4dbd174a63e9fdb456530d82e99aba00 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4dbd174a63e9fdb456530d82e99aba00
Size

173KB
MD5

4dbd174a63e9fdb456530d82e99aba00
SHA1

fbccec756232eedb1e73a1dc7aea89cbd56dbd32
SHA256

7de22570c70dfa63543a7b4d4bf303eb5e56eaaab09e1207c4c4a98c0805e81c
SHA512

011151592d9b988270d6ca8102cd31c69a84c6ae6176a1090941f7896d2fef383a94493b4605a474ac4b0ff0b4764daf34e0a40a6aa87f1da2c8ee4416958035
SSDEEP

3072:ZJukHFUMMnMMMMMX7I7DjIm7ggvfAdSejqdz+1LyQYjmRK9WG9EJ9EwnoJ2qsktR:HdmMMnMMMMMa9gwfISHdbM49WGEEw+2S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4dbd174a63e9fdb456530d82e99aba00

Files

4dbd174a63e9fdb456530d82e99aba00
.exe windows:5 windows x86 arch:x86

25d9138e7ccff4cf50d834ed11b8248d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtAllocateVirtualMemory
NtRequestPort
RtlAddAccessAllowedObjectAce
RtlAdjustPrivilege

rtutils

TraceDumpExA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE