4fb34d2c2cc8f481e0853486d66741f14500e716f795faa99296d00b5c08d3f1

Sharing

Copy URL Twitter E-mail

General

Target

4fb34d2c2cc8f481e0853486d66741f14500e716f795faa99296d00b5c08d3f1
Size

4.4MB
MD5

196e9c977eccd2e57bd6ea68c7e24129
SHA1

430dfd50ea2da08358f189d16e91544ac473eec9
SHA256

4fb34d2c2cc8f481e0853486d66741f14500e716f795faa99296d00b5c08d3f1
SHA512

b25d15413b3d2e732f3c639bdd90117f72382c00e1dee566807346485cb3a2a6c97927b96f81303cd0e8d3694c412a53ebe0d25a6279cb8e6014c36e3ad4a0f8
SSDEEP

98304:fc+aDJyO12O09lDWMPalGyLuNuCCFVuK5LNVxQbuLGU:fLo1zzhBFEK5LNVxCuLGU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4fb34d2c2cc8f481e0853486d66741f14500e716f795faa99296d00b5c08d3f1

Files

4fb34d2c2cc8f481e0853486d66741f14500e716f795faa99296d00b5c08d3f1
.exe windows:5 windows x86 arch:x86

3209584c9efc10801d53f104b28ef4d7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32 kernel32

SetStdHandle ��E

kernel32

GetPrivateProfileIntA
TerminateProcess
GetCurrentProcess
WinExec
lstrcatA
GetModuleFileNameA
ExitProcess
GetCommandLineA
DeleteFileA
Sleep
CreateThread
VirtualAlloc
FreeLibrary
GetProcAddress
LoadLibraryA
VirtualQueryEx
ReadProcessMemory
GetThreadContext
CreateProcessA
CloseHandle
ResumeThread
SetThreadContext
WriteProcessMemory
VirtualProtectEx
VirtualFree
GetModuleHandleA
SetFilePointer
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceA
GetLastError
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
SetStdHandle
MultiByteToWideChar
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadWritePtr
WriteFile
HeapCreate
HeapDestroy
RtlUnwind
GetVersion
HeapFree
HeapReAlloc
HeapAlloc
HeapSize
GetCPInfo
GetACP
GetOEMCP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetEnvironmentVariableA
GetVersionExA

user32

TranslateMessage
GetMessageA
DispatchMessageA

ws2_32

inet_ntoa
closesocket
send
htons
inet_addr
WSAStartup
connect
socket
recv

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.K2game
Size: 480KB - Virtual size: 480KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.K2game
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.K2game
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.K2game
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3209584c9efc10801d53f104b28ef4d7

Headers

File Characteristics

Imports

kernel32 kernel32

kernel32

user32

ws2_32

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

.K2game Size: 480KB - Virtual size: 480KB

.K2game Size: 16KB - Virtual size: 16KB

.K2game Size: 8KB - Virtual size: 8KB

.K2game Size: 4KB - Virtual size: 4KB

.text
Size: 3.9MB - Virtual size: 3.9MB

.K2game
Size: 480KB - Virtual size: 480KB

.K2game
Size: 16KB - Virtual size: 16KB

.K2game
Size: 8KB - Virtual size: 8KB

.K2game
Size: 4KB - Virtual size: 4KB