4fc3482a331c7f7ac3a2c39a30c0b8a6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4fc3482a331c7f7ac3a2c39a30c0b8a6
Size

738KB
MD5

4fc3482a331c7f7ac3a2c39a30c0b8a6
SHA1

5a6cc0c70e57b9cc2c0e0f9e0393b0d69353f744
SHA256

6ad45233805d20c99de718af9399607351ec72c7b9616a2c173a1bbe283c750e
SHA512

9e6f7c49c6a87c1b2e4ac3253c9cef558d33ea4aec7d99e6f59f79d85088ce24dc28944cdacb1fa9133f1223ffbb783cd6b9dae48993d2c3cfcc4311977fc9e3
SSDEEP

12288:9lkLjMuEemjcEkohJp23a8imzxJOTqkye5lxfaexVhTmWpFjuPwJwGma:8nMf1wENJpMa8/72gshThFjbJRm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4fc3482a331c7f7ac3a2c39a30c0b8a6

Files

4fc3482a331c7f7ac3a2c39a30c0b8a6
.exe windows:4 windows x86 arch:x86

6b3d2a05aaa024c0880099a6d8ea6441

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetCurrentProcessId
InterlockedExchange
OpenProcess
GetLastError
GetModuleFileNameW
GetProcessId
CreateThread
Sleep
WaitForMultipleObjects

msvcrt

_initterm
_controlfp
_j0
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit

user32

DrawTextW
GetIconInfo
GetSysColor
GetDC
ReleaseDC

newdev

UpdateDriverForPlugAndPlayDevicesW

shlwapi

PathAppendW
UrlCombineW
PathCombineW
UrlGetPartW
UrlApplySchemeW
UrlCanonicalizeW

Sections

.text
Size: 423KB - Virtual size: 423KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 307KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ