0f1de71bd80af222a0b33ebba7ba9c53 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f1de71bd80af222a0b33ebba7ba9c53
Size

166KB
MD5

0f1de71bd80af222a0b33ebba7ba9c53
SHA1

7b28c80d9a787bfb1891ec4872c198f1a8c75b50
SHA256

2880537b44697d2a16bb5d9c8236ae192a75c901b87ae701577166020bd1f6cb
SHA512

14f75c0de9a9e3c45cc9767f1b2b00ce79f13bcfe298b0b04c4a4186c7d54ad36828fe9300984c166b0fc4c2c90d7e535a4cc43b0f8b0f7dd9026b5ef433a1dc
SSDEEP

3072:9bHLsq4qb3uieZF/68X8dROXAgIff92nEfqUtQmR8nYbU7Qty9IXWKsh:Wlcu1P68XaRPf92jU+a8nGU7Qtjm/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f1de71bd80af222a0b33ebba7ba9c53

Files

0f1de71bd80af222a0b33ebba7ba9c53
.exe windows:5 windows x86 arch:x86

5d44ebfe9af4da7108d17c9ca31584dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindFileNameW
StrCmpNIW
StrCmpNIA
wvnsprintfW
PathCombineW
PathFileExistsW
StrStrW
PathMatchSpecW
PathRemoveFileSpecW
wvnsprintfA
SHDeleteKeyA
wnsprintfW
wnsprintfA

advapi32

CryptGetHashParam
DuplicateTokenEx
RegDeleteValueA
RegQueryValueExA
CryptCreateHash
RegCloseKey
CryptReleaseContext

Sections

.qbqh
Size: 42KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tej
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rab
Size: 6KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ