b4f876ecd9114bde359b5b757fb62140N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b4f876ecd9114bde359b5b757fb62140N.exe
Size

119KB
MD5

b4f876ecd9114bde359b5b757fb62140
SHA1

6b64baee2ecdb27cd7418e1d7f85a092abdafe1c
SHA256

bc53e1b3b15227ecd2ea6410709519ab3e7d97504f0107b67bfe36d3dfe7ded6
SHA512

33fdcf496713bf61f9c999e89a7e9114057b8d928770de1bff9e0a7fbc180e53cfbb42e7500c0100cb7e4f77943bb4336830919287f1b62414a577177567be1f
SSDEEP

3072:aCKCgL8DXnrBVPOPPPMCfT7JoX9djHKcZ79fYyK:le8DXnr/Pk8+JoXxZ7up

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4f876ecd9114bde359b5b757fb62140N.exe

Files

b4f876ecd9114bde359b5b757fb62140N.exe
.exe windows:4 windows x86 arch:x86

5b436d9987ca9c0e1333a08a27502451

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
EnumCalendarInfoW
Process32Next
ChangeTimerQueueTimer
FoldStringW
CreateRemoteThread
QueryPerformanceCounter
GetModuleFileNameA
MoveFileWithProgressW
FreeEnvironmentStringsA
lstrcmp

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE