4ff49d5301e96abb39170337a977ded0N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4ff49d5301e96abb39170337a977ded0N.exe
Size

737KB
MD5

4ff49d5301e96abb39170337a977ded0
SHA1

c9e321c3fd0c0e3d7e510956f8d64a95d27e0c2b
SHA256

c71c4d161287d9e4d0492c6221824c5e7935645f491dfb5a0b8f24d07d3bdf03
SHA512

765e0578c9470422cf7afd4c48fcdd2045981ce9c1248b39207317c5730077ea1d794969ae622d7a20f223655f8a53cb6d8ecdd530a19d550743ab0f793a77e7
SSDEEP

12288:3NsgJrR9IUfhtxfAHpMuwJS+2z+VU6cckSEQ0A74V/VHnRd1rXmOwGsiKJLAlbnk:3NVhzRhtJAJMub+VlcPSEQRsVtHJahJ9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4ff49d5301e96abb39170337a977ded0N.exe

Files

4ff49d5301e96abb39170337a977ded0N.exe
.exe windows:4 windows x86 arch:x86

e1e8986873b470803015876eb82d32f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

OleUninitialize

comctl32

ImageList_SetIconSize

shell32

Shell_NotifyIconA

Sections

CODE
Size: 712KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE