f4466b28cbc8aa4fbcdc71b335ecce24f21042428007e21d33d2767acdbfa04d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f4466b28cbc8aa4fbcdc71b335ecce24f21042428007e21d33d2767acdbfa04d
Size

4.4MB
MD5

a97630a6476e51482d98f3e5c67ed029
SHA1

6b768b09e796cb07f9952d868468dc81f970f5ab
SHA256

f4466b28cbc8aa4fbcdc71b335ecce24f21042428007e21d33d2767acdbfa04d
SHA512

689d4a1f3e5548163a06a1e400e55b44fc8d444cb86f08c88cb82770c91cb1d3256bd43a2240a224de5fd4132e0d99e77452eaee95d924a95252a61a7cd384c4
SSDEEP

98304:cZshNvXsXIpj8sA16eTVQuEpTbft9fIkpAQ3uudmUlQPot:dvXs4pj8sA1XTShR7Ikpql8QPo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f4466b28cbc8aa4fbcdc71b335ecce24f21042428007e21d33d2767acdbfa04d

Files

f4466b28cbc8aa4fbcdc71b335ecce24f21042428007e21d33d2767acdbfa04d
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z
CoreGetShell
DawnUiGetShell

Sections

Size: 1.3MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 105KB - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 35KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 262KB - Virtual size: 972KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 582KB - Virtual size: 7.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE