p4333546[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

p4333546.exe
Size

21KB
MD5

6174cdbf7754773edd55efb31bbb5543
SHA1

7c470a6e6804bb84246c51863cf11b8a5909e595
SHA256

4a11b2f9d3836dd538916f415c901e5b6da227c6c3a51b5dadd481c9ec21bc62
SHA512

7780b9e8235965b726abd24b8ca4a1862a565971a69976f32bb940fcc93752eb483e0b47e7839ff18d0ad1571a7ccbff3990600acb164d119f3519d7bdb1b4f6
SSDEEP

384:eCli1f2vdVdViTxC06n9RllSNnNgwFI7JWWarW:eCi1+vTdIc0YPeNnNgQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
p4333546.exe

Files

p4333546.exe
.exe windows x64

207f3d1f113deb58d9e4c6aca8e0fa3f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

kernel32

Sleep
HeapSetInformation
LocalFree
GetFileType
WideCharToMultiByte
GetLastError
FormatMessageW
SetThreadUILanguage
GetEnvironmentVariableW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalAlloc
GetConsoleMode

msvcrt

_fileno
_write
_setmode
vswprintf_s
_wcsicmp
memset
_get_osfhandle
__iob_func
fgetpos
wcschr
fwprintf
fflush
memmove
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
iswprint
_wtoi
_vsnwprintf
exit
_vscwprintf

ntdll

RtlVirtualUnwind
RtlCaptureContext
NtWaitForSingleObject
NtCreateFile
RtlUpcaseUnicodeStringToOemString
RtlIpv4StringToAddressW
RtlLookupFunctionEntry
NtDeviceIoControlFile
RtlInitUnicodeString
RtlIpv4AddressToStringW
RtlGUIDFromString
NtClose

ws2_32

ntohl

user32

OemToCharBuffW

mswsock

GetSocketErrorMessageW

iphlpapi

NhGetInterfaceNameFromDeviceGuid

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

207f3d1f113deb58d9e4c6aca8e0fa3f

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

ws2_32

user32

mswsock

iphlpapi

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 86KB

.pdata Size: 512B - Virtual size: 492B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 32B

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 86KB

.pdata
Size: 512B - Virtual size: 492B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 32B