0e126fe12f819972684ab3486bcd1018 | Triage

Sharing

General

Target

0e126fe12f819972684ab3486bcd1018
Size

24KB
MD5

0e126fe12f819972684ab3486bcd1018
SHA1

9fc90e757b3d811be4e47e7e24db9396ced2a72e
SHA256

cab61ef5a0eab517b148b76d18ca22da59de49b7e48e85d4f4022f2645457fc6
SHA512

56b27091e0495644c8facd5001b90cf262f47b431cbd6a05adcdc1dfa3294904cdfe8b336a7655ae53eeda3d832be423c6a0a7cb524141595af22fc331bf9116
SSDEEP

384:ebhOmmnnw7/ru/rUQZebPufrWfyy1q9HuJ9TG5n3bIxgq/NWkiNIre2G:mOmmwyxyP4ygdQ45nBq/NWkUIrg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e126fe12f819972684ab3486bcd1018

Files

0e126fe12f819972684ab3486bcd1018
.exe windows:4 windows x86 arch:x86

db59b7b6c46bcf5c565724ac10373886

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegCloseKey

kernel32

CloseHandle
CopyFileA
CreateFileA
CreatePipe
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
ExitThread
GetCurrentThread
GetExitCodeProcess
GetFileSize
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemDirectoryA
GetSystemTime
GetTickCount
GetVersionExA
PeekNamedPipe
ReadFile
RtlZeroMemory
SetCurrentDirectoryA
Sleep
TerminateProcess
TerminateThread
WinExec
WriteFile
lstrcatA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA

user32

wsprintfA

urlmon

URLDownloadToFileA

wsock32

socket
send
WSACleanup
WSAGetLastError
WSAStartup
accept
bind
closesocket
connect
gethostbyname
gethostname
htonl
htons
ioctlsocket
inet_addr
inet_ntoa
listen
ntohl
recv

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE