4ff18a26a5183f21773b7bd588bbc2f1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4ff18a26a5183f21773b7bd588bbc2f1
Size

60KB
MD5

4ff18a26a5183f21773b7bd588bbc2f1
SHA1

c29765a4ea342c2313d200f0f8c7528b037b2310
SHA256

dd9fc168315b5f075d85714d4b74dc82415754c500e0771092c7b07060699143
SHA512

89cfcf855cf626e1fa4a707a3f692780a2044ba31c1f065b61bd87b695e77756651f6c8b1bfcaf7d9f262be3e903d637dfa4429c86d85f2d367ed5b11a1353cd
SSDEEP

768:Vz3CRiLPI8UNl++hr9FbdwvgbKITHjomxoCf:RiikjNd91dxOITDom6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4ff18a26a5183f21773b7bd588bbc2f1

Files

4ff18a26a5183f21773b7bd588bbc2f1
.exe windows:4 windows x86 arch:x86

0ca003d4fb8b648e0e1994e464c320dc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAddAtomA
GetWindowsDirectoryA
GlobalFindAtomA
WinExec
GetTickCount
CloseHandle
WriteFile
CreateFileA
SetEndOfFile
SetFilePointer
Process32Next
Process32First
CreateToolhelp32Snapshot
GetModuleFileNameA
Thread32First
GetModuleHandleA
DuplicateHandle
OpenProcess
DeviceIoControl
GetLastError
FreeLibrary
GlobalFree
LoadLibraryExA
GlobalAlloc
DeleteFileA
GetSystemDirectoryA
lstrlenA
lstrcpyA
CreateThread
lstrcmpiA
lstrcatA
LoadLibraryA
SetFileAttributesA
GetProcAddress
Sleep
GetCurrentProcess
Thread32Next
TerminateProcess

user32

wsprintfA

advapi32

CreateServiceA
CloseServiceHandle
StartServiceA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
OpenSCManagerA
OpenServiceA

mfc42

ord823
ord825

msvcrt

srand
rand
_strcmpi
strrchr
_strlwr
strcmp

msvcirt

?cout@@3Vostream_withassign@@A
??6ostream@@QAEAAV0@PBD@Z

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE