0ebe0052b47fc5db8334af5c5bda159d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0ebe0052b47fc5db8334af5c5bda159d
Size

37KB
MD5

0ebe0052b47fc5db8334af5c5bda159d
SHA1

8fb3ea4a893cee6a7989d5b80ba2b78fe96253ca
SHA256

f2bf7a8016a9fee4052d283d929ac35f9127ea51ffe713c661354df2bb773343
SHA512

726c03e95c05d4ef6fd79258f111b59c2bacbfacbd43e07a73a84cc123c70d456278cf55f75e6777a63c9ecc0ee3bb43c3e0ba2b3352175651cb8835cc1908b7
SSDEEP

768:rAtw8+qFgxLnsWP/LFm0XUvCSBrQpkL50:0/+JxLnsEHSBrPq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ebe0052b47fc5db8334af5c5bda159d

Files

0ebe0052b47fc5db8334af5c5bda159d
.exe windows:4 windows x86 arch:x86

e9066cd88b5a88467a21db78e982f147

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SysFreeString

advapi32

RegQueryValueExA

user32

GetKeyboardType

netapi32

Netbios

wininet

InternetReadFile

ntdll

ZwDuplicateObject

Sections

.text
Size: 32KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE