4ad958283eea59008aa006abe6cab696 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4ad958283eea59008aa006abe6cab696
Size

204KB
MD5

4ad958283eea59008aa006abe6cab696
SHA1

3d952840af528ea8290715f33210e33b4cfda2a3
SHA256

e6869128e85b2f8ece0a073a2a674a90c2a90d7dfb08e9173b6aa56b18ff2a9e
SHA512

6e4e5a802fdfafdc0ced27920ae5098e3cc1a675faeb58b9d79342111fa704bbc01c2588f3799e2dc0eba1b717e36dc612f7d8bac7bd6d47d8482707ccead055
SSDEEP

6144:TgYz13b72YfWeY8Vec3fMl0nwK+N4KxSGieN13/sI:kur72YfA80c3fMOoNFgGiGkI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4ad958283eea59008aa006abe6cab696

Files

4ad958283eea59008aa006abe6cab696
.exe windows:4 windows x86 arch:x86

1dad3ea9dba56c6b711539ced93cf260

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetCommandLineA
OpenThread
GetVolumePathNameA
QueryInformationJobObject
SetInformationJobObject
GetFullPathNameA
DeleteTimerQueueTimer
VirtualAlloc
UnlockFile
FindFirstVolumeMountPointA
CompareStringA
GetCommandLineA
GetProcessShutdownParameters
GetStringTypeExA
SetFilePointerEx
DeviceIoControl
InterlockedExchange
IsBadReadPtr
GetDriveTypeA
ExitProcess
DeviceIoControl
GetModuleHandleA
GetConsoleFontSize
Heap32ListFirst
GetCommandLineA
GetVersionExA
SetThreadIdealProcessor

ws2_32

send

Sections

.itext
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 160KB - Virtual size: 830KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ