4e84fc368642458f22bfa74c2918d97e[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4e84fc368642458f22bfa74c2918d97e.exe
Size

46KB
MD5

4e84fc368642458f22bfa74c2918d97e
SHA1

4ccf77c22350dcea9dd4615b54f177dec08dfe77
SHA256

18b62b6122bb1bf6c987791e833e8dc033fb1812f88a99aeb121d60e1485380e
SHA512

e2724193617b1f3d337d37fd281fc00ddf7a51552ce42223995bdb5d66a479cfde60fc7863044e01b70c1a153dacb7f5ea97c35c77b0d5d33678aa1a2ea2beba
SSDEEP

768:W1e3gMnGHIEnzn8mdn5EeDBSEMW49csSoYzNioH3aT+hCNeELBctxlv:WlusIEnz84n5EeVQW49T3YKT+ke8Bct7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4e84fc368642458f22bfa74c2918d97e.exe

Files

4e84fc368642458f22bfa74c2918d97e.exe
.exe windows:5 windows x86 arch:x86

c448afda81dbded9a08332381c958fa2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteValueA
RegCloseKey
RegQueryValueExA
CryptGetHashParam
CryptReleaseContext
DuplicateTokenEx
CryptCreateHash

shlwapi

SHDeleteKeyA
StrStrW
wnsprintfA
StrCmpNIW
wvnsprintfA
wnsprintfW
PathFileExistsW
StrCmpNIA
PathMatchSpecW
PathRemoveFileSpecW
wvnsprintfW
PathFindFileNameW
PathCombineW

Sections

.ufqh
Size: 36KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.til
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hqh
Size: 5KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ