4f6ace06c9b5e7ce25c70eddd78ec32e

General

Target

4f6ace06c9b5e7ce25c70eddd78ec32e
Size

60KB
MD5

4f6ace06c9b5e7ce25c70eddd78ec32e
SHA1

79072987ba25f0872987971cb9bdf0b475d1b50d
SHA256

fec8d466b54c5628edeef1c9b2fd13f1b2be777ef4bb26e4f9187b9bc0d56510
SHA512

07e1423a1a48b7266bc963d6f964e39c45b01ba0a638ba281dc4157d0eb0ed5598b2955f997cb6116ddd79b62264765d6a615fa23fc04e39bb7ab023787dbde7
SSDEEP

768:QqCWCBoVzB3mC9IBhDcFskul6h4l9DT62sqaUvow+t6oTv:NlwYxukWDq0ouoTv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4f6ace06c9b5e7ce25c70eddd78ec32e

Files

4f6ace06c9b5e7ce25c70eddd78ec32e
.exe windows:4 windows x86 arch:x86

ae02289f523107c6b385174b35003d6c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
CloseHandle
WriteFile
CreateFileA
Process32Next
Process32First
CreateToolhelp32Snapshot
ReadProcessMemory
OpenProcess
Module32Next
TerminateProcess
SetFileAttributesA
Module32First
TerminateThread
ExitThread
GetSystemDirectoryA
GetProcAddress
LoadLibraryA
LCMapStringW
LCMapStringA
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
CreateThread
ExitProcess
GetLocaleInfoA
GetTickCount
GetLastError
Sleep
GetStringTypeA
MultiByteToWideChar
IsBadCodePtr
FlushFileBuffers
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
HeapAlloc
HeapFree
HeapReAlloc
GetCurrentProcess
HeapSize
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
SetFilePointer
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr

user32

BringWindowToTop
keybd_event
SetFocus
VkKeyScanA
FindWindowA
SetForegroundWindow
ShowWindow

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA
GetUserNameA
RegDeleteValueA

ws2_32

closesocket
WSACleanup
socket

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ae02289f523107c6b385174b35003d6c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Sections

.text Size: 36KB - Virtual size: 33KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 16KB - Virtual size: 20KB

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 20KB