406894752d9bfa9763b7a7dd0ef9f1db | Triage

Sharing

General

Target

406894752d9bfa9763b7a7dd0ef9f1db
Size

28KB
MD5

406894752d9bfa9763b7a7dd0ef9f1db
SHA1

0a0053ef1b4f4f9e727a93492f1566111d5831ba
SHA256

13a845cde600ddd3615f1ec8deb7435af0ba0b9132c8f7d0c0436b2a18313f6e
SHA512

fe073fda141094c343a4bf55a710f2f2b367c80a4b3b1651477472c3d26387012f85d7cb09432ed564d59e6b02adde6fabf740fec55ac13c02c42ba96bd8df16
SSDEEP

768:DBasZ4sERilaQ7OuLg1om10rm2aINfwRlY5atN0P0uy:DBaU4s141omOnF9wRlLN0A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ar4up-358d364e31.exe

Files

406894752d9bfa9763b7a7dd0ef9f1db
.zip
ar4up-358d364e31.exe
.exe windows:4 windows x86 arch:x86

4954408330fa7a8f4372de8648ec9046

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
ExitProcess
Sleep
DeleteFileA
lstrcpyA
lstrcatA
GetWindowsDirectoryA
lstrlenA
GetTempPathA
CreateProcessA
OpenProcess
WinExec
SetFileAttributesA
GetShortPathNameA
GetVersionExA
CopyFileA
VirtualFree
VirtualAlloc
ReadProcessMemory
GetCurrentProcessId
WriteProcessMemory
CreateFileA
SetFilePointer
WriteFile
GetModuleFileNameA
CloseHandle
GetProcAddress
CreateRemoteThread
ResumeThread
SetLastError

user32

wsprintfA
MessageBoxA
CharLowerA

advapi32

RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

shell32

FindExecutableA
ShellExecuteA

msvcrt

_except_handler3
strncpy
malloc
strrchr
??2@YAPAXI@Z
__CxxFrameHandler
??3@YAXPAX@Z
fclose
fprintf
fopen
ftell
fseek
_filbuf
_flsbuf
strstr

wsock32

gethostbyname
recv
WSACleanup
socket
htons
send
WSAStartup
connect
closesocket

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ