b4bef61bd3040b0791c6f3c72a6c79bb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b4bef61bd3040b0791c6f3c72a6c79bb
Size

330KB
MD5

b4bef61bd3040b0791c6f3c72a6c79bb
SHA1

85677fe4de3f3b14dde72c28a1d2916691198321
SHA256

31eef815c397a7ce78ed20af32a00655bf328ba7f7a1173f9b9ccad4e3f94d8e
SHA512

8d35fb7997e873189f8ec91579a4bb5e324497a11a6c8aae9d63707222d83092c436b14f94f485425edc1214329d8a7464a3ebf3deb08bef8d272c17200f4311
SSDEEP

6144:gYnC3RQdQ6QuFnKfmD7vzj6GXTgR9FBO+hxzVVPSSVoFVrVjxd1awgdGl3:gYcInQuFCmfP6GXchQ+hrYnVB0l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4bef61bd3040b0791c6f3c72a6c79bb

Files

b4bef61bd3040b0791c6f3c72a6c79bb
.exe windows:4 windows x86 arch:x86

528382e4b2e256283f17cc14ebb4ad10

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
SetEvent
GetCommandLineA
GetVersionExW
GetLastError
DeleteCriticalSection
VirtualProtect
CreateMutexA
OpenMutexA
CreateThread
ReleaseMutex
TlsGetValue
FreeConsole
SearchPathA
FindClose
GetTickCount
CloseHandle
SetLastError
GetModuleHandleA
FindResourceExA

advapi32

RegLoadKeyA
RegEnumKeyExA
LsaSetSecret
RegCloseKey
CloseTrace
OpenEventLogA
CloseEventLog
LsaClose
RegCreateKeyExA
LsaFreeMemory
FreeSid
GetFileSecurityA
IsValidSid
EqualSid
RegCloseKey

loghours

DialinHoursDialogEx
DirSyncScheduleDialogEx
DirSyncScheduleDialog
DialinHoursDialog
LogonScheduleDialog

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ