04279799[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

04279799.exe
Size

438KB
MD5

03baeba6b4224371cca7fa6f95ae61c0
SHA1

8731202d2f954421a37b5c9e01d971131bd515f1
SHA256

61a9e3278b6bcc29a2a0405b06fb2a3bbcb1751c3dd564a8f94cc89ea957ec35
SHA512

386643b0a52b6b1a53e81a8500d040b6415e532ebaffd1be8d1afd4ccb10f6c0342cf734b688ec803b960339284c8d9669e638b1648d9cc734cf7367659c7fd0
SSDEEP

6144:hBGrTx2fgEViq+JoQ9tpecSXFADhKXPEKJRlETLV+PwoVUqwhlKq6yem8lhg:6rLEyptwnX+gXrRlESwKKhlP6yxGh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04279799.exe

Files

04279799.exe
.exe windows x86

d6d92b735b19ebf8f5154df99a6eaf71

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAGetLastError

msvcrt

atol
_initterm
strtoul
strncmp
isxdigit
malloc
bsearch
isdigit
sprintf
_adjust_fdiv
memmove
_except_handler3
free
_ltoa
wcschr
_onexit
_itow
isupper
qsort
_snwprintf
_wcsicmp
wcscmp
strncpy
wcscat
_wcsnicmp
wcslen

oleacc

CreateStdAccessibleObject
LresultFromObject

rpcrt4

NdrClientCall2
RpcBindingFromStringBindingW
RpcRevertToSelf
RpcStringFreeW

wininet

FtpCommandA

kernel32

VirtualAlloc

shlwapi

PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW
PathRemoveExtensionW

shell32

ShellExecuteW
SHGetFileInfoW

Sections

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 896KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 397KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE