4df27dd305e904bb3a49a278ce76e5b6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4df27dd305e904bb3a49a278ce76e5b6
Size

186KB
MD5

4df27dd305e904bb3a49a278ce76e5b6
SHA1

e34741600553c68a7533d0e9cd818fb8199934eb
SHA256

b5342cf1af4bade147f2fd29b4c44cdcf3192bec5d3fb7dfb456806cf61ba0b5
SHA512

8127ba5e93f08fe0ff7a73f98ed68009a1f72295f41cd2ff1ec52f9b57fde6cf85d2a110b606eb1bc23c6dbbf655faf7807ae04900e2597dc4d0ed3c8b3e827d
SSDEEP

3072:C4SEMAmZZ7VZqUQRBE+PUswbIs46mc6VuEn813Rw5LlOEnzn6YBPpS8IkRcb:qjNVV4UUK+8swb0c6VudQky6KPNYb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4df27dd305e904bb3a49a278ce76e5b6

Files

4df27dd305e904bb3a49a278ce76e5b6
.exe windows:5 windows x86 arch:x86

5a5f7fe3e503c3240406f98bcafea33f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrToIntA
PathStripPathW

kernel32

LoadLibraryExA
GetModuleHandleA
lstrcmpA

Exports

Exports

?ExpandEnvironmentSampleStringsA@567GPAUHINSTANCE__@@U_COMMPROP@@?F
?ExpandEnvironmentSampleStringsW@567GPAUHINSTANCE__@@U_COMMPROP@@?F
?ZeroAccesA@567GPAUHINSTANCE__@@U_COMMPROP@@?F
?ZeroAccesW@567GPAUHINSTANCE__@@U_COMMPROP@@?F

Sections

.bss
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ