4e5e6fcb83a84d1976bc6ce0355a4f20[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

4e5e6fcb83a84d1976bc6ce0355a4f20.exe
Size

720KB
MD5

4e5e6fcb83a84d1976bc6ce0355a4f20
SHA1

03ed38f5bc74e6fb8a4e0b751c1e79ddfedbbabf
SHA256

04f8b7b563f8c811e87762301b7669febc953ab55f9442a6fa62776432765757
SHA512

137b492f3a4ed96c60e2e5f4c689f487f1962df20d2945921ff178fd9af60ec7e4134b069f00e2614870fce47fb02a175e3239d671597d76328ef63e58b19e3e
SSDEEP

12288:p6BBWGJW6eC85Df97+yXUj7SncCxj8iHGo59S1WQSCtEdFO7YKJf6:p6BQBjlc728jo7S1bl6FbK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4e5e6fcb83a84d1976bc6ce0355a4f20.exe

Files

4e5e6fcb83a84d1976bc6ce0355a4f20.exe
.dll windows:5 windows x64 arch:x64

2ac132bdef9d6210e954b138961999d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

user32

DestroyCaret
GetWindowLongW
GetMessageW
LoadImageW
GetDoubleClickTime
LockWindowUpdate
DrawMenuBar
GetScrollPos
DefWindowProcW

advapi32

DeregisterEventSource
GetSidSubAuthority
InitiateSystemShutdownExW

winspool.drv

GetPrinterDriverDirectoryA

wininet

DeleteUrlCacheEntry

gdi32

GetRandomRgn
FillRgn
GetTextMetricsA
GetTextExtentPointA

secur32

DecryptMessage

msvcrt

fputs
strcmp

kernel32

lstrcpynA
GlobalAddAtomA
GetBinaryTypeW
Module32NextW
LoadLibraryA
FindFirstFileW

Exports

Exports

CreateXmlReader
CreateXmlReaderInputWithEncodingCodePage
CreateXmlReaderInputWithEncodingName
CreateXmlWriter
CreateXmlWriterOutputWithEncodingCodePage
CreateXmlWriterOutputWithEncodingName

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata7
Size: 564KB - Virtual size: 562KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 318B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 318B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ac132bdef9d6210e954b138961999d8

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

winspool.drv

wininet

gdi32

secur32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 45KB

.rdata7 Size: 564KB - Virtual size: 562KB

.data Size: 52KB - Virtual size: 49KB

.pdata Size: 4KB - Virtual size: 312B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 2KB

Size: 4KB - Virtual size: 318B

Size: 4KB - Virtual size: 1KB

Size: 4KB - Virtual size: 1KB

Size: 8KB - Virtual size: 4KB

Size: 4KB - Virtual size: 2KB

Size: 4KB - Virtual size: 132B

Size: 4KB - Virtual size: 1KB

Size: 4KB - Virtual size: 1KB

Size: 4KB - Virtual size: 318B

.text
Size: 48KB - Virtual size: 45KB

.rdata7
Size: 564KB - Virtual size: 562KB

.data
Size: 52KB - Virtual size: 49KB

.pdata
Size: 4KB - Virtual size: 312B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 2KB