4472995da450357c567dca9f4e3276af | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4472995da450357c567dca9f4e3276af
Size

294KB
MD5

4472995da450357c567dca9f4e3276af
SHA1

6d843565deed5867dc4e4229a9ef922d9033a15c
SHA256

813742058c4c210344b170f4f037bacdb4772d890ba3768417975658968a24d1
SHA512

009f2d81fa20c5b2cf4bdb2858525e60a1ea3f1da9507ef4e7b0314d7b7e6cd7a7d0b19aa8da7c1026e75870d6dfe2323ae1744582662ae86c7e3073ccb6a85d
SSDEEP

6144:SiGtsLeAlqNC+5+1PTG/qm/PgCnmUSFMhl4g+M/oI29UKW:pGtsLlt+U1PTEn/iUSFM8g+rI2PW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4472995da450357c567dca9f4e3276af

Files

4472995da450357c567dca9f4e3276af
.exe windows:4 windows x86 arch:x86

2b600198d1b9976888651e77020ca5fa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryW
lstrcatW
CreateFileW
VirtualAllocEx
CloseHandle
WriteFile
GetModuleHandleW
GetProcAddress

user32

GetDC
ReleaseDC
InvalidateRect
BeginPaint
ScrollWindow
EndPaint
PostQuitMessage
DefWindowProcA

gdi32

GetStockObject
SelectObject
GetTextMetricsA
SetBkMode
TextOutA

advapi32

RegCloseKey

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 266KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data2
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ