4e5db1d60676c9b502135e894180d105 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4e5db1d60676c9b502135e894180d105
Size

389KB
MD5

4e5db1d60676c9b502135e894180d105
SHA1

72cfc29c1f7bb23462f695652e3c9eeb4c534c8a
SHA256

8b9e5cd9b03bff18fe001dd77266171777e1f7e2ca752ffb7203cf8ec50e1ce7
SHA512

581197afb3c3655c8af9673a994644e4409311574bc6b4ad167cac3f3cb97314ff0705047c3e8e0a2f8e4fa9c18eb87350c14c578c181e76e832b1e87d679890
SSDEEP

12288:0yYBpbBBCiFqcPH9uqA9TksU3us4YyBsK:0yY7baiFqcPiBs4YzK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4e5db1d60676c9b502135e894180d105

Files

4e5db1d60676c9b502135e894180d105
.exe windows:4 windows x86 arch:x86

633bd83b0ecceee4b9966974d3cf07d3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
TerminateProcess
EnumCalendarInfoExW
GetModuleFileNameA
GetProcAddress
VirtualAlloc
HeapReAlloc
SetFileTime
TlsAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
HeapAlloc
GetTickCount
GetCurrentThreadId
GetCurrentProcess
GetModuleHandleA
LocalHandle
IsValidCodePage
ExitProcess
InterlockedExchange
RtlUnwind
CreateMailslotA
QueryPerformanceCounter
VirtualQuery
LoadLibraryA

advapi32

CryptDuplicateKey
RegDeleteKeyA
RegQueryValueExW
CryptEnumProviderTypesW
GetUserNameA
CryptExportKey
CryptHashData
CryptGenRandom
RegQueryInfoKeyW

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 263KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ