a4b5d0475e82f410131406b4375ce765

General

Target

a4b5d0475e82f410131406b4375ce765
Size

12.3MB
MD5

a4b5d0475e82f410131406b4375ce765
SHA1

ae818f7a9aed52f2b9635001713d47ae9380ce78
SHA256

54f7a33c7d121a2b39c2733395d2e35499eeede1f62ce6a9243860abb86dbe45
SHA512

e547bca43ddb075561ca384ca3d1e2dbb42714233d646356c3a1c1a51cd49382ef37cd3ec6b9d1da50e60b86598751279de20ce8416e005d2d0283b1277e0f64
SSDEEP

3072:NBNNm2WHTcSiiLtq/Wpy2WefWpsDEFVTqyY+A27C9mv3epNGkZwM:Tczq/UfbUVTqr2W9mv7cT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a4b5d0475e82f410131406b4375ce765

Files

a4b5d0475e82f410131406b4375ce765
.exe windows:5 windows x86 arch:x86

44662327cb691d373b4efd71fd479c08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
ExpandEnvironmentStringsA
WriteFile
FindActCtxSectionStringA
GetCommandLineA
CreateActCtxW
GetProcessTimes
LoadLibraryW
SetCommConfig
SizeofResource
GetStringTypeExW
TerminateProcess
ReleaseActCtx
GetProcAddress
GetLongPathNameA
RegisterWaitForSingleObject
GetProcessWorkingSetSize
LocalAlloc
CreateEventW
GetDefaultCommConfigA
lstrcatW
GetProcessAffinityMask
VirtualProtect
DeleteFileW
GetConsoleSelectionInfo
GetTickCount
SetEvent
GlobalLock
_lwrite
SetEndOfFile
VirtualQuery
GetNumaHighestNodeNumber
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DecodePointer
EncodePointer
GetLastError
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
HeapFree
CloseHandle
IsProcessorFeaturePresent
SetFilePointer
GetStdHandle
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsSetValue
GetModuleHandleW
SetLastError
GetCurrentThreadId
Sleep
WriteConsoleW
MultiByteToWideChar
SetStdHandle
FlushFileBuffers
ExitProcess
RtlUnwind
LCMapStringW
GetStringTypeW
HeapAlloc
CreateFileW
GetModuleFileNameW
RaiseException

advapi32

RegDeleteValueA
ImpersonateNamedPipeClient

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12.1MB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44662327cb691d373b4efd71fd479c08

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 116KB - Virtual size: 116KB

.data Size: 45KB - Virtual size: 5.1MB

.rsrc Size: 60KB - Virtual size: 60KB

.reloc Size: 12.1MB - Virtual size: 17KB

.text
Size: 116KB - Virtual size: 116KB

.data
Size: 45KB - Virtual size: 5.1MB

.rsrc
Size: 60KB - Virtual size: 60KB

.reloc
Size: 12.1MB - Virtual size: 17KB