0d812ff804e194650b74a6ffd9c25559 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0d812ff804e194650b74a6ffd9c25559
Size

27KB
MD5

0d812ff804e194650b74a6ffd9c25559
SHA1

9cd9a66d2052331405d73141de25e7152c90d797
SHA256

6804b2ea2c7d03be9827bfd25b405926160840894aec6e723f93b54b287b85be
SHA512

8f9f8aaf9944f5fbd1c9b2ee22365bf3cc34142f3905ca7b497680c81fbaec2be52609c76cf6341a5215744a7d1e85616ed9d95369e48293966e57e0184de535
SSDEEP

384:2EFkPt9K1Ndl6qMh7UZ+oGmJHR37o0GTgLAvacafJbpJxNAF5Mk/OSMbSVB1Mm0S:2RPKoxBUZHR7GT3C1x9reMosEB0Z0r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d812ff804e194650b74a6ffd9c25559

Files

0d812ff804e194650b74a6ffd9c25559
.exe windows:4 windows x86 arch:x86

2d07885cd5df91e1b8a85eead5808455

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_BIND
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsBadStringPtrA
CreateDirectoryExW
GetFileAttributesA
GetCompressedFileSizeA
SetDefaultCommConfigA

user32

DialogBoxIndirectParamW
DdeCreateStringHandleA
CharLowerW
InsertMenuItemW
DialogBoxParamW
DefMDIChildProcW
SetWindowsHookExA
PostThreadMessageW

gdi32

ResetDCA
GetGlyphOutlineA
LineDDA
CopyEnhMetaFileW
GetCharWidthFloatA
ResetDCA
GetTextExtentPoint32A
GetCharABCWidthsA

Sections

.data?
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.��
Size: 8KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.share
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ