4e9687fce705b464e0228be66d99bdde66f42befa6cf85ec44b88a763a96d21f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4e9687fce705b464e0228be66d99bdde66f42befa6cf85ec44b88a763a96d21f
Size

320KB
MD5

aa2be91abce5f8886279f9d07309254f
SHA1

8505c5c412899dca284c602a27ab97ac6c225f15
SHA256

4e9687fce705b464e0228be66d99bdde66f42befa6cf85ec44b88a763a96d21f
SHA512

411eb1bb1676bd31ee2d407693b215502cf7caf8069730400b27752886e246dfcd51f31b64a883b502e12cfceea8c3ca269522dc5e67bd77555613908e1da921
SSDEEP

6144:bLXcyVpMHCBZ5mWLI+YMA/TiPEF2RNWUANyC4ByZemOmxTkVlcjb0J4s:scpMif5F6IPEMRkUic6/QYv0JZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4e9687fce705b464e0228be66d99bdde66f42befa6cf85ec44b88a763a96d21f

Files

4e9687fce705b464e0228be66d99bdde66f42befa6cf85ec44b88a763a96d21f
.exe windows:4 windows x86

c96b2f4e5af2e7384b3071b7146a7ce5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

mfc42

ord3729

msvcrt

__set_app_type

user32

EndPaint

gdi32

CreateRoundRectRgn

advapi32

RegEnumKeyExA

shell32

SHGetFolderPathA

comctl32

ImageList_Draw

ole32

CoCreateInstance

olepro32

ord251

oleaut32

GetErrorInfo

urlmon

URLDownloadToFileA

shlwapi

SHDeleteValueA

version

GetFileVersionInfoSizeA

setupapi

SetupIterateCabinetA

iphlpapi

GetAdaptersInfo

wininet

HttpAddRequestHeadersA

netapi32

Netbios

msimg32

GradientFill

update

drag0n

Sections

.text
Size: 251KB - Virtual size: 948KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE