0e0b9df31448154336c7f140f532aa56 | Triage

Sharing

General

Target

0e0b9df31448154336c7f140f532aa56
Size

629KB
MD5

0e0b9df31448154336c7f140f532aa56
SHA1

ee027395d9bd6722fae30c7928cff28ec6781a9b
SHA256

02787a80094bf9034de5b6990caccd3babfa9564034442300889b63e8c58c8b4
SHA512

7997526a6dc7de922e31e4e2cfa10067e326c8e10f37821c19bbbffb3f07a065092edd7f361d0a9407df30a7cf75bc8f09973b177fd5b96c07ad5013124850bb
SSDEEP

12288:qWqXqkf08rzOfGwuPD5DXztimkRDMpElwvZvWBxW3KlPMU+5eIpu7h:WaoPzDwI5limmDM4wvZvWBc3WMz5e5V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Rechnung-2176595995802N4.com

Files

0e0b9df31448154336c7f140f532aa56
.zip
Rechnung-2176595995802N4.com
.exe windows:5 windows x86 arch:x86

79420f1baa63b40963b5cae8cd85925b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rsaenh

CPDecrypt
CPEncrypt
CPCreateHash
CPDeriveKey

kernel32

GetCurrentThreadId
LoadLibraryExW
WriteConsoleW
GetShortPathNameW
SetLastError
HeapReAlloc
VirtualAlloc
OpenFileMappingW
CreateSemaphoreA
LoadLibraryA
CreateThread
OpenMutexA
lstrcmp
FindClose

Sections

.text
Size: 644KB - Virtual size: 643KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ