4acade3787bea98369a8168defce7eb6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4acade3787bea98369a8168defce7eb6
Size

20KB
MD5

4acade3787bea98369a8168defce7eb6
SHA1

5f6319f4ae619f34e625223dde985debafd55915
SHA256

a555abaae67a80b9d26ba1b8ba336c4a0f563e584774cf558135c489a8dfe990
SHA512

cbbabf7e6239f766930530c51c51d443e3eba292cfaeadaa3f5bf95d4a2c11947a43f1dcfbf16a97892ca42cdc30dad936fc21022e022b45f2a5cfe9a54442f2
SSDEEP

384:CZBacZ9rIHrHAHuSZOnvmntFAZvDUQ3+PT43EpbE6EkWITW:CPaE9rCAHuIGYb4YQu7401l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4acade3787bea98369a8168defce7eb6

Files

4acade3787bea98369a8168defce7eb6
.exe windows:4 windows x86 arch:x86

0d5ce3cd1a0f4123c6a59ff1aafe63fe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
FindResourceA
CompareStringW
FormatMessageA
RaiseException
ResumeThread
GetExitCodeThread
WaitForSingleObject
GetConsoleCP
WriteConsoleW
GetVersionExA
GetEnvironmentStrings
GetStartupInfoA
LCMapStringW
TerminateProcess
LocalFree
HeapFree
DeviceIoControl
DeleteFileA

ole32

CoIsHandlerConnected
OleCreateFromFileEx
OleCreateFromDataEx
CoRegisterPSClsid
OleRegEnumVerbs
CoAddRefServerProcess
OleUninitialize
CoGetPSClsid
CoRegisterSurrogate
OleSaveToStream
OleCreateFromData
CoMarshalInterface
OleSetAutoConvert

msvcrt

_wcsnicmp
__p__commode
_itoa
ftell
free
__set_app_type
_vsnprintf
_exit
_ltoa
_strcmpi
_splitpath
iswctype

advapi32

AddAccessAllowedAce
RegCreateKeyA
SetKernelObjectSecurity
GetKernelObjectSecurity
CopySid
AddAce
GetAce
LookupAccountNameA
OpenSCManagerA
IsValidSid
QueryServiceConfigA

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ