0c7d2da804dd11ecfb384de7898a6d30 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0c7d2da804dd11ecfb384de7898a6d30
Size

25KB
MD5

0c7d2da804dd11ecfb384de7898a6d30
SHA1

2c543f7bfcb9ff92199a5c365ce7a1b2ca4f99d6
SHA256

8e0dc40f7d0a177718fcd63e7233d58fcc54be43cebf212a774c5ddda6c64d52
SHA512

c29f1bb85cbe9671cfda2efbe43f634eb546b1e8dc64d3c3bc20b9bf6cc7fda4a48285dea01b3a2d89fdadf4a48784600711a5bea57913c98ad5691c0a1c0069
SSDEEP

384:H2A6O1Of6ykt3a20tNegPW1qSQFjez8Nz+JzsJGh+ts0e1u0pwxYM54XGOX1iOXd:HgbkwJ+Ka8NKF+60e1H654dXPXUbw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c7d2da804dd11ecfb384de7898a6d30

Files

0c7d2da804dd11ecfb384de7898a6d30
.exe windows:4 windows x86 arch:x86

f75b4fb2a428ca666501fe514e04d441

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
GetKeyboardType
WindowFromPoint

kernel32

GetModuleFileNameA
GetEnvironmentVariableA
ExitProcess
FormatMessageA
GetLastError
SetLastError
GetProcAddress
VirtualProtect
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
GetModuleFileNameW
GetVersionExA
VirtualFree
VirtualAlloc
GlobalAlloc
SetFilePointer
ReadFile
CreateFileA
DeleteCriticalSection
TlsSetValue
lstrcpyA
Sleep

advapi32

RegQueryValueExA
RegSetValueExA

oleaut32

SysFreeString
SafeArrayPtrOfIndex
GetErrorInfo

mpr

WNetOpenEnumA

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

CreateStreamOnHGlobal

comctl32

ImageList_SetIconSize

winspool.drv

OpenPrinterA

shell32

ShellExecuteA
SHGetSpecialFolderLocation

comdlg32

ChooseFontA

Sections

.text
Size: 24KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE