d4536a689dece5b4c4a6a94e96592e6d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d4536a689dece5b4c4a6a94e96592e6d
Size

92KB
MD5

d4536a689dece5b4c4a6a94e96592e6d
SHA1

3d674712ce7d0eed9e1ea8cf6231a96a56d5b3eb
SHA256

79f2474fe728ecd808282d40668276efe7d6ae7208b8f1fe788b475f863d7efd
SHA512

c1721f6402341b99aedc74db9eafa816ccfa25a8e81c4c980e8ba794c1ef82ff3f7d3da8e1fdceee00be920da5a648276b3d5e7053ab3ffd7c5aef93c81e9017
SSDEEP

1536:RkeSWdtbcwtSVtx94vAw8k/wJVtWplRQmWoaeCpDyM:RkcdKwhvA7JVtWupD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4536a689dece5b4c4a6a94e96592e6d

Files

d4536a689dece5b4c4a6a94e96592e6d
.exe windows:4 windows x86 arch:x86

bbc5ea7ee88076a3406191b1c7ea5e93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
CloseHandle
DeleteVolumeMountPointA
SetThreadExecutionState
SetConsoleCursorInfo
GetConsoleInputWaitHandle
GetLargestConsoleWindowSize
ConvertThreadToFiber
FindFirstVolumeMountPointA
EnumSystemLocalesA
DebugBreak
InitializeCriticalSectionAndSpinCount
FileTimeToLocalFileTime
GetCommProperties
GetCommandLineA
GetStartupInfoA
ExitProcess
SetProcessShutdownParameters
VerifyConsoleIoHandle
TermsrvAppInstallMode
GetPriorityClass
EnumSystemLanguageGroupsA
SetThreadContext
RegisterWaitForSingleObjectEx
GetVolumeInformationA
ExitProcess
GetCommModemStatus
GetCommState
GetDefaultCommConfigA

Sections

WEIJUNLI
Size: 4KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ