PC_Level4_flav[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

PC_Level4_flav.exe
Size

78KB
MD5

43406f7487979e55751d9f8a1174b33c
SHA1

0b9ba306c6861f990d6219dbd815cc2e25262061
SHA256

33ba9f103186b6e52d8d69499512e7fbac9096e7c5278838127488acc3b669a9
SHA512

45f3a3a39b7327eb214d98de29765a7d6867231d43c6f503bf94a18fc4aeaf4c0104871f0b767a8e4d66425be90a713b48090df71fb050614df6456bc741c70d
SSDEEP

1536:EwOHqGRNXOEOuN7LtofSjmnyhdzQ6d5qPui6fczZarixQWbekFLyO2X0negdrVJK:oi7fSSnySRLyvHgdVJr2R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PC_Level4_flav.exe

Files

PC_Level4_flav.exe
.exe windows:5 windows x86 arch:x86

7482812627dadeca3b20e2854f00988d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey

user32

DefWindowProcW
ShowWindow
CreateWindowExW
RegisterClassW
LoadCursorW
LoadIconW
UnregisterClassW
CloseWindow
DispatchMessageW
TranslateMessage
PeekMessageW
GetCursorPos
UpdateWindow

msvcrt

?terminate@@YAXXZ
_controlfp
__setusermatherr
_amsg_exit
_cexit
__getmainargs
_ismbblead
memcmp
_wcsrev
_CxxThrowException
??2@YAPAXI@Z
??3@YAXPAX@Z
strcmp
calloc
realloc
sprintf
wcsstr
malloc
strcpy
_wstati64
_wfopen
fseek
fwrite
fflush
_initterm
memmove
strncpy
memcpy
wcslen
wcscpy
memset
isdigit
strstr
free
srand
rand
_wcsicmp
_snwprintf
wcsncpy
strtoul
time
localtime
strlen
_except_handler3
strchr
_vsnprintf
_vsnwprintf
__CxxFrameHandler
??1type_info@@UAE@XZ
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_exit
__p__commode
_adjust_fdiv
_acmdln
exit
fclose
_XcptFilter
__p__fmode

ntdll

RtlUnwind

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
InterlockedExchange
ResumeThread
SetThreadPriority
ReadProcessMemory
InterlockedCompareExchange
SetEnvironmentVariableW
GetExitCodeThread
DuplicateHandle
CreateThread
TlsGetValue
TlsSetValue
QueueUserAPC
SetEvent
ResetEvent
TlsAlloc
InterlockedIncrement
InterlockedDecrement
TlsFree
CreateEventA
DeviceIoControl
CreateFileA
WideCharToMultiByte
VirtualFree
GetThreadTimes
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceExW
GlobalMemoryStatus
GetTickCount
QueryPerformanceCounter
GetCurrentThread
TerminateThread
MultiByteToWideChar
SetLastError
GetSystemTimeAsFileTime
WaitForSingleObject
SetErrorMode
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetVersionExA
GetModuleFileNameW
LoadLibraryW
MoveFileW
FreeLibrary
DeleteFileW
CreateProcessW
CloseHandle
GetTempPathW
GetTempFileNameW
CreateFileW
WriteFile
GetLastError
LoadLibraryA
GetModuleHandleA
GetCurrentProcess
Sleep
GetVersion
GetProcAddress
VirtualAlloc

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7482812627dadeca3b20e2854f00988d

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

user32

msvcrt

ntdll

kernel32

Sections

.text Size: 63KB - Virtual size: 62KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 5KB - Virtual size: 7KB

.rsrc Size: 1024B - Virtual size: 976B

.text
Size: 63KB - Virtual size: 62KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 5KB - Virtual size: 7KB

.rsrc
Size: 1024B - Virtual size: 976B