641f636f319cd28c064257b38dcfdea5[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

641f636f319cd28c064257b38dcfdea5.exe
Size

178KB
MD5

641f636f319cd28c064257b38dcfdea5
SHA1

2d4ea07fb391c82a8f970f7111ac3501100b5ecb
SHA256

e1cc8a3d299320bd91e9581b01733f5abc6804dec742d1535573ef400a5e7289
SHA512

d8ef216fdafe5bd801872be4f686abdd26962d5f62f8fff4570357ece64958dfa9a65a6324599b00e458dfeaeb24b7ed32144dffce21deef6dc88de5aa7269d2
SSDEEP

3072:sQJ4GHKHcwpA7nS1dFvkIciCDkLPJRu6BGC3k/EC5q3v3Dmd9:BbHKHK72dFvZctDkLXu6FUb43Dmd9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
641f636f319cd28c064257b38dcfdea5.exe

Files

641f636f319cd28c064257b38dcfdea5.exe
.exe windows:4 windows x86 arch:x86

4e7defe24c080da1313bb1c6244ea7ce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyW

user32

GetClassLongA
MessageBoxW

kernel32

LeaveCriticalSection
HeapCreate
GetConsoleMode
InterlockedDecrement
LCMapStringA
GlobalAlloc
GetLastError
WideCharToMultiByte
IsValidLocale
DeleteCriticalSection
FreeEnvironmentStringsW
InterlockedIncrement
GetThreadPriority
TlsFree
GetVersionExA
GetUserDefaultLCID
WriteConsoleA
SetCommTimeouts
FreeEnvironmentStringsA
GetCurrentDirectoryW
GetCurrentProcess
IsDebuggerPresent
VirtualFree
UnhandledExceptionFilter
HeapReAlloc
GetEnvironmentStrings
LCMapStringW
GetStartupInfoA
HeapAlloc
GetModuleFileNameA
RtlUnwind
SetEndOfFile
GetCurrentProcessId
QueryPerformanceCounter
GetProcessHeap
GetStdHandle
GetEnvironmentStringsW
GetCurrentThreadId
WriteFile
TlsGetValue
FlushFileBuffers
LoadLibraryA
GetCPInfo
GetConsoleCP
WriteConsoleW
EnumResourceNamesA
GetACP
GetFullPathNameW
SetHandleCount
SetStdHandle
VirtualAlloc
RaiseException
GetProcAddress
EnterCriticalSection
GetFileType
GetModuleHandleA
IsValidCodePage
GetLocaleInfoW
SetFilePointer
SetUnhandledExceptionFilter
GetStringTypeW
ExitProcess
ExitProcess
HeapFree
HeapSize
GetCommandLineA
CloseHandle
CreateFileA
MultiByteToWideChar
GetModuleFileNameW
EnumSystemLocalesA
InitializeCriticalSection
GetLocaleInfoA
GetSystemTimeAsFileTime
ReadFile
TerminateProcess
TlsAlloc
TlsSetValue
GetTickCount
GetConsoleOutputCP
GetStringTypeA
HeapDestroy
Sleep
SetLastError
GetOEMCP
GetFullPathNameA

shell32

SHFileOperationW
SHCreateDirectoryExW
SHGetFolderPathW

advapi32

RegCloseKey
RegCreateKeyExW
RegSetValueExW

rpcrt4

UuidCreate

ole32

CoUninitialize
CoInitialize
CoCreateGuid
CoCreateInstance
StringFromGUID2
CoSetProxyBlanket

Sections

.text
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e7defe24c080da1313bb1c6244ea7ce

Headers

File Characteristics

Imports

shlwapi

user32

kernel32

shell32

advapi32

rpcrt4

ole32

Sections

.text Size: 145KB - Virtual size: 144KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 28KB - Virtual size: 28KB

.crt Size: 512B - Virtual size: 344KB

.text
Size: 145KB - Virtual size: 144KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 28KB - Virtual size: 28KB

.crt
Size: 512B - Virtual size: 344KB