4bcd11142d5b9f96730715905152a645a1bf487921dd65618c354281512a4ae7

Sharing

Copy URL Twitter E-mail

General

Target

4bcd11142d5b9f96730715905152a645a1bf487921dd65618c354281512a4ae7
Size

89KB
MD5

8b031fce1d0c38d6b4c68d52b2764c7e
SHA1

d9989a46d590ebc792f14aa6fec30560dfe931b1
SHA256

4bcd11142d5b9f96730715905152a645a1bf487921dd65618c354281512a4ae7
SHA512

dbb7fca6a0085c1f596a1459a70e8423297e993fadcc550ab7e6e8f473d5da68d2e8062372685e6663aef70cdc8491b91f1ad6609b9aaa2f13471f82a86565e5
SSDEEP

1536:QDQHNTzyqjUTzsrVTzxXY0GI9Zx+7RHS8myWxVMfCHC04eIFpWCc:QMJyqjUTzsrVfxI0r9ZxSS8cxVMY4Llc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4bcd11142d5b9f96730715905152a645a1bf487921dd65618c354281512a4ae7

Files

4bcd11142d5b9f96730715905152a645a1bf487921dd65618c354281512a4ae7
.exe windows:5 windows x64 arch:x64

e31c53b3220a7e4ba1efe5440107d17f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCurrentProcessId
LocalFree
CreateThread
CreateFileA
WriteFile
Sleep
TerminateProcess
ReadFile
lstrlenW
lstrcatW
GetTempPathA
lstrcpyW
DeleteFileA
GetEnvironmentVariableW
HeapAlloc
CloseHandle
GetProcessHeap
GetCurrentProcess
GetLastError
LoadLibraryW
GetFileSize
GetModuleFileNameW
CreateFileW
DeleteFileW
GetStringTypeW
MultiByteToWideChar
LCMapStringW
HeapReAlloc
VirtualProtect
LoadLibraryExA
LocalAlloc
GetProcAddress
GetVersionExW
GetModuleHandleW
WaitForSingleObject
HeapFree
FreeLibrary
IsValidCodePage
GetOEMCP
GetACP
DecodePointer
EncodePointer
GetCommandLineA
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RaiseException
RtlPcToFileHeader
HeapSetInformation
GetVersion
HeapCreate
GetStdHandle
ExitProcess
RtlUnwindEx
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
HeapSize
LeaveCriticalSection
EnterCriticalSection
GetCPInfo

user32

CreateWindowExW
RegisterClassW
SetWindowLongPtrW
DefWindowProcW
LoadIconW

advapi32

GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetTokenInformation

shell32

ShellExecuteW
ShellExecuteExW

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e31c53b3220a7e4ba1efe5440107d17f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 34KB - Virtual size: 34KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 10KB - Virtual size: 22KB

.pdata Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 34KB - Virtual size: 34KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 10KB - Virtual size: 22KB

.pdata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB