4pDEd[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4pDEd.exe
Size

6.1MB
MD5

75ec9ea6dbc63feb09d784fe849341e2
SHA1

e4a6f0db333a1277f088832cce02605a2e68c0dd
SHA256

ca66a27f42d97aecd084570eedcaa4992c5a2e3ee43f54e091bd2677dead3151
SHA512

cdc2243b624af39f06496b39028d06a4c8e05a4f915cad9cb44c22a99e0866c3d4e834c44ccbf6aad1e6ec8128a45f962166fa63f3704ffe0605dd90db2a3850
SSDEEP

98304:WMzZGV+Oui+QvyEV06DDrGkYExwTtGmfuCp+c8lATKq47Sjx4zRp0+9TnshI:JZGV+OBDZYExwxbHj8lAuqEkx47Tsu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4pDEd.exe

Files

4pDEd.exe
.exe windows:6 windows x64 arch:x64

151704651bd43beb72d2183322088177

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wininet

InternetCloseHandle

kernel32

GetTempPathA
FlsSetValue
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

IsValidSid

msvcp140

?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

vcruntime140

__current_exception

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function

api-ms-win-crt-heap-l1-1-0

_callnewh

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

api-ms-win-crt-filesystem-l1-1-0

_lock_file

api-ms-win-crt-string-l1-1-0

strcmp

api-ms-win-crt-math-l1-1-0

_dclass

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

wtsapi32

WTSSendMessageW

user32

GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

Exports

Exports

p��ۍͬ�J@sd�m ��"�ś�R�}i��ݰ�x��qC��w�/��6$5��i.yQ�y1��p҇:��T/�(E�M�.t�(��2W�tԙ��.��BǓCn��j-��1��B(��}Ώ�,�A��#�ZL�߸İ�Ñ��Ȧ��+�q׈�� pa�+��ݺ7·�?p%�0��P�i��ϼ�I�� H!�Y��g��8��N"��YY� ��JA �i�*�j��Ҩ�ҁ�dObU�tg��F��0񰻄�*�DF�TܿM�xz60<{��&:��%<E#%�x�c=��Ǳl�S��hr@�[g�� ~�0�g��YZ�1��`��_��u>6&8g9% ��7�+��jd8j��k�4j�hÊwX�n|ѳ�� ?�L�5zM��ꛞl~AL�7^.i�� ?g�ԁ z�>y��ө<b��n}�o��}F��.�!zG")�a��`��%ΊuD)�N5�!o�#��|�赙�1��G=�l�;��oNb~�'*tT��ٶ��il�9�/�M��e;}��|�a��G�&��zhx�z��G�� _��|��4ms[��iAr�V_�cj��+S�x�f��VI�ȿ�4|_��=>Da�2[%��#�A�%�X��ԭ��u1��`�K��R2�!8}w�c��V�!Ah%E��3X'rAn��+m�_��. F�s�7M'��q=��^g��ܞ<[C7:�̐{N2��$-0�)��f��~|�}y8L��Evα��9�b�m�9��KY��]�/��8��,T\�0��&/�E���U��\�T8@��Y��]�d��$�.�Z��G��u֘��]:��P��\��>M10��z��)$��{Fx[nQ��So1r��6� �5 � ��"�ފ�p̝O}QtMd�j�MGGd��*� 9�i+��=�)9��F�Ϧ��6�Oƥ!l�i�%��yuK��㭺U��׈;��I��E.�W��a��ⰸC&C;P��#��P1�K&�⣺ � ��:KQ�� R �� A�S�ͱ��ӧ��荔�릚��僗ҽY!;��J�jB�1�%�G��yu��q~�Mg�0�{��ֽ>߈�l�_��5_�(�K�NwF�qMB�vTK�4�7�qg��-��E��oI��sN�w(؈��p��׆��:�(|��`G��Ὅ��%lw`Sl�� NvX��}`d"f:�X�]��Km��S�#.��C}��v��W{+�)��H�<!�-��>\�ڦk�똍�/�K��W�02~"fv)�;*#�TZ�5�©��@��>�Re��#��u��c�pd�o�p(��:K��N�3��{\��TxG/��&�kx�j�/e��ON��i��2��ݡ��J�,�T�}Z\�ʻ`q߇�@�L��"�� ̊�. ��?�/U��4n��cN �S��^�B�@\]q�u��E�c��7e\�m��y��?�d%;�r} n�{�s1�g:5��%��Y�~��uj��ҝ��њ\x�R�`�� 2�O��\�� v�of?�y��&�Nŗ�J��6|�=V�Gq�4ݗ=��n��ϒ$��]��ʔ��`À�*>h._��@�?~�̛�-�b�+�꜁tSt��(��a|L��gg��Ouõ+�4��M��U߇��k�'�e�nݟ�%a53\�`=;�>�J��x��4+��e�9��YWe�d�څFrFJ��*�W�0��l��9_��禵rʛ��)��d�-&�u�1�� U%:E�˖��%1��;��U��pfp�QZ��-�Yb=��=Q-�gaގ��z�!�� ?E`Y_R�dû'q �}R��$�#��ʀdٺ�ͤt`��M��q��PM��u�uB�cN� �E��E��߭�N��D_^�bnf7��E.��n��A�Z�K�S�>�Z-Ú��`~n��`;��F@F �d5\_:h�ATr��Ѯ E~��[�LB`*d�v-��UQ��q�>r챰��*��pg��0�R�x�n��,�x�h��ކ��Tm�,.�ѽ�֧��j��F��<\ӷy5vLˑ�B@j��;ag��8`�/��R�+��_� K��|1�K�>Ht��Ԑ܊K�00�>J��@gv��Y�#;?�m#m��7)!�zLKl��K��fO�<^�h`��4��̙⪑m�~��x�'/��3�D�/mǄ��(�r��{wY)�- �qL�"_m}M�Řs��\-`�kB�V./�i��f ��[،�m��Q�>�g4x#�Aj��ݩmF�у�D��.ZtR�#��W�mp��<�^�m"r��H�mT��W:�R'��7�vW�l��K�i�I �7G|N��5�5ƣw%1'�Yqޑ�r2��/�5�� L�Nɑ��Eq��}|��Q o�D�X;a�j��DPnyXc#��lv*��|��=*��#��ĨR_�Mrǿs/5y�o�v[��K�=��b��t��ͽ�%��Ƴ�� z��q�]j`Q8g;�� 'N��L��v�\>Ўh gaǮ�P�k�.=�:K=�KY.K�šǛ�gH��5��3Yᱻ��V�"be>Dq�7|a��⅝GHT�hl�c1Iu�驪��ҽo��lZ/a�r�c;��?�\�l$��z��_h/�~��H��&�b�4[ف�2'�l_��M4��&8I;=�FTg�m5�)�#�r��+��!�uvI��;9g4��tB%˗2�I��+1;9eE2�`�d�ft��f7��Y�G��h�X��~b�g�ͩy�, �#7�k�#�,��F&Q��H.-w�

Sections

.text
Size: - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wtsigma
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.wtsigma
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

151704651bd43beb72d2183322088177

Headers

DLL Characteristics

File Characteristics

Imports

wininet

kernel32

advapi32

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

wtsapi32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 61KB

.rdata Size: - Virtual size: 1.1MB

.data Size: - Virtual size: 1KB

.pdata Size: - Virtual size: 3KB

.wtsigma Size: - Virtual size: 3.7MB

.wtsigma Size: 6.1MB - Virtual size: 6.1MB

.reloc Size: 512B - Virtual size: 224B

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 61KB

.rdata
Size: - Virtual size: 1.1MB

.data
Size: - Virtual size: 1KB

.pdata
Size: - Virtual size: 3KB

.wtsigma
Size: - Virtual size: 3.7MB

.wtsigma
Size: 6.1MB - Virtual size: 6.1MB

.reloc
Size: 512B - Virtual size: 224B

.rsrc
Size: 512B - Virtual size: 480B