0db7ae8621cdcb50337b71c494782535 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0db7ae8621cdcb50337b71c494782535
Size

171KB
MD5

0db7ae8621cdcb50337b71c494782535
SHA1

50efc0b0c9846eaf3dec37dce347c27c6ab16d77
SHA256

12db4a938f06ae668e5791106f6210a17065a60ff16df39f0c50a07ab181e6c6
SHA512

5a70711ab520acb7483118f9ed4cdd195cf59bd79ce114e21e1db88dce7608d284000abf99cce5633748379f6c63d5d12f02a7ef8f7675eed53f6d617f57ba73
SSDEEP

3072:4cDdvnrlP7DZKO3p8tZT8uex1P0ofhTe8lcGcGKvHfYm0Yp8X/ZcD/Cs:4cDvP7kUaZe/0oUGcbfwdfXmD/R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0db7ae8621cdcb50337b71c494782535

Files

0db7ae8621cdcb50337b71c494782535
.exe windows:4 windows x86 arch:x86

0494bb67a445eda6f902efcb961b6aab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryW
WideCharToMultiByte
GetFileInformationByHandle
InterlockedExchange
LocalFree
GetCalendarInfoW
OutputDebugStringA
SearchPathW
GetModuleHandleW
LocalAlloc
VirtualQuery
GetCurrentProcess
VirtualProtect
DuplicateHandle
GetCurrentDirectoryW
GetProcessId
GetProcAddress
lstrcmpiW
SetLastError
EnumResourceNamesA
GetLastError
MultiByteToWideChar
InitializeCriticalSection
GetModuleHandleA
ExitProcess
lstrlenW
FreeLibrary
GetCurrentThreadId
GetFileAttributesW
OutputDebugStringW
SetEnvironmentVariableW
GetModuleFileNameW
Sleep

gdiplus

GdipGetImageWidth
GdipDisposeImage

ole32

CoGetDefaultContext
CoTaskMemAlloc
StringFromGUID2
CoUninitialize
CoInitialize
CoTaskMemFree

shlwapi

PathIsUNCW
PathGetArgsW
PathSkipRootW
SHRegGetValueW
StrDupW
PathFindFileNameW

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ