a0bf5f020a8e85d99a8d9407e522fcfd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a0bf5f020a8e85d99a8d9407e522fcfd
Size

717KB
MD5

a0bf5f020a8e85d99a8d9407e522fcfd
SHA1

4f8a85d6efd1bfba7d3c4dc54c2113b843f0a5cf
SHA256

1cf3b8fbd5025132a075dab08e2676b0cd76768c18d114bd0e090196694ea312
SHA512

8e735cc2797d9529e1b025c30c42f506143c02ff98bc3f2e3d98350a04f6ddef7772d0bbb25435289d1719b3f672395baad318f05b4310da0e1c3ca94dcbc0e5
SSDEEP

12288:b/UDXZce5tzhzqSUk+8Ppr6oQGDI1GC63MPfZOAnPCcKgtynEe0tKkV/:bUee5tzA50QxGcGV3MPfZKpgtyTo/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a0bf5f020a8e85d99a8d9407e522fcfd

Files

a0bf5f020a8e85d99a8d9407e522fcfd
.exe windows:4 windows x86 arch:x86

3d020ca7203990cc79abf2744aac89ff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResetEvent
GetVersion
InterlockedExchange
GetTickCount
GetModuleHandleA
lstrlenA
HeapReAlloc
SetEvent
GetAtomNameA
VirtualProtect
HeapWalk
GetProfileIntA
FindAtomA
CloseHandle
WaitForSingleObject
GetConsoleCP
GetACP
LoadLibraryExA
CompareFileTime
GlobalUnlock
TlsFree

user32

PostQuitMessage
ModifyMenuA
DispatchMessageA
SetSysColors
GetWindowTextA
EqualRect
GetMenuStringA
SetWindowPos
UpdateWindow
GetMenu
GetWindowLongA
GetDlgItem
MessageBoxA
TranslateMessage
GetSubMenu
ScrollDC
GetKeyboardLayout
InsertMenuA
ShowWindow
CopyRect
InflateRect
GetScrollRange
GetParent
SetPropA
DialogBoxParamA
DestroyMenu
EnableScrollBar
PostMessageA
LoadIconA

msi

MsiCloseHandle
MsiDoActionA
MsiEnumProductsA
MsiEnumClientsA
MsiGetMode

uxtheme

GetThemeBool

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ