0cedcf5df88dc9d90b6fe93977cfeafe72e5e2c5474d45f97222073f86c75198N | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0cedcf5df88dc9d90b6fe93977cfeafe72e5e2c5474d45f97222073f86c75198N
Size

358KB
MD5

fb139ff4ce4268b821c4a86737ee6400
SHA1

7f8170123a00f0a6c52d406726dadaf6a07f6378
SHA256

0cedcf5df88dc9d90b6fe93977cfeafe72e5e2c5474d45f97222073f86c75198
SHA512

b4420a3663e2e5adab7f705e0aaff2ddf282b5143c34cfa9826ac2414303d9e30db7fa72c03d1aba2db33256339babdc64df8415581c1d37dc28c6458649e809
SSDEEP

6144:a01Yk7BnS1reexa5IMl7elkTLPHOqwGzKYz5IeF61KAQkvgprf:n1bnSUexa5NjTDuqwGzK0IUpkvgp7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0cedcf5df88dc9d90b6fe93977cfeafe72e5e2c5474d45f97222073f86c75198N

Files

0cedcf5df88dc9d90b6fe93977cfeafe72e5e2c5474d45f97222073f86c75198N
.exe windows:4 windows x86 arch:x86

9b4d31734d51c99dc97e133e31c5dc48

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LockResource
PeekConsoleInputA
InterlockedExchange
WaitForSingleObject
TlsGetValue
GetAtomNameA
GlobalSize
VirtualProtect
ResumeThread
SetLastError
GetSystemTime
LoadLibraryExA
WaitForSingleObject
GetUserDefaultLCID
GetConsoleCP
lstrlenA
LocalLock
GetCommandLineA
GetModuleHandleA
HeapCreate
GetACP

user32

EndPaint
ReleaseDC
GetDC
DrawTextA
GetCursorPos
SetForegroundWindow
GetClassNameA
AnyPopup
BeginPaint
FillRect
GetParent
GetTitleBarInfo
wsprintfA
GetWindow
ShowWindow
GetFocus
CreateIcon
FrameRect
DragDetect

ntshrui

GetLocalPathFromNetResourceA
SetFolderPermissionsForSharing
DllGetClassObject
GetNetResourceFromLocalPathA
DllCanUnloadNow

wshtcpip

WSHIoctl

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 556KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ