4936a6954ed59700a3c706f9094685ee | Triage

Sharing

General

Target

4936a6954ed59700a3c706f9094685ee
Size

10KB
MD5

4936a6954ed59700a3c706f9094685ee
SHA1

124edd171bfc8a5c7f5fcf2147f6ff43b705bb79
SHA256

e598bcf79618ab6ab58b29b7a7f3e5fc01ce6c7dbefcaa308565d3d9168249fe
SHA512

1ef09ed6a9b22d761981e759fa2089e9c461fda4a46cba66431817bc7b75451d4639e63cd3872a71c3bf123831983590075fc924424833adf0ef491056de32ea
SSDEEP

192:m+daJ4lecnI7gEdR8bRoHSVQxy5Z2WMwWW9fW:mmaJ4lecI0EKNQxyr2jwWW9fW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4936a6954ed59700a3c706f9094685ee

Files

4936a6954ed59700a3c706f9094685ee
.exe windows:5 windows x86 arch:x86

6f72ceadc59d5f0d59d701941421042f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

FreeLibrary
LocalFree
GetProcAddress
lstrlenA
WideCharToMultiByte
lstrcpyW
lstrlenW
GetCommandLineW
FormatMessageW
GetLastError
LoadLibraryW
SetErrorMode
GetModuleHandleW
GetStartupInfoW
LocalAlloc
ExitProcess
RtlUnwind

gdi32

GetStockObject

user32

CreateWindowExW
RegisterClassW
LoadCursorW
DestroyWindow
DefWindowProcW
LoadIconW
wsprintfW
LoadStringW
SetClassLongW
CharNextW
MessageBoxW

imagehlp

ImageDirectoryEntryToData

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ