c0f9c64c1390a6ab055e85aab4faf3c4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c0f9c64c1390a6ab055e85aab4faf3c4
Size

764KB
MD5

c0f9c64c1390a6ab055e85aab4faf3c4
SHA1

268a0e0beaadd56256825500bada9333be296c79
SHA256

35ec56a400cc41550f14a4c243787732b560e328ed4e8f4c07dabbe3fac554eb
SHA512

1ead6af31485cd60ff66e351ff79b0e7b2a079d1d4b7cb038975e474f4998ec72c9370a54fecf94fbd719125815f8b4993e67abfab2cac2e6b13f83cb9fadd91
SSDEEP

12288:XjhAuUZbl8RJOTutzTRXuj33puGlNzJgVmh1TDiytSXhq9K9ffYOh8LUZSbQ3bHq:zWXR8LO+Za3wGlNzJg4jTWygX1POQHq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0f9c64c1390a6ab055e85aab4faf3c4

Files

c0f9c64c1390a6ab055e85aab4faf3c4
.exe windows:4 windows x86 arch:x86

720f236bf6691d413894e670eadca596

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapDestroy
GetStartupInfoA
SetEvent
lstrlenW
DeleteFileW
CreateEventA
CloseHandle
GetCommandLineA
GetModuleHandleA
OpenMutexW
CloseHandle
GetModuleFileNameW
HeapCreate
TlsGetValue
GetTimeFormatA
GetCommandLineA
FindResourceA
Sleep
VirtualQuery
ResetEvent

user32

PeekMessageA
GetClassInfoA
DestroyMenu
DispatchMessageA
CallWindowProcW
CreateIcon
DispatchMessageA
FindWindowA
GetSysColor
GetWindowLongA
IsWindow
IsZoomed
DrawTextW

ntlanman

NPOpenEnum
NPOpenEnum
NPOpenEnum
NPOpenEnum

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 754KB - Virtual size: 753KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ