4e638d78cadb79f3fcaa1e3969b6ba54

General

Target

4e638d78cadb79f3fcaa1e3969b6ba54
Size

224KB
MD5

4e638d78cadb79f3fcaa1e3969b6ba54
SHA1

11b3b062703271561d9f07d00721129e7dc11d9d
SHA256

4fca355ee4e0c0c7c0597b4b6d2458d48abf46058aa861669437c3d20a314c78
SHA512

31fd8b9976a9eaf6c41cd8fef3d8e5febc9e77a5a4c4a0e23bb9b6639734e51bd985f32d1bbc1342c3f10887eafbe1839319931edd13233faf07b08eebe2c5d7
SSDEEP

3072:MN65bDzlF0rbwEa2MRSgRxGyZZmVExK9TkAa0ddtGrXZuCTychO+M8TW0U:M8pfEa2c9xGyE9TkudzsZuC2chBTW0U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

4e638d78cadb79f3fcaa1e3969b6ba54

resource
4e638d78cadb79f3fcaa1e3969b6ba54

Files

4e638d78cadb79f3fcaa1e3969b6ba54
.exe windows:4 windows x86 arch:x86

f2892c399218a22cd2e738791ee4c024

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
GetLastError
CloseHandle
VirtualFree
Sleep
VirtualAlloc
ReleaseSemaphore
OpenMutexA
GetExitCodeThread
SuspendThread
ReleaseMutex
lstrcpyA
VirtualProtect
LoadLibraryA
GetEnvironmentStrings
GetProcAddress
GetModuleHandleA
ResetEvent
IsBadCodePtr
GetPriorityClass
GetModuleFileNameA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
HeapSize
VirtualQuery
InterlockedExchange
RtlUnwind
HeapReAlloc
HeapAlloc
GetCPInfo
GetOEMCP
GetACP
HeapFree
GetSystemInfo
HeapCreate
HeapDestroy
GetFileType
GetStartupInfoA
GetCommandLineA
GetVersionExA
ExitProcess
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount

user32

SetCursor
OpenIcon
InSendMessage
DestroyWindow
PostMessageA
GetLastActivePopup
LoadCursorA
GetDesktopWindow
GetDC
GetCursorPos
ShowWindow
SetTimer
ReleaseDC
CreateIcon
GetWindow
IsIconic
SetCursorPos
GetWindowRect

shell32

DuplicateIcon

ole32

CoUninitialize

psapi

EnumProcessModules
GetModuleBaseNameA

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2892c399218a22cd2e738791ee4c024

Headers

File Characteristics

Imports

kernel32

user32

shell32

ole32

psapi

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 36KB - Virtual size: 35KB

.rsrc Size: 156KB - Virtual size: 153KB

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 36KB - Virtual size: 35KB

.rsrc
Size: 156KB - Virtual size: 153KB