4d99c44aebef401cb98f281f4621fb1e

Sharing

Copy URL

Twitter E-mail

General

Target

4d99c44aebef401cb98f281f4621fb1e
Size

1024KB
MD5

4d99c44aebef401cb98f281f4621fb1e
SHA1

227610c3a2c8bc8e861e8af039333b21c67317dd
SHA256

e1122422b16a08f3ea2679160badb5477e75a69c2745cb6cd9a497fcba68a16c
SHA512

1950478f717591309fd7bde2a8ad1624d9a418914eebdaf7b9c0b6b92adc8c98625bbc0aa8fa7dfe4775f3d982922ca4ba9dbf46a20e959cac7b6fe2e815f6b8
SSDEEP

24576:yuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuY:J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d99c44aebef401cb98f281f4621fb1e

Files

4d99c44aebef401cb98f281f4621fb1e
.exe windows:5 windows x86 arch:x86

3602696b549083219303b7f1669e0651

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetDefaultCommConfigA
SearchPathW
lstrlenA
SetEndOfFile
CallNamedPipeA
LoadResource
_lwrite
InterlockedDecrement
CompareFileTime
CancelWaitableTimer
ConnectNamedPipe
SetTapeParameters
IsBadReadPtr
SetCommState
GetPriorityClass
Sleep
CopyFileW
GetPrivateProfileStructW
SetSystemTimeAdjustment
GetFileAttributesA
CreateSemaphoreA
lstrcatA
FileTimeToDosDateTime
FreeLibraryAndExitThread
SetLastError
GetProcAddress
SetStdHandle
GetLocalTime
LoadLibraryA
LocalAlloc
BuildCommDCBAndTimeoutsW
SetFileApisToANSI
WaitForMultipleObjects
SetEnvironmentVariableA
GetOEMCP
GetModuleHandleA
lstrcatW
FreeEnvironmentStringsW
EnumResourceNamesA
GetCurrentDirectoryA
FindAtomW
GetProfileSectionW
RaiseException
ExitProcess
HeapAlloc
GetLastError
DeleteFileA
GetStartupInfoW
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
GetModuleHandleW
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
HeapSize
GetCPInfo
GetACP
IsValidCodePage
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW

winhttp

WinHttpCloseHandle

Exports

Exports

_gekkon@4
_gifgeek@8

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 43.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10.6MB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3602696b549083219303b7f1669e0651

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winhttp

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 87KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 5KB - Virtual size: 43.5MB

.rsrc Size: 10.6MB - Virtual size: 12KB

.text
Size: 88KB - Virtual size: 87KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 5KB - Virtual size: 43.5MB

.rsrc
Size: 10.6MB - Virtual size: 12KB