4c5d8de8ba09212e9dfa9106c7ffb97b

General

Target

4c5d8de8ba09212e9dfa9106c7ffb97b
Size

89KB
MD5

4c5d8de8ba09212e9dfa9106c7ffb97b
SHA1

72d7eb1d83e049dcec968294e70230d8bae41946
SHA256

780f2f6d486d66641cbc1539bd5a631f868b4e749be9aced8539ae0a2793c566
SHA512

860f57d617208377e6a3ec6e31ccd1deebc77fcad1a118c4f2595ae009a1844bf0f4eb911ae285a5216cee2bf2efba672ec977fc33b282bc96dfa840a2a82142
SSDEEP

1536:+FftTSgD84zpRD0f8eRPm2wdoIw/SSLTLwv6E4xLbFRT4eSocTsiLT:+FVTSyFAfZR+2wdTw6Ypz5FRT4eSocT1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c5d8de8ba09212e9dfa9106c7ffb97b

Files

4c5d8de8ba09212e9dfa9106c7ffb97b
.dll windows:5 windows x86 arch:x86

a8568b57714f17bea2cb443650a1c951

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDefaultLangID
EnumResourceNamesW
lstrcatA
lstrcpyA
CompareStringW
CreateDirectoryA
CreateDirectoryW
GetLastError
ExpandEnvironmentStringsA
EnumResourceLanguagesW
DisableThreadLibraryCalls
GlobalAlloc
GlobalFree
GetFileAttributesA
GetFileAttributesW
GetSystemDirectoryA
GetSystemDirectoryW
IsBadWritePtr
FindResourceExW
LoadResource
LockResource
GetWindowsDirectoryW
GetWindowsDirectoryA
ExpandEnvironmentStringsW
lstrlenA
lstrlenW
MultiByteToWideChar
GetVersionExA
LoadLibraryA
FreeLibrary
GetProcAddress
lstrcpynW
WideCharToMultiByte

advapi32

SetSecurityDescriptorDacl
SetFileSecurityW
InitializeAcl
GetAce
LookupAccountSidW
AddAccessAllowedAce
RegSetValueExA
RegSetValueExW
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExW
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor

Exports

Exports

SHGetFolderPathA
SHGetFolderPathW

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 474B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a8568b57714f17bea2cb443650a1c951

Headers

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 92B

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 512B - Virtual size: 474B

.text
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 92B

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 512B - Virtual size: 474B