d498838cea97204648f22090f3f281f0N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d498838cea97204648f22090f3f281f0N.exe
Size

1.0MB
MD5

d498838cea97204648f22090f3f281f0
SHA1

38256e1e88af73eea9fbc3fe79cd6b02eba67c9d
SHA256

5f203227df46050dd68061f79df801da7849fcc7d5b8b8da804eaaa56984c9c9
SHA512

ebe933c71eb03701062842246aa5d51561706bb3cef3f130fd6df7d08abbc19da712a1e1338e0fea14b63289f6a2b2a1b4f4031a9d85f091201b79356446a9b7
SSDEEP

24576:+BtXnF+sKEhhu+1eZg8/+WuRA20xRV7j9XQR4je:+BX+sRhuOeCpjr2b/9fy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d498838cea97204648f22090f3f281f0N.exe

Files

d498838cea97204648f22090f3f281f0N.exe
.exe windows:4 windows x86 arch:x86

720c886028db8a7751d3b002098f0b27

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

urlmon

UrlMkGetSessionOption

shell32

SHGetSpecialFolderLocation

wsock32

WSACleanup

ntdll

NtQueryInformationProcess

rpcrt4

UuidCreateSequential

Sections

CODE
Size: 990KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE