4ed9c5379080e6dae5dd9171b279648a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4ed9c5379080e6dae5dd9171b279648a
Size

21KB
MD5

4ed9c5379080e6dae5dd9171b279648a
SHA1

a3d90fd3c4fe951248ba8e3c5c403f53ab2ffdc9
SHA256

d884ed599f5868b3f1f85ee871959b5c06b0fb865386e8a3d7554466730c8af3
SHA512

8c8b9da56a9ab15c98f51fadda839601db022272b44a4c9f0f19d18504fa72d98122320797975f00163f45a0c8d111fc8d6444579d9cfbabfa1dbf8c424b76f7
SSDEEP

384:WBoUgQp3p7TMtK4Vm9zrCNQakDF5FwVfGXTqu8dQnzYU:KoUgQp3p7gFVm9ze1keVfs8d2Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4ed9c5379080e6dae5dd9171b279648a

Files

4ed9c5379080e6dae5dd9171b279648a
.exe windows:4 windows x86 arch:x86

b7722a916de0f9d088287553b4e7d75c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_BIND
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumCalendarInfoA
MoveFileWithProgressW
GetPrivateProfileStructW
GetProfileIntW
GetPrivateProfileSectionA
ReadConsoleOutputCharacterA
FindFirstChangeNotificationA
WriteProfileStringW
GetCPInfoExA
CreateSemaphoreA

user32

DrawTextA
GetTabbedTextExtentA
RegisterDeviceNotificationA
SetWindowsHookExA
LoadKeyboardLayoutW
GetClassLongA
LoadCursorA
OemToCharBuffW
RemovePropA
RegisterClipboardFormatA

gdi32

GetCharWidthFloatA
GetCharacterPlacementA
GetObjectA
GetMetaFileA
StartDocA
GetKerningPairsW

Sections

.data?
Size: 16KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.icode
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fasm
Size: 1024B - Virtual size: 894B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data?
Size: 1024B - Virtual size: 881B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ