0c55b9b81e49dea22ff19372bd3d5496ecb5da67a39a5db7030af0f0b12b37b8 | Triage

Sharing

General

Target

0c55b9b81e49dea22ff19372bd3d5496ecb5da67a39a5db7030af0f0b12b37b8
Size

70KB
MD5

548b445c8ad7fc9533219cd7891903f3
SHA1

6af12462511fb94ba15e3347b3e1296728141389
SHA256

0c55b9b81e49dea22ff19372bd3d5496ecb5da67a39a5db7030af0f0b12b37b8
SHA512

910fec4afdd67a2f9e1f280f55dfb79c63fe36faf3cb023bc04f85700edd689ebd1bcbbbbfb177f8b75a79b41f54620bb20903a7b95de0c5e3e4e293211fba2b
SSDEEP

768:5P9yZnHsBNTdsOu/CaF9cHXuakHfgDa8fxPqYQGPL4vzZq2o9W7GsxBbPr:5P9DTWCtcfgDEzGCq2iW7z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c55b9b81e49dea22ff19372bd3d5496ecb5da67a39a5db7030af0f0b12b37b8

Files

0c55b9b81e49dea22ff19372bd3d5496ecb5da67a39a5db7030af0f0b12b37b8
.exe windows:4 windows x86 arch:x86

f72775fb164ff2d01ffbf674097f07c5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetThreadContext
ReadProcessMemory
VirtualAllocEx
WriteProcessMemory
VirtualProtectEx
SetThreadContext
ResumeThread
WaitForSingleObject
CloseHandle
GetEnvironmentVariableA
TerminateProcess
GetProcessHeap
GetModuleHandleA
CreateProcessA
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
ReadFile
GetFileSize
CreateFileA
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
RtlMoveMemory
ExitProcess
LocalSize

user32

PeekMessageA
GetMessageA
DispatchMessageA
wsprintfA
MessageBoxA
TranslateMessage

msvcrt

calloc
strrchr
_ftol
strchr
atoi
malloc
free

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�w�@�u�
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE