sosihuj[.]bat | Triage

Sharing

General

Target

sosihuj.bat
Size

36KB
MD5

5d3b89b5a3e73badd8f4a150672ca093
SHA1

3dd5963d0c52ac3c3fec47fd4f3405f6bbffd12e
SHA256

4ef5bfe39def9251390590c41974d579bb0a8126b107375b1e3e91d17c792f60
SHA512

141a9636845770b3fea2cedbe4c74359a466dd0d85ac28f7b30d2cb841e569becd410ad27ed31a6b9dadbdb055c4c54c47fab3c3ee5d8fce85db4f0daefb67b5
SSDEEP

768:6NnmZ/8vPlLUdhfJ8v6utFpVsOHjPgpG5IXi7D113r1:snwu4DejVdiG5Vhr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
sosihuj.bat

Files

sosihuj.bat
.exe windows:4 windows x86 arch:x86

d01b793cfeabb1210a9dfd924e5cbf0d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

SendInput

gdi32

DeleteDC

advapi32

RegCloseKey

shell32

ExtractIconA

msvcp60

??0_Winit@std@@QAE@XZ

msvcrt

_iob

winmm

waveInOpen

shlwapi

PathFileExistsA

ws2_32

htons

urlmon

URLDownloadToFileA

gdiplus

GdipFree

wininet

InternetOpenA

Sections

.MPRESS1
Size: 28KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE