda47766a499f87e9157f20f7894762
SHA256

f4e8574b4792968498f56f38f6436ca3a8464b714a28de1e80fbd5a677f56cd3
SHA512

77c1f3f1ba7d27128724ed1af8364b58b78786fea5230b37c859836fc335e547f890b119c824d6a3954aff373f0d4e5a5ce7969cc370542fe0206620411d97ea
SSDEEP

6144:DZ/PPIK+xLOIP9kIol3NZrH1yiEAjWAP0ny5n559ihn+c3SsFDz1jOzgpRH1lQjQ:DZ/PPIKGOIP9kIol3PEiEyWfny5559WN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0bb0e80f9b4096108a383d50b4578b2e

Files

0bb0e80f9b4096108a383d50b4578b2e
.exe windows:4 windows x86 arch:x86

148bf55ceb3e5471ef5f9ffc2bb75e2f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetProcAddress
LoadLibraryA
VirtualAlloc
VirtualFree
VirtualProtect

Sections

.XComp0
Size: 338KB - Virtual size: 748KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.XComp
Size: 814B - Virtual size: 814B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE