a0efb3b6a466fc3a6e9ddefc2b1ae5cc748ed39d2f319eb0299571dab55eaa4b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a0efb3b6a466fc3a6e9ddefc2b1ae5cc748ed39d2f319eb0299571dab55eaa4b
Size

1.2MB
MD5

1832679fabffa248f447585e347ea41b
SHA1

16fc9bb0a290f04b2aa39d2222ebf3c3991f3bbc
SHA256

a0efb3b6a466fc3a6e9ddefc2b1ae5cc748ed39d2f319eb0299571dab55eaa4b
SHA512

d4d7537ba8062dd11a5314b6f4cf55172953275811f9542183531ea574eaed192401f0a67859b2515233fdcf38eef8268333d90ce219b5671c5a1ae8e70b613f
SSDEEP

12288:sFpjNtHxf5HIupWLmArNSa82EVP66IG5xOSEPoAnYCp9iC/r9sJkM1etHr:+LzILmm782EViFLTYWr9sJXsH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a0efb3b6a466fc3a6e9ddefc2b1ae5cc748ed39d2f319eb0299571dab55eaa4b

Files

a0efb3b6a466fc3a6e9ddefc2b1ae5cc748ed39d2f319eb0299571dab55eaa4b
.dll windows:4 windows x86 arch:x86

b39f83899975eeb5b2db14b289d7529c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msi

ord70
ord8
ord171
ord125
ord17
ord211
ord145
ord74

kernel32

RemoveDirectoryA
RemoveDirectoryW
FindFirstFileA
FindClose
FindFirstFileW
GetComputerNameA
GetVersionExW
WaitForSingleObject
GetComputerNameW

comdlg32

GetOpenFileNameW
GetOpenFileNameA

advapi32

GetUserNameW
GetUserNameA

shell32

SHFileOperationA
ShellExecuteExA
ShellExecuteExW
SHFileOperationW

Exports

Exports

DeleteExtractionPath
DeleteLZMAFiles
ExpandExtractionPath
ExtractLZMAFiles
FindEXE

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ