0f1dbbe728f344d3716eaa161ed7f8bc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f1dbbe728f344d3716eaa161ed7f8bc
Size

4KB
MD5

0f1dbbe728f344d3716eaa161ed7f8bc
SHA1

7cd85d447f538c5c4a40055a2383c2c22a07711d
SHA256

08b4f2f0e5eea7c312c616e43dccc25dc8aecf5a7466aad0fe2e63165c2a2607
SHA512

c42a8c03bfb8c021866400a570d6f630ef58507960cbc349c372e030133eb381498849def2bd48aefed8609a88458d6241c8d19e8d825c64bca017348bf029d7
SSDEEP

48:qbW+N1rCRq5hi/M11WiIZBbHWawbgjqTBoev2MQG:Vo1rCa1M3BydTJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f1dbbe728f344d3716eaa161ed7f8bc

Files

0f1dbbe728f344d3716eaa161ed7f8bc
.exe windows:4 windows x86 arch:x86

1a8f57ee72d0c183f8e784c17104719e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
HeapAlloc
Sleep
GetProcessHeap
CreateEventA
WaitForSingleObject
CreateProcessA
Process32Next
Process32First
CreateToolhelp32Snapshot
CompareStringA
CloseHandle

advapi32

RegCloseKey
RegOpenKeyA
RegQueryValueExA

gdi32

GetStockObject

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE