d4f9ffc94fef6336445546279a4132ab | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d4f9ffc94fef6336445546279a4132ab
Size

712KB
MD5

d4f9ffc94fef6336445546279a4132ab
SHA1

c44cd7e29645d6b2cb59bc2277a2905ad67e0736
SHA256

1018f3987c2e826a1decd0e9d64e5a7466963aa605ab5b324b2898f1d38c8fb3
SHA512

bb3a0cf4ac6c531053aee84d5ec721b2bc05a9e105c01422b114c8fc1947189fe6e256f475984d2b76f7e47a952869a9953cbd70782b9c9a75f865cfdcc0000e
SSDEEP

12288:pzFcC/SCJtrhuHcAwYwgmC9zxdrEHsOYj8npp7zt8X0MZ:FF1/vIZvXmC9FdEHswpx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4f9ffc94fef6336445546279a4132ab

Files

d4f9ffc94fef6336445546279a4132ab
.exe windows:4 windows x86 arch:x86

622c5ad74f083a7fa07aab59e9c27e10

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetClipboardData

gdi32

LineTo

winmm

midiStreamRestart

winspool.drv

ClosePrinter

advapi32

RegQueryValueA

shell32

Shell_NotifyIconA

ole32

CLSIDFromProgID

oleaut32

VariantClear

comctl32

ImageList_Read

ws2_32

accept

comdlg32

GetSaveFileNameA

Sections

.text
Size: 358KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 353KB - Virtual size: 356KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE