4ed94c0b9ad16270f3dd81ff8dad4fc0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

4ed94c0b9ad16270f3dd81ff8dad4fc0N.exe
Size

319KB
MD5

4ed94c0b9ad16270f3dd81ff8dad4fc0
SHA1

7377b8d133add18486c000954368be1fd00b1566
SHA256

11bafcc9daeda60a7d8224feb22967c629f8f444cbf4b21319f5362b1495d176
SHA512

8af1b232c79fb22f214568d49a5e752c61c30c125d50d3aa65bde65cc686a3b103178d80e61f414818dfe770dad3d285d5ea201fc82281f09e2bb06e66e410a9
SSDEEP

6144:8E0V7zXw7nng9O8Yv/YDq1qt+V+luVVptOCmspeKKDmWVB9bsI3:8EI7inneOjv/uFYxlBm86maB9bsI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4ed94c0b9ad16270f3dd81ff8dad4fc0N.exe

Files

4ed94c0b9ad16270f3dd81ff8dad4fc0N.exe
.exe windows:4 windows x86 arch:x86

419c0c12c984a06d1033777d07f7b228

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\ztlv\qbjc\ehtjnw\dzep\wlm\lkxhpe.pdb

Imports

advapi32

ReportEventW
CryptSignHashW
RegQueryMultipleValuesW
RegOpenKeyExW
CryptCreateHash
CryptDecrypt
LogonUserA
GetUserNameA
CryptEncrypt
CryptAcquireContextA
CryptEnumProviderTypesW
CryptDuplicateKey

comctl32

InitCommonControlsEx

gdi32

GetLogColorSpaceW
FloodFill
GetTextMetricsA
SelectObject
CreateICA
StartDocA
GetTextColor
DeleteObject
GetDIBColorTable
GetNearestColor
EnableEUDC
SetMetaRgn
GetColorSpace
GetPixelFormat

comdlg32

ChooseColorW
LoadAlterBitmap
FindTextA
PrintDlgA

shell32

ShellExecuteA
ShellExecuteW

user32

PtInRect
CharToOemW
FreeDDElParam
CloseWindowStation
RegisterClassExA
GetClassInfoW
GetMenuState
RegisterClassA
GetProcessWindowStation
MapVirtualKeyW
OemToCharW
MoveWindow

kernel32

SetFilePointer
VirtualProtect
GetStartupInfoW
GetCurrentProcessId
LCMapStringA
GetCurrentProcess
HeapAlloc
HeapSize
CompareStringA
GetStringTypeA
GetUserDefaultLCID
GetStdHandle
InitializeCriticalSection
SetLastError
HeapReAlloc
RtlUnwind
VirtualAlloc
GetDateFormatA
VirtualFree
GetEnvironmentStrings
GetLastError
TlsFree
VirtualQuery
IsBadWritePtr
SetUnhandledExceptionFilter
InterlockedDecrement
HeapFree
SetStdHandle
GetFileType
LeaveCriticalSection
LCMapStringW
GetModuleFileNameA
CloseHandle
SetEnvironmentVariableA
GetVersionExA
SetHandleCount
LoadLibraryA
GetSystemTimeAsFileTime
HeapDestroy
WriteFile
MultiByteToWideChar
GetStartupInfoA
HeapCreate
SetVolumeLabelA
GetTickCount
GetModuleHandleA
IsValidCodePage
InterlockedExchange
QueryPerformanceCounter
GetCommandLineA
CompareStringW
DeleteCriticalSection
TlsAlloc
GetSystemInfo
TerminateProcess
TlsGetValue
WideCharToMultiByte
EnumSystemLocalesA
IsValidLocale
FreeEnvironmentStringsA
GetACP
TlsSetValue
ExitProcess
GetLocaleInfoW
GetCurrentThread
GetEnvironmentStringsW
GetProcAddress
GetCPInfo
OpenMutexA
UnhandledExceptionFilter
FreeEnvironmentStringsW
ReadFile
GetStringTypeW
GetCurrentThreadId
FlushFileBuffers
GetTimeZoneInformation
GetCommandLineW
GetLocaleInfoA
EnterCriticalSection
GetTimeFormatA
GetModuleFileNameW
GetOEMCP
CreateMutexA

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

419c0c12c984a06d1033777d07f7b228

Headers

File Characteristics

PDB Paths

Imports

advapi32

comctl32

gdi32

comdlg32

shell32

user32

kernel32

Sections

.text Size: 180KB - Virtual size: 179KB

.rdata Size: 33KB - Virtual size: 62KB

.data Size: 88KB - Virtual size: 87KB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 180KB - Virtual size: 179KB

.rdata
Size: 33KB - Virtual size: 62KB

.data
Size: 88KB - Virtual size: 87KB

.rsrc
Size: 17KB - Virtual size: 16KB