4f15d4fadbf2a3342b7004d891366ae3

General

Target

4f15d4fadbf2a3342b7004d891366ae3
Size

316KB
MD5

4f15d4fadbf2a3342b7004d891366ae3
SHA1

ea56a8d0b5302ea9580c35bfc643d0af8f9b305b
SHA256

11dde574adce1c8ec99cb0c05772eba6077e206b8b39a173efe13ebfe007a54c
SHA512

b5b4ae9efb17295f337850b5bbb0c9a37f95f5d10a676a9a49f9ae298b6d06f7bf5fa21702ff4f147a662b7082b9910031cb8ba192055b305dca95ffe3398a71
SSDEEP

6144:IeeNvVM6B9GyRYEKF0f2t6b+vClRHUcivtJOkRGP07ByaB22U9F/PE:IeeNvVM6B0yaEKFZt6KqlKRvtJOkRGmh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4f15d4fadbf2a3342b7004d891366ae3

Files

4f15d4fadbf2a3342b7004d891366ae3
.exe windows:4 windows x86 arch:x86

ab590ecf413694e9890cecf83ff96919

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedExchange
GetLastError
VirtualAlloc
CloseHandle
LoadLibraryA
GetTickCount
ResetEvent
VirtualUnlock
CreateMutexA
VirtualProtect
GetProcAddress
VirtualQuery
GetSystemInfo
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
DebugBreak
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
InterlockedIncrement
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
ExitProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
HeapFree
VirtualFree
RtlUnwind
IsBadWritePtr
IsBadReadPtr
HeapValidate
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
HeapReAlloc
FlushFileBuffers
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
RaiseException
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA

user32

PeekMessageA
SetActiveWindow
FindWindowA
GetFocus
TranslateMessage

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gdata
Size: 216KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab590ecf413694e9890cecf83ff96919

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 64KB - Virtual size: 60KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 8KB

.gdata Size: 216KB - Virtual size: 1.9MB

.rsrc Size: 20KB - Virtual size: 17KB

.text
Size: 64KB - Virtual size: 60KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 8KB

.gdata
Size: 216KB - Virtual size: 1.9MB

.rsrc
Size: 20KB - Virtual size: 17KB