Malicious_4b79633eacdee0cb1edba0370b56903ec56c92c430694948b45a4a2e0d60bdc5[.]exe

General

Target

Malicious_4b79633eacdee0cb1edba0370b56903ec56c92c430694948b45a4a2e0d60bdc5.exe
Size

60KB
MD5

42be59e8a2ad23dd5fbdfee706c37b24
SHA1

648012826900d40d0d461085d855b1e824dc6dfb
SHA256

4b79633eacdee0cb1edba0370b56903ec56c92c430694948b45a4a2e0d60bdc5
SHA512

52e1a0bca9ca4212bb3905d71de4fbbaa10d3026133d1c1e0a0e28b9095284722a673bd8cea09252dd65e0c5de9ab710062070a46cb18894925e98bf9da650f4
SSDEEP

1536:oqBdNO3BqkeBp9lP+wrTjNYpb9qUfMTblLqd:oqE7eZs9LolLqd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Malicious_4b79633eacdee0cb1edba0370b56903ec56c92c430694948b45a4a2e0d60bdc5.exe

Files

Malicious_4b79633eacdee0cb1edba0370b56903ec56c92c430694948b45a4a2e0d60bdc5.exe
.exe windows x86

bc069fcd9acd2967e9c5bcefddbcf554

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shfolder

SHGetFolderPathA

wininet

InternetGetCookieA

kernel32

LCMapStringA
FlushFileBuffers
IsBadCodePtr
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
CloseHandle
CreateFileA
ReadFile
WriteFile
SetFilePointer
SetEndOfFile
GetPrivateProfileStringA
lstrcpynA
IsBadReadPtr
LoadLibraryA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
UnhandledExceptionFilter
SetHandleCount
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
HeapCreate
VirtualFree
IsBadWritePtr
GetProcAddress
TerminateProcess
GetCurrentProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
SetUnhandledExceptionFilter
GetOEMCP
GetCPInfo
GetStringTypeA
GetStringTypeW
SetStdHandle
GetFileType
LCMapStringW

shlwapi

PathAppendA

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc069fcd9acd2967e9c5bcefddbcf554

Headers

File Characteristics

Imports

shfolder

wininet

kernel32

shlwapi

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 1KB