0f0f63f6c107eff9ba2ffb16d7221762 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f0f63f6c107eff9ba2ffb16d7221762
Size

12KB
MD5

0f0f63f6c107eff9ba2ffb16d7221762
SHA1

b77a1436eb0611e36c21ddddaf943dc4aacd8bb9
SHA256

ee49ad1a67ccd6cd2d6efdb064e67c0afb154aa4a0564a3778efbfd5ea68b649
SHA512

2963a3db7492c20bb5cd150fd6501614c5a2b82e9e6b9184c22ac94b5a88e1ffabb62ee4aca239d66b9c8255dbd61aefb8a2185e05f4aa792239dee307534d50
SSDEEP

192:+I5PaCa+psV4c2hrcqaYrqKv+z4gNuSFLLf9h7ONdPGp3:+MfaZmUqaQqKvo7NtLLfmNduV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f0f63f6c107eff9ba2ffb16d7221762

Files

0f0f63f6c107eff9ba2ffb16d7221762
.exe windows:4 windows x86 arch:x86

c22ea1ee3a19dc584ff47584d2a03418

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
lstrcmpA
GetModuleFileNameA
SetPriorityClass
GetCurrentProcess
WriteFile
CreateFileA
LockResource
LoadResource
Sleep
CopyFileA
GetSystemTime
GetCurrentProcessId
GetProcAddress
GetModuleHandleA
GetVersion
ExitProcess
lstrlenA
GetSystemDirectoryA
GetVersionExA
CreateProcessA
CloseHandle
FindResourceA
TerminateProcess

user32

wsprintfA

advapi32

RegFlushKey
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegCreateKeyA

ws2_32

send
connect
htons
inet_addr
gethostbyname
socket
accept
inet_ntoa
recv
bind
htonl
WSAGetLastError
__WSAFDIsSet
ioctlsocket
select
WSAStartup
closesocket
listen

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ