0cf23c9b6b0a4ac33bc2f7dfb693723f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0cf23c9b6b0a4ac33bc2f7dfb693723f
Size

61KB
MD5

0cf23c9b6b0a4ac33bc2f7dfb693723f
SHA1

50c5e1d06aba9b9e4bac27ac15e0eaae4fecbf0f
SHA256

cbdb0607a7e85e6ca3495014954b93ab9dc892f448cf0140eff7df7aaf63bf87
SHA512

3a8b858c43d3bc5686826988491a33c82a81e2ea97480bacfa58e4453f64a53334712d9151b32f895ae47bcb1ac646f88dcfe32350359180af94d49ef69a84b6
SSDEEP

1536:ucJIiXuHpU2rc2oCB/jWCK7HJahcPfTs6m4aetyHJQVUk:uDY4UQoQ/jNCjno6jaeQHO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0cf23c9b6b0a4ac33bc2f7dfb693723f

Files

0cf23c9b6b0a4ac33bc2f7dfb693723f
.exe windows:4 windows x86 arch:x86

0308f778791c5c98edf6595072b4ea72

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAllocEx
VirtualFreeEx
VirtualProtectEx
ReadProcessMemory
WriteProcessMemory
CreateProcessA
GetModuleFileNameA
GetCurrentProcess
SetThreadContext
ResumeThread
GetThreadContext

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA

msvcrt

malloc
fclose
??3@YAXPAX@Z
fread
fseek
fopen
free

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Wpack
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE