4f3ed982747e8bfd4425337bc3ed3d06 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4f3ed982747e8bfd4425337bc3ed3d06
Size

293KB
MD5

4f3ed982747e8bfd4425337bc3ed3d06
SHA1

157ac076a9e462f67763da1086ba4e210a335636
SHA256

ec79cfe0b2df016db122f5f41108523a6ca820eb083463fcfb5995b985c2bb58
SHA512

7dabcec38e679212fee7d565c6d8d4330c83dc4f05dc5af4a8d756837273f59ce8093702be17984be207610d05586f6f554a02aeba3c74768fbfee584ef5efe6
SSDEEP

6144:jE9O4tnAOYylukvbFqBDG6v7QzrBqcfMl4PzN1eG5E2cq:jjOnAOYk7bFqBy6zQPfMl4PzN1DE2cq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4f3ed982747e8bfd4425337bc3ed3d06

Files

4f3ed982747e8bfd4425337bc3ed3d06
.exe windows:4 windows x86 arch:x86

8af13902667226f60b617fbd1bdd4dd8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleA
GetTimeFormatA
GetConsoleOutputCP
GetAtomNameW
VirtualAlloc
RtlUnwind
GetDateFormatA
SetStdHandle
SetFilePointer
GetACP
TlsGetValue
TlsAlloc
GetLocaleInfoA
EnumResourceNamesA
TlsSetValue
GetOEMCP
EnumSystemCodePagesA
HeapSize
IsValidCodePage
HeapReAlloc
GetCPInfo
MultiByteToWideChar
RaiseException

shell32

SHGetDataFromIDListW
SHGetDesktopFolder
ShellExecuteExW
SHBrowseForFolderW
SHGetSpecialFolderLocation
DragAcceptFiles
ShellExecuteW
SHGetPathFromIDListW
SHGetMalloc
SHAppBarMessage
SHGetFileInfoW
Shell_NotifyIconW

occache

FindControlClose

Sections

.text
Size: 139KB - Virtual size: 262KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ