4c44997bf635df19626df041cde00b8e | Triage

Sharing

General

Target

4c44997bf635df19626df041cde00b8e
Size

7KB
MD5

4c44997bf635df19626df041cde00b8e
SHA1

9dbb45cf735d039df77e25fa2c6988b513977187
SHA256

abc1a01239fb5603852a6df6118cd6bd75428da9e51b3a09ab5dbbbaf320e62c
SHA512

b313596039bdd3e1ad68bd2ad3e6d5d28355534eb8927ee9f038a2d03f2a4e79c742887e1264e47455ffdc5c1d6635dc3cac6d592896f12cb14cf4278bfeda96
SSDEEP

192:FdUPxv4lsCFHdm4XO0kVPUhYMHoyBV7FGYMBcH:FdSWsGgykt/M7fFa8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c44997bf635df19626df041cde00b8e

Files

4c44997bf635df19626df041cde00b8e
.exe windows:4 windows x86 arch:x86

eefb4bbb40e39b736e335122a1ca995e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetCurrentProcessId
VirtualAlloc
GetModuleHandleW

psapi

EnumProcesses

Exports

Exports

start2

Sections

.text
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ