4f086a5fdf6c3d0b2e6fe42ba16f5846

General

Target

4f086a5fdf6c3d0b2e6fe42ba16f5846
Size

209KB
MD5

4f086a5fdf6c3d0b2e6fe42ba16f5846
SHA1

edbb85e0dbda5fd208c23d4e0eb5a578e4535ac2
SHA256

4ea945759bd82552ee2196e861c6173def8e81862bcd717e627f481213e2f03c
SHA512

3fe23a31bf50fd5f42d7982d268b104dfe1a18a5500e0b30c633d3fcd6639a828533bdb25ecee5cbedaa181fbe116f926d3bf1f55e6a0cf536a1a3ed02fcd741
SSDEEP

3072:ZSu2KbYJuS6Tm9oI4Ysc3NI6V6PRiFJvT6ZZffUVAjGjvs/evGHpYXR/llr68isn:ZFvYJgmj3rAQPvTEFMVOGRGWFTrWOh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4f086a5fdf6c3d0b2e6fe42ba16f5846

Files

4f086a5fdf6c3d0b2e6fe42ba16f5846
.dll windows:1 windows x86 arch:x86

7012f92a99204c3c4280c76245e24fbf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateFileA
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
GetCommandLineA
GetFileAttributesA
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetStringTypeA
GetVersionExA
GetVolumeInformationA
GlobalAlloc
GlobalFree
GlobalReAlloc
LoadLibraryA
MultiByteToWideChar
OutputDebugStringA
ReadFile
SetEndOfFile
SetErrorMode
SetFilePointer
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WideCharToMultiByte
WriteFile

ole32

CLSIDFromProgID
CoCreateInstance
CoInitialize
CoUninitialize
ProgIDFromCLSID

oleaut32

GetActiveObject
SafeArrayCreate
SysAllocStringByteLen
SysFreeString
SysStringByteLen
VariantClear
VariantCopy

user32

CharLowerBuffA
CharNextA
CharUpperBuffA
MessageBoxA

\drake10\ft\layout

LAYOUT
OVRNUM

\drake10\ft\tax3468

F3468

\drake10\ft\daycount

DATECOMPARE

Exports

Exports

CRP038
READ5884B

Sections

.text
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.link
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7012f92a99204c3c4280c76245e24fbf

Headers

File Characteristics

Imports

kernel32

ole32

oleaut32

user32

\drake10\ft\layout

\drake10\ft\tax3468

\drake10\ft\daycount

Exports

Exports

Sections

.text Size: 194KB - Virtual size: 194KB

.data Size: 6KB - Virtual size: 8KB

.link Size: 2KB - Virtual size: 1KB

.rloc Size: 5KB - Virtual size: 5KB

.text
Size: 194KB - Virtual size: 194KB

.data
Size: 6KB - Virtual size: 8KB

.link
Size: 2KB - Virtual size: 1KB

.rloc
Size: 5KB - Virtual size: 5KB