4a9d28852660407ebcce0a84df5edec6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4a9d28852660407ebcce0a84df5edec6
Size

401KB
MD5

4a9d28852660407ebcce0a84df5edec6
SHA1

0136c71ab6801b00f8db9ca36791168f913b6cbe
SHA256

c873f3a42e2b4702936601eb108ac9cc359fc7333cdb3cfef1166968d46137d2
SHA512

324219b77a5efb01cd545982b4e8e3cfaf1443863f1fd5094501e297bd63f283d1171801a53ac30add2206466ec42b0fdcb8910c2a2b390dd9712a56afc322cf
SSDEEP

12288:68AkykY4yv8//4y5/MSLnabz9LEYgwUL1razlsJ:68AkykYd8//Z/xadIBF1ml

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a9d28852660407ebcce0a84df5edec6

Files

4a9d28852660407ebcce0a84df5edec6
.exe windows:5 windows x86 arch:x86

d437a29d0337a57d80a8dc70779ea137

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
MoveFileW
Heap32ListFirst
GetConsoleNlsMode
GetNumberOfConsoleMouseButtons
GetTempPathW
FatalAppExitA
SetConsoleKeyShortcuts
UnmapViewOfFile
OpenFileMappingA
ReadFileScatter
VirtualProtect
Module32Next
WaitForSingleObjectEx
GetCommandLineA
ExitVDM
GetModuleHandleA

user32

SetDlgItemInt
MessageBoxA
BeginDeferWindowPos
Win32PoolAllocationStats
RegisterLogonProcess
IsCharUpperW
ShowStartGlass
SwapMouseButton

gdi32

SetPaletteEntries
EngMultiByteToUnicodeN
GetMetaFileA
GdiEntry2
GetBkMode

advapi32

LsaGetQuotasForAccount
InitializeAcl
LsaStorePrivateData
SystemFunction030
RegQueryValueExW
FindFirstFreeAce
SetServiceStatus
LsaCreateTrustedDomain
LogonUserA

msvcrt

_outpw
longjmp
_Getmonths
strtod
_wspawnl
_getdcwd
_fstat64
_fpreset
__p__environ
__unDNameEx

Sections

.text
Size: 396KB - Virtual size: 396KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 569KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ