4f698fb3c8100837acb42bee30b7b0c362bcf6d3c617880bedc86e1d57c25d11[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

4f698fb3c8100837acb42bee30b7b0c362bcf6d3c617880bedc86e1d57c25d11.exe
Size

147KB
MD5

658ac2968ac81eadbe165cfd2a770c34
SHA1

39d228c2b5d1181abe8bce6a95fe852c8e06a79c
SHA256

4f698fb3c8100837acb42bee30b7b0c362bcf6d3c617880bedc86e1d57c25d11
SHA512

caf647e30fb73fe25e879a83c38d24b9e2453754dabbb3b2c7e885b814c9c06053206cbaae777061c3873fc687de5f15fac5058b8b675c57235cfccc2277a106
SSDEEP

3072:60gp4UGo8MYmB99SrtM0ieiG027bAM8mMu0cM:60c4kzOieR02s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4f698fb3c8100837acb42bee30b7b0c362bcf6d3c617880bedc86e1d57c25d11.exe

Files

4f698fb3c8100837acb42bee30b7b0c362bcf6d3c617880bedc86e1d57c25d11.exe
.exe windows x64

b4a83088f12b4207736dc256f093f9ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

NtQueryInformationProcess
VerSetConditionMask

shlwapi

PathFindFileNameW
StrCatW
StrCpyW
StrStrA
StrCmpIW

kernel32

VerifyVersionInfoW
ReadFile
SizeofResource
VirtualProtect
GetCurrentProcess
WriteFile
VirtualAlloc
CreateNamedPipeW
K32GetModuleFileNameExW
FindResourceA
LocalAlloc
ReadProcessMemory
ResumeThread
GetModuleHandleA
Sleep
GetLastError
LockResource
K32GetModuleInformation
LoadResource
GetThreadContext
GetProcAddress
VirtualAllocEx
CreateProcessW
GetModuleHandleW
FreeLibrary
lstrcmpiA
CreateFileMappingW
MapViewOfFile
SetThreadContext
IsWow64Process
DisconnectNamedPipe
CreateThread
ConnectNamedPipe
ExitProcess
K32EnumProcesses
CloseHandle
GetExitCodeThread
OpenProcess
WaitForSingleObject
TerminateProcess
WriteProcessMemory
LocalFree
GetProcessHeap
HeapAlloc
lstrlenW
HeapFree
K32EnumProcessModules
CreateFileW
GetCurrentProcessId

advapi32

GetSidSubAuthorityCount
AllocateAndInitializeSid
GetSidSubAuthority
SetEntriesInAclW
RegSetValueExW
RegDeleteValueW
LookupPrivilegeValueW
SetSecurityDescriptorDacl
AdjustTokenPrivileges
GetTokenInformation
RegCloseKey
RegDeleteKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetKeySecurity
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
InitializeSecurityDescriptor
OpenProcessToken

shell32

ShellExecuteW

ole32

CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoCreateInstance

oleaut32

SysFreeString
VariantInit
SysAllocString

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b4a83088f12b4207736dc256f093f9ba

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

shlwapi

kernel32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: - Virtual size: 20B

.pdata Size: 512B - Virtual size: 312B

.rsrc Size: 132KB - Virtual size: 132KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: - Virtual size: 20B

.pdata
Size: 512B - Virtual size: 312B

.rsrc
Size: 132KB - Virtual size: 132KB