4825f840efb4353937e6a530dffed1c4 | Triage

Sharing

General

Target

4825f840efb4353937e6a530dffed1c4
Size

193KB
MD5

4825f840efb4353937e6a530dffed1c4
SHA1

a8b70913fe7f758071ab706c5a9a5e6733c90222
SHA256

6bdf31639a727d4edf24bdeacb609c377b1239189d90b505a9636a5ab3de6fee
SHA512

5376826159b243e6cf05efedf11a8e36e07f9ceaa1a1132f8ed528bfdd38fcb165e5174f331c5dbeb3eab701eeb7c805c60d9b41f2f84aecbc0bf092437bf747
SSDEEP

6144:rNan8T98FNk1ChCQUmSh6bASmrIvB57i9iNLJTobQ1Ufk1V:sn8paNk+CpQsSDvB2i7Of4V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4825f840efb4353937e6a530dffed1c4

Files

4825f840efb4353937e6a530dffed1c4
.exe windows:4 windows x86 arch:x86

e48b8cd19b01c332a31a0de5d26f283c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualQueryEx
LocalAlloc
GetSystemTimeAsFileTime
lstrlenA
EnumResourceNamesA
CreateProcessA
WideCharToMultiByte
RaiseException
MultiByteToWideChar
OpenFileMappingW
InterlockedExchange

oleacc

LresultFromObject
CreateStdAccessibleObject

ole32

StringFromIID
CoTaskMemFree
ProgIDFromCLSID
StringFromCLSID

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyA
RegDeleteKeyA
RegEnumKeyExA
RegSetValueExA

shell32

SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation

Sections

.text
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ