4db99b23d4874326bc077348a72a2be9

Sharing

Copy URL Twitter E-mail

General

Target

4db99b23d4874326bc077348a72a2be9
Size

219KB
MD5

4db99b23d4874326bc077348a72a2be9
SHA1

6aec8c1dde8e286007915f7afb09728ed7c7b924
SHA256

dbc03f972922493bc7437c83bd6bb4e0f64f83c316ac27f5b42ac85b9fde9ea2
SHA512

a6e8821ea1eb9bc5964cab2ad2ac9b0cfabac9d9d2e4ff3f80e83b1e87497d031e8007e6ddda4ef63f8e12f77ce795b58ed7ec396ce238012f09258e7f26468a
SSDEEP

6144:cJuvgU6JS9rhSLzkmHtvb44kPdFKVVKGWJMuNWKz1Kn:cq68rUkSpEV8Krhtzs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4db99b23d4874326bc077348a72a2be9

Files

4db99b23d4874326bc077348a72a2be9
.exe windows:4 windows x86 arch:x86

4a2f9a8e05aba8776436075e2935d125

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

FreeSid
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
GetTokenInformation
RegDeleteValueA
LookupPrivilegeValueA
RegCloseKey
AllocateAndInitializeSid
OpenProcessToken
EqualSid
AdjustTokenPrivileges
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

SetFileAttributesA
SetFileTime
lstrcmpiA
CreateEventA
_lclose
_llseek
GetModuleFileNameA
LocalAlloc
RemoveDirectoryA
SizeofResource
FindNextFileA
GetShortPathNameA
TerminateThread
lstrcpynA
FindFirstFileA
ReadFile
OpenSemaphoreA
SetFilePointer
CreateFileA
lstrcmpA
lstrcpyA
GlobalAlloc
GlobalUnlock
SetEvent
ExpandEnvironmentStringsA
CreateProcessA
DeleteFileA
GetExitCodeProcess
GetVolumeInformationA
GetPrivateProfileIntA
GetProcAddress
ExitProcess
GlobalLock
GetModuleFileNameA
FreeResource
FindResourceA
EnumResourceLanguagesA
GetSystemDirectoryA
GetWindowsDirectoryA
IsDBCSLeadByte
WritePrivateProfileStringA
lstrlenA
LocalFree
GetCommandLineA
LoadResource
LockResource
FormatMessageA
GetTempFileNameA
LocalFileTimeToFileTime
GetFileAttributesA
FreeLibrary
CreateMutexA
GetTempPathA
GetVersionExA
GetPrivateProfileStringA
FindClose
GetDriveTypeA
LoadLibraryExA
GetCurrentProcess
GetCurrentDirectoryA
ResetEvent
GlobalFree
GetSystemInfo
MapViewOfFile
GetModuleHandleA
DosDateTimeToFileTime
lstrcatA
GetDiskFreeSpaceA
GetLastError
GlobalSize
SetCurrentDirectoryA
GetStringTypeExW
_lopen
WriteFile

wintrust

WinVerifyTrust

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

gdiplus

GdipDrawLineI
GdipCreateRegionRect
GdipTranslateRegion
GdipDeleteRegion
GdipFillRegion
GdipSaveImageToFile

ole32

RevokeDragDrop
RegisterDragDrop
OleIsCurrentClipboard
CreateDataCache
DoDragDrop
OleFlushClipboard
OleDuplicateData

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug
Size: 190KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a2f9a8e05aba8776436075e2935d125

Headers

File Characteristics

Imports

advapi32

kernel32

wintrust

version

gdiplus

ole32

Sections

.text Size: 16KB - Virtual size: 16KB

.data Size: 7KB - Virtual size: 10KB

.rsrc Size: 3KB - Virtual size: 3KB

.debug Size: 190KB - Virtual size: 199KB

.text
Size: 16KB - Virtual size: 16KB

.data
Size: 7KB - Virtual size: 10KB

.rsrc
Size: 3KB - Virtual size: 3KB

.debug
Size: 190KB - Virtual size: 199KB