cd4b9b91c1a83646c3a39443ce86322433a210d990c482e1453c0ad00fdf43f6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cd4b9b91c1a83646c3a39443ce86322433a210d990c482e1453c0ad00fdf43f6
Size

787KB
MD5

8a09f44e5697ada430c60b4364c6344e
SHA1

029684b22bac4e6eae3c8172a41ca8b152136cce
SHA256

cd4b9b91c1a83646c3a39443ce86322433a210d990c482e1453c0ad00fdf43f6
SHA512

33e74230bbde96f935db1ad4044fb8d4114952c4cefc001b92f4960ac211a1cd8052a923353eb1ec3a77999c07d357619217f6bfcb3fdf8172594c74cd0da3fb
SSDEEP

12288:3lbvz4xCbveFS9gNvz5QqUJ5T64ZT7l+fNhtJEl8WjUeB:VTMxCbvtg1OHJ5W4ZAHWjUW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cd4b9b91c1a83646c3a39443ce86322433a210d990c482e1453c0ad00fdf43f6

Files

cd4b9b91c1a83646c3a39443ce86322433a210d990c482e1453c0ad00fdf43f6
.exe windows:4 windows x86 arch:x86

61c4029dc45dc7ee2a6ce4e8dc0b0770

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Programming\OLDProjects\FG Patcher\Out\PatchLoader.pdb

Imports

kernel32

LockResource
FindResourceA
SetThreadContext
GetModuleHandleA
SizeofResource
lstrcpynA
CloseHandle
WriteProcessMemory
FreeLibrary
ResumeThread
CreateProcessA
LoadResource
TerminateProcess
HeapAlloc
HeapFree
GetProcAddress
VirtualQueryEx
VirtualProtectEx
GetTempFileNameA
GetModuleFileNameA
GetTempPathA
DeleteFileA
lstrcpyA
ExitProcess
HeapReAlloc
CreateFileA
SetFilePointer
lstrlenA
WaitForSingleObject
WriteFile
GetCommandLineA
ReadFile
GetProcessHeap
GetThreadContext
LoadLibraryA

user32

MessageBoxA

comdlg32

GetOpenFileNameA

advapi32

RegQueryValueExA
RegOpenKeyExA

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ