0c562d1125cf3f24afcbeea35756db38 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0c562d1125cf3f24afcbeea35756db38
Size

319KB
MD5

0c562d1125cf3f24afcbeea35756db38
SHA1

bd3ec9b1db248aabfceb8bff9ad95f8524e05806
SHA256

e4282d46f4b6c0aee539e89c88c76cb86d76772264741b9bbae73edf4e715809
SHA512

706944eaa5285afe8fc63dac5b91c36be930ded331a9a9f4411883b980391732f37c735f1b983a5b3d231205f55659e0bb95eac450fa6733944091fae03b8e62
SSDEEP

6144:VKet5EGKAFC63D91lvmWOL0G/g/J/CEOeovlfSO3y6e2xn8SqErEbzJsJd:VKetnFFZ1UjL0G/g/J/aeo5SOCLSnrEy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c562d1125cf3f24afcbeea35756db38

Files

0c562d1125cf3f24afcbeea35756db38
.exe windows:4 windows x86 arch:x86

8b31dd020eb1de27e1f3ed382a0759b8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
GetTempPathA
Sleep
GetModuleHandleA
VirtualAlloc
VirtualLock
GetProcAddress
OpenMutexA

user32

InSendMessage
LoadAcceleratorsA

gdi32

FloodFill
SelectObject
CreateSolidBrush

shell32

DuplicateIcon
SHGetFolderPathA

ole32

CoInitialize

netapi32

NetDfsAddFtRoot

avifil32

AVIMakeFileFromStreams

msvfw32

DrawDibEnd

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 806B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vdata
Size: 4KB - Virtual size: 30B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 207KB - Virtual size: 542KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ldata
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE