4ed48676fccbc32e8c29b7138e8705c1

Sharing

Copy URL Twitter E-mail

General

Target

4ed48676fccbc32e8c29b7138e8705c1
Size

2.2MB
MD5

4ed48676fccbc32e8c29b7138e8705c1
SHA1

92659a0e01e31c39c4dbe2461b1e67a87947ea12
SHA256

d3ae007d410eabbd07820ec5a4d5914b5e21b7f492f783839f17dce3e1ea14f7
SHA512

589f15554f9dea6124ee654f2112476270734ff37af2637ec270131e93695e365398a2986923258c36579b21b8405c5db6c18bc67cf0d007580ec8d398f773f0
SSDEEP

49152:jZ/AP9AXtNLrY7MijnyatCXbm2/uRqMeYlHZ9Vw+DQsF:1/QAo7McZCXbm2uTeYTw/E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4ed48676fccbc32e8c29b7138e8705c1

Files

4ed48676fccbc32e8c29b7138e8705c1
.exe windows:4 windows x86 arch:x86

7f44c8872a009447dbccffa4ae45b7d6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeEnvironmentStringsA
DeleteAtom
GetCurrentProcess
GetStringTypeA
GetCurrentThreadId
InterlockedIncrement
WaitForMultipleObjects
TlsSetValue
UnhandledExceptionFilter
SetEnvironmentVariableA
HeapCreate
GetCurrencyFormatA
FreeEnvironmentStringsW
SetLastError
VirtualProtect
IsBadWritePtr
TransmitCommChar
GetLocaleInfoA
TlsGetValue
GetEnvironmentStringsW
LoadLibraryA
GetLocaleInfoW
GlobalAlloc
VirtualAlloc
GetLastError
LeaveCriticalSection
SetConsoleCursorPosition
GetCurrentThread
EnumSystemLocalesA
GetCommandLineW
CreateToolhelp32Snapshot
VirtualQuery
HeapAlloc
GetCurrentProcessId
EnumCalendarInfoW
HeapFree
GetStartupInfoW
TlsFree
GetSystemDirectoryA
MultiByteToWideChar
VirtualProtectEx
GetStartupInfoA
QueryPerformanceCounter
SetHandleCount
GetSystemTimeAsFileTime
GetModuleFileNameW
InterlockedExchange
GetEnvironmentStrings
WriteFile
GetSystemInfo
TerminateProcess
GetUserDefaultLCID
IsValidCodePage
GetModuleHandleA
LCMapStringA
GetFileType
LCMapStringW
ExitProcess
GetStdHandle
DeleteFileA
GetModuleFileNameA
GetCPInfo
GetTimeZoneInformation
WideCharToMultiByte
CompareStringA
TlsAlloc
GetVersionExA
RtlUnwind
GetACP
IsValidLocale
GetStringTypeW
CompareStringW
GetTimeFormatA
GetTickCount
VirtualFree
WritePrivateProfileStructA
DeleteCriticalSection
HeapReAlloc
FindResourceW
LocalUnlock
GetProcAddress
HeapSize
GetVolumeInformationW
GetCommandLineA
InitializeCriticalSection
GetDateFormatA
HeapDestroy
EnterCriticalSection
GetPrivateProfileSectionNamesA
GetOEMCP

advapi32

RegOpenKeyExA
CryptDuplicateKey
CryptSetProviderA
RegEnumKeyExW
RegSetValueExA
CryptSetProviderExA
DuplicateToken
CryptEnumProviderTypesW
CryptVerifySignatureA
CryptDuplicateHash
CryptGetKeyParam
RegConnectRegistryW
CryptCreateHash
GetUserNameA
RegCreateKeyExW
LookupAccountSidW
RegCloseKey
CryptDeriveKey

gdi32

PaintRgn
ResetDCA
SetSystemPaletteUse
BitBlt
GdiPlayJournal
AddFontResourceW
GetSystemPaletteUse
GetMiterLimit
EndPath
CreateDiscardableBitmap
CreateRectRgn
GetPath
BeginPath
CloseFigure
CheckColorsInGamut
ScaleViewportExtEx
OffsetWindowOrgEx
CreateDIBSection
Pie
RemoveFontResourceA

Sections

.text
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.1MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f44c8872a009447dbccffa4ae45b7d6

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

Sections

.text Size: 118KB - Virtual size: 117KB

.rdata Size: 8KB - Virtual size: 28KB

.data Size: 2.1MB - Virtual size: 2.0MB

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: 118KB - Virtual size: 117KB

.rdata
Size: 8KB - Virtual size: 28KB

.data
Size: 2.1MB - Virtual size: 2.0MB

.rsrc
Size: 8KB - Virtual size: 7KB