0ceaaf6861f0b168f13ff4e6a2edd20b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0ceaaf6861f0b168f13ff4e6a2edd20b
Size

107KB
MD5

0ceaaf6861f0b168f13ff4e6a2edd20b
SHA1

28ae3111d1c2cf7f24855e56bb73ca97ea64d913
SHA256

1367306684415179c3536b0570e24389758af348e46558c4c641d331d1b2cc32
SHA512

89b5988257617aab9e2b0743cfd227ede0b14a7cfe5b89115e9cea4a07150ba72dbc9f59c257b52a9b43340cdb50d2c9d75cb5a97d45676e3d5fca83fa66161d
SSDEEP

1536:2azzd2yoq4WikdPZ8g7TpMDE+XSDwxdB+Gr+azkA3WB8Gb3ddEvkllPynqga:2Yd2vWNNZbpMg+hxdB+GrTghdPlo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ceaaf6861f0b168f13ff4e6a2edd20b

Files

0ceaaf6861f0b168f13ff4e6a2edd20b
.exe windows:4 windows x86 arch:x86

b8da41743334baa944455a56aaba12ca

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsA

kernel32

CloseHandle
CreateFileA
GetEnvironmentVariableA
lstrcatA
lstrcpyA
GetShortPathNameA
GetModuleFileNameA
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
GetEnvironmentVariableW
GetLastError
Sleep
WritePrivateProfileStringA
GetLocalTime
GetPrivateProfileStringA
GetFileSize
GetVersionExA
GetProcAddress
LoadLibraryA
DeleteFileA
GetFullPathNameW
SetFilePointer

advapi32

RegQueryValueExA
RegSetValueExA
RegCloseKey
RegEnumValueA
RegCreateKeyA
RegOpenKeyExA

ole32

CoCreateInstance
OleInitialize

msvcrt

_strcmpi
time
srand
rand
__CxxFrameHandler
??2@YAPAXI@Z
sprintf
wcscat
_wcsnicmp
wcscpy
strstr
_strlwr

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE