4cd85c88f31dece55d98e23e60fecbcc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4cd85c88f31dece55d98e23e60fecbcc
Size

309KB
MD5

4cd85c88f31dece55d98e23e60fecbcc
SHA1

6de9dcbff69630aa6e7cf3cc22c3e55b5d2a96a2
SHA256

d00542397a5885205e52ee62e791e35c2757c88a0ca55adc74f5cfc1bfb8b358
SHA512

92ee8b1135af1a7ef81d2d14e5e3eb0c68e17899cf83a4d9e229bcbd6e0e0bdd3066b40fec8f6aec01c323202243a5d6aa8795ea2eeee70f12b5f609c339ba0e
SSDEEP

6144:2RXwwFVB4i6DX3s+Orv7t/bGACF8IvUm77SD7P7oWGp9ijh5hnSR:it1aOrvR/SAu8re7SD7Tod9i3SR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4cd85c88f31dece55d98e23e60fecbcc

Files

4cd85c88f31dece55d98e23e60fecbcc
.exe windows:5 windows x86 arch:x86

882e6e612c7dd4a549935e9d946409bb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualQuery
GlobalAlloc
HeapCreate
ExitThread
GetConsoleMode
SetHandleCount
GetDriveTypeW
ResetEvent
GetOEMCP
GlobalLock
ExpandEnvironmentStringsW
LocalAlloc
GetStringTypeW
lstrcpyA
lstrcatA
HeapFree
DeleteCriticalSection
CreateEventW
CreateEventA
lstrcmpW
InterlockedDecrement
GetTimeFormatW
lstrcpynA

ntdll

RtlLengthSid
RtlSetGroupSecurityDescriptor
RtlNormalizeProcessParams
NtDeviceIoControlFile
RtlUnhandledExceptionFilter
RtlSetBits

msvcrt

realloc
__wgetmainargs
rand
_XcptFilter
__p__fmode
__p__commode
fopen
??3@YAXPAX@Z

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ