4988bcbde6eb678a9138260c89a1f5d7 | Triage

Sharing

General

Target

4988bcbde6eb678a9138260c89a1f5d7
Size

206KB
MD5

4988bcbde6eb678a9138260c89a1f5d7
SHA1

34d86d325f33b78cdd70cc4bb22c8ae05d83a707
SHA256

5a68235078b827c1113f0a071fb69076a8916adc6bfe19d2e46dc9711ce42919
SHA512

6c1e5b00457b8710a9919713aeba4c84b4af078bb44b17ef84967f75358de12ca4d06fe26344124336a3b536abccc3e51841259e088d3e08102b1656ff36105e
SSDEEP

3072:1evifW8XVVcw35U8qogLK0iIVKkuhz87v2GjzSfi:0v6PbyUgG0z0Xz8P2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4988bcbde6eb678a9138260c89a1f5d7

Files

4988bcbde6eb678a9138260c89a1f5d7
.exe windows:4 windows x86 arch:x86

77674ecd150e430943df185ecdd86aac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiA
GetStartupInfoA
RemoveDirectoryA
DeleteFileW
GetCommandLineA
lstrcmpA
GetOEMCP
SetLastError
GetCurrentThreadId
GetTickCount
lstrcmpiW
MulDiv
GetCurrentProcessId
GetDriveTypeA
GetVersion
Sleep
GetCurrentProcess
GetModuleHandleW
lstrlenW
DeleteFileA
GetConsoleOutputCP
GetWindowsDirectoryA
lstrlenA
GetProcessHeap
GetCommandLineW
CopyFileA
GetThreadLocale
GlobalFindAtomW
LoadLibraryW
GetUserDefaultLangID
GlobalFindAtomA
SetCurrentDirectoryA
GetModuleHandleA
GetLastError
GetACP
GetCurrentThread
QueryPerformanceCounter
IsDebuggerPresent
VirtualAlloc

user32

GetDesktopWindow
CharNextA
GetDC
GetSystemMetrics

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ