4e9d4c1a671ad35d3236d1f61fe003d1

Sharing

Copy URL Twitter E-mail

General

Target

4e9d4c1a671ad35d3236d1f61fe003d1
Size

299KB
MD5

4e9d4c1a671ad35d3236d1f61fe003d1
SHA1

b8fa2a1fe7cac7c879c1f7b501b986f7a4056ac4
SHA256

55a0bd8ec552b69e81500eaf1e02340d754fd684a43e69ae3d16d4b93c6f8706
SHA512

bf7954aaef842f416111bca70dccf4dc046ef482fc701b2fa3a68484c34a54de5659ca7ca7730540e4340115e95d59ee8f2d29bd6139b3169cc1623e735edf02
SSDEEP

6144:kpYbC0scgz4SjBvOBWqwsBjNadA2ym0M2xgXJwdNkFVjU7a1/z:m09gjdO4noNn2yNM5idNkz1r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4e9d4c1a671ad35d3236d1f61fe003d1

Files

4e9d4c1a671ad35d3236d1f61fe003d1
.dll windows:4 windows x86 arch:x86

5210581757fde3878503f0dc8be721a8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

RtlDecompressFragment
RtlCustomCPToUnicodeN
NtRaiseException
NtCancelDeviceWakeupRequest
NtCreateTimer
RtlAcquirePebLock
RtlDestroyAtomTable
RtlCreateUserThread
NtReadVirtualMemory
_ultoa
RtlReleasePebLock
NtFsControlFile
RtlIsValidIndexHandle
memcmp
NtCallbackReturn
DbgPrompt
RtlImageDirectoryEntryToData
NtImpersonateThread
NtWaitForSingleObject
RtlLargeIntegerShiftRight
RtlFindMessage
RtlLargeIntegerToChar
RtlTraceDatabaseFind
RtlIntegerToChar
NtPrivilegeCheck
NtSetInformationFile
NtMapViewOfSection
RtlEqualPrefixSid
_strnicmp
NtCreatePort
NtFilterToken
RtlAreAllAccessesGranted
NtAccessCheck
RtlAnsiStringToUnicodeSize
NtOpenThread
RtlCancelTimer
RtlAcquireResourceExclusive
KiRaiseUserExceptionDispatcher
RtlpNtOpenKey
RtlSetCurrentEnvironment

kernel32

VirtualQuery
EnumCalendarInfoA
SetThreadAffinityMask
EscapeCommFunction
LocalFree
GetDriveTypeA
GetLogicalDrives
GlobalUnlock
GetConsoleHardwareState
RaiseException
InterlockedDecrement
GetDateFormatW
FreeResource
TransmitCommChar
CallNamedPipeW
GetConsoleAliasA
GetConsoleAliasesLengthW
HeapWalk
LocalLock
SetThreadPriorityBoost
UnlockFile
GetProcessWorkingSetSize
EnumSystemLocalesW
VirtualAlloc
MoveFileExW
lstrcmp
EnumResourceLanguagesW
ExitProcess
GetFileAttributesExW
RtlUnwind
GetExitCodeThread
GetVersion
CancelIo
GetConsoleAliasesLengthA

gdi32

GetBitmapDimensionEx
GdiIsMetaPrintDC
GdiGetBatchLimit
FillRgn
TextOutW
GdiConvertFont
SetDIBitsToDevice
GdiConvertDC
GetCharABCWidthsA
GetCharWidth32W
ChoosePixelFormat
LineDDA
GdiConvertBitmap
GetObjectType
DrawEscape
GetTextCharacterExtra
SetBitmapBits
UnrealizeObject
GetPixel
CreateDCW
GetMetaRgn
StrokePath
TextOutA
SelectObject
GdiSetBatchLimit
SetWindowOrgEx

ole32

HGLOBAL_UserUnmarshal
OleGetClipboard
CreateDataAdviseHolder
OleSetClipboard
HBRUSH_UserMarshal
HMETAFILE_UserUnmarshal
CoLockObjectExternal
HWND_UserUnmarshal
StringFromIID
HBITMAP_UserSize
CoGetInstanceFromIStorage
OleMetafilePictFromIconAndLabel
RegisterDragDrop
CoQueryAuthenticationServices
CoGetStandardMarshal
OleCreateLinkToFileEx
CoGetTreatAsClass

user32

TranslateMessageEx
SetForegroundWindow
SetActiveWindow
CreateIconFromResourceEx
TranslateAcceleratorW
MsgWaitForMultipleObjectsEx
DragObject
GetKeyboardType
TabbedTextOutA
OffsetRect
DefFrameProcW
SetClassWord
EnumDesktopsW
SetCaretPos
GetSystemMetrics
SetUserObjectInformationW
GetClipboardData
GetCaretPos
GetInternalWindowPos
OpenDesktopW
TabbedTextOutW
SwitchDesktop
ReplyMessage
CharNextW
CreateDialogIndirectParamAorW
SetProgmanWindow
OemToCharBuffW
DdeGetQualityOfService
GetWindowTextLengthW
CharNextExA

Sections

.text
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 243KB - Virtual size: 664KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5210581757fde3878503f0dc8be721a8

Headers

File Characteristics

Imports

ntdll

kernel32

gdi32

ole32

user32

Sections

.text Size: 47KB - Virtual size: 48KB

.data Size: 243KB - Virtual size: 664KB

.adata Size: 5KB - Virtual size: 8KB

.reloc Size: 3KB - Virtual size: 4KB

.text
Size: 47KB - Virtual size: 48KB

.data
Size: 243KB - Virtual size: 664KB

.adata
Size: 5KB - Virtual size: 8KB

.reloc
Size: 3KB - Virtual size: 4KB