0edfc9c76b1065a6ee7a499454da5b33 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0edfc9c76b1065a6ee7a499454da5b33
Size

10KB
MD5

0edfc9c76b1065a6ee7a499454da5b33
SHA1

143de6dbe657d0bc569b01f0b6b94b629c87722c
SHA256

ceaeae55540205c883827225e16a7c0a07a5d42c555a39731b6e61db2cabaf28
SHA512

ef20d80f00931fa0c14e02b8fa2edb03e4e6ea55d0a40a4f3a04c2e96d2b84d27e5f0d72d150bb4f80de582cc5c4268f8d3f5c7041f3713eef222192d5423a5c
SSDEEP

192:+H6vwAGRs9U2AiBLnyHUxTIkFkMMoH9nsijM8D9XqsEwy1yT6yva0Mvh4R:+H6HGRjTiBLyHUxMkiMxRHjM8ZikT6yv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0edfc9c76b1065a6ee7a499454da5b33

Files

0edfc9c76b1065a6ee7a499454da5b33
.exe windows:4 windows x86 arch:x86

48c84d0024399fe70f7f7feb3db55f97

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumSystemCodePagesA
ExitProcess
GetDiskFreeSpaceW
GetModuleFileNameW
GetPrivateProfileStringA
GetProfileSectionA
GetStdHandle
ReadConsoleW
ReadDirectoryChangesW
SetFileApisToANSI
SuspendThread
TlsSetValue
UpdateResourceW

advapi32

CryptEnumProvidersW
CryptVerifySignatureW
GetAuditedPermissionsFromAclA
GetServiceDisplayNameA
ImpersonateLoggedOnUser
InitializeAcl
LookupSecurityDescriptorPartsW
ObjectDeleteAuditAlarmW
OpenSCManagerW
RegOpenKeyA
RegQueryValueExA
RegSetValueA
RegSetValueW
SetEntriesInAuditListW
SetSecurityDescriptorOwner

gdi32

AbortDoc
CheckColorsInGamut
CopyEnhMetaFileA
CreateColorSpaceA
CreateDCA
CreateFontIndirectW
DeviceCapabilitiesExW
EndPath
GetCharABCWidthsFloatW
GetCharacterPlacementW
GetEnhMetaFileBits
GetEnhMetaFilePaletteEntries
GetLogColorSpaceA
IntersectClipRect
SetAbortProc
SetTextColor

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE