4b56ed3e19bbd8ded6c85cf12c9e3e85 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4b56ed3e19bbd8ded6c85cf12c9e3e85
Size

97KB
MD5

4b56ed3e19bbd8ded6c85cf12c9e3e85
SHA1

ab891428cc79bce756b9cea77094bd33e9cc7ce5
SHA256

ecaeddf400a5c8dd19989e55c1fa5108eee5db6c7b491acb75402453eca1794b
SHA512

a4f9bfe0e5b58c5003cf6460ded3da215a4936b6da5c4402401eaa78d24029c705277f1e52343cfe761b25d72c8f8f5a2a59240b17facd6602626107b65df903
SSDEEP

1536:VJySMRjWQu4LCVqG5z2RgWvo2DBUwrE87tkTp4J2FbwJM5/Aldj+BU8srpFLXK:VJyTj37JG5VWjUh49QbwJM5/ARNFm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b56ed3e19bbd8ded6c85cf12c9e3e85

Files

4b56ed3e19bbd8ded6c85cf12c9e3e85
.exe windows:4 windows x86 arch:x86

384111ce1efc4e7db0d374aadf923ce8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ddraw

DirectDrawCreate
DirectDrawEnumerateA
DirectDrawCreateEx

kernel32

CreateToolhelp32Snapshot
GetCurrentProcessId
Sleep
GetProcAddress
TerminateProcess
GetProcessVersion
LoadLibraryW
LoadLibraryA
InterlockedExchange
GetTickCount
ExitProcess
UnhandledExceptionFilter
InterlockedCompareExchange
GetCurrentProcess
GetModuleHandleA
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetModuleFileNameA
GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoA
GetSystemDirectoryA
HeapSetInformation
FreeLibrary

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ