4794576b3776b0d3989ff0c06e10fd7c

General

Target

4794576b3776b0d3989ff0c06e10fd7c
Size

216KB
MD5

4794576b3776b0d3989ff0c06e10fd7c
SHA1

5863dcf5340877ef80c1cb3cc8e4385bab1091f8
SHA256

d0acc1fc39d8078a0e6c5d783879d7d17dfa74da230375283f587cdd071bf775
SHA512

c0e6bfe93a623476ae787572f600f378e7cd603109f9261bc9d0da4200f02f7ab42e1f758af53372f0a1c8036c994beb8d079013465d2a2871d8fc860f06d568
SSDEEP

6144:X516TNujPJUhMbNZTLaGpS7wxbndWhUz/:p1SyJUhMJtpS7w9dLz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4794576b3776b0d3989ff0c06e10fd7c

Files

4794576b3776b0d3989ff0c06e10fd7c
.exe windows:5 windows x86 arch:x86

d4dac3f2a61c71e7d5e01e77dc3e74e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntdll

NtLockFile
NtOpenEventPair
NtQueryInformationFile
NtQuerySection
NtCreateTimer
NtQueryInformationThread

imagrend

_LSinh
_Rteps
_LEps
_Wcrtomb
_FDscale
_FDenorm
_Dnorm
_Xbig
_LRteps
_LCosh
_Poly
_Eps

kernel32

ExitProcess
EnterCriticalSection
HeapReAlloc
FindFirstVolumeW
SetLastError
DeleteCriticalSection
LoadLibraryA
SleepEx
VirtualAlloc
GetCurrentThreadId
GetPriorityClass
CloseHandle
GetCurrentProcess
LocalFree
LoadLibraryExW
InterlockedDecrement
RaiseException
GetVersionExW
GetUserDefaultLCID
GetVolumeNameForVolumeMountPointW
TerminateProcess
GlobalAlloc

user32

SetWindowLongW
UnregisterClassA
IsWindowUnicode
SetWindowsHookExW
BeginPaint
GetCursorPos
TranslateAcceleratorW
SetFocus
InsertMenuW
IsWindow
DestroyMenu
CharUpperW
InvalidateRgn
ClientToScreen
DialogBoxParamW
GetWindow
GetSubMenu
PostMessageW
SetMenuItemInfoW
SystemParametersInfoW

gdi32

SelectClipRgn
PatBlt
SetWindowOrgEx
CreateCompatibleDC
GetTextMetricsA
RestoreDC
SelectPalette
EndPage
EnumFontsA
SetBrushOrgEx
GetPixel
GetTextExtentPoint32A

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d4dac3f2a61c71e7d5e01e77dc3e74e2

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

imagrend

kernel32

user32

gdi32

Sections

.text Size: 65KB - Virtual size: 65KB

.data Size: 117KB - Virtual size: 116KB

.rsrc Size: 33KB - Virtual size: 36KB

.text
Size: 65KB - Virtual size: 65KB

.data
Size: 117KB - Virtual size: 116KB

.rsrc
Size: 33KB - Virtual size: 36KB