k4199342[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

k4199342.exe
Size

529KB
MD5

8c230941468b206b8325adfa5773993f
SHA1

e65320317e8f353ece10ad2c05539f2ec69d3305
SHA256

794bc5e1ff780d9932c19df7bda8aaff00ff56aa8e021573381ff2279c308a00
SHA512

e29f1a1ee5a98c855514f2970949d9e373406733ad381da05f2f9ae13f97b438acbde7f37ee0249bb6e866f4f0f8144c3cefe887f12118dc07949ab3df9979db
SSDEEP

12288:boRnlHCviICSVtg0wBW3iFt4ONq30/4St2NBd0JoLdaoi9Bbk:bSnlHCvBbVTb34k30/8dRi9

Score

1^/10

Malware Config

Signatures

Files

k4199342.exe
.exe windows x86

8da5973a84d0980eaf40ac16e606fbd5

Code Sign

33:00:00:04:10:f2:6e:0e:c6:06:d3:8b:73:00:00:00:00:04:10
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

24:53:bf:46:b3:11:20:09:87:79:9d:91:d1:39:65:00:95:83:d1:53:af:c4:f3:fa:2b:32:5b:f1:bc:80:3a:f6
Signer

Actual PE Digest

24:53:bf:46:b3:11:20:09:87:79:9d:91:d1:39:65:00:95:83:d1:53:af:c4:f3:fa:2b:32:5b:f1:bc:80:3a:f6

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
WaitForSingleObject
CreateThread
lstrlenW
VirtualProtect
GetProcAddress
LoadLibraryA
VirtualAlloc
GetLastError
CreateMutexW
FreeConsole
GetModuleHandleA
GetCommandLineA
SetUnhandledExceptionFilter
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
RtlUnwind
HeapSize
GetLocaleInfoA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fpQV9h
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8da5973a84d0980eaf40ac16e606fbd5

Code Sign

33:00:00:04:10:f2:6e:0e:c6:06:d3:8b:73:00:00:00:00:04:10Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

24:53:bf:46:b3:11:20:09:87:79:9d:91:d1:39:65:00:95:83:d1:53:af:c4:f3:fa:2b:32:5b:f1:bc:80:3a:f6Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 30KB - Virtual size: 29KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 14KB - Virtual size: 17KB

.fpQV9h Size: 7KB - Virtual size: 7KB

33:00:00:04:10:f2:6e:0e:c6:06:d3:8b:73:00:00:00:00:04:10
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

24:53:bf:46:b3:11:20:09:87:79:9d:91:d1:39:65:00:95:83:d1:53:af:c4:f3:fa:2b:32:5b:f1:bc:80:3a:f6
Signer

.text
Size: 30KB - Virtual size: 29KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 14KB - Virtual size: 17KB

.fpQV9h
Size: 7KB - Virtual size: 7KB