f4f8bdef1fcc6271e430ac06a14e7fb8[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

f4f8bdef1fcc6271e430ac06a14e7fb8.exe
Size

408KB
MD5

f4f8bdef1fcc6271e430ac06a14e7fb8
SHA1

ee8717fefe44c90cdd41ff52fd3402a565c3986a
SHA256

b2e580936468414e204e9da4fd5c0b2b5719c3a6af5bb2796d29e061cfa872cc
SHA512

601dae6fc4cfc6215aa7ac79d6ad4ca4004d699e576facd03c63a27ef89592739f10b9313b4c2193cc1ad0872d836030208facf1b50a7263a7ba47dccce15478
SSDEEP

6144:IUqmsjhG9pJ8NU8Z1+3iFLs+4MrQLhElL9nZ0p5Vf0Wuk0d4ohXyulBiJ2EE:LajhG9pJmN4e5LIQZ0fVfMHituz02n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f4f8bdef1fcc6271e430ac06a14e7fb8.exe

Files

f4f8bdef1fcc6271e430ac06a14e7fb8.exe
.exe windows:5 windows x86 arch:x86

c60c499092f93ea388f8e4d5b9d84aeb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_SYSTEM
IMAGE_FILE_UP_SYSTEM_ONLY

PDB Paths

U:\demodulator\queue\LMAO\Erasable.pdb

Imports

kernel32

SetStdHandle
CloseHandle
SetFilePointer
IsProcessorFeaturePresent
LCMapStringW
GetStringTypeW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapFree
HeapQueryInformation
HeapSize
HeapReAlloc
RtlUnwind
OutputDebugStringW
WriteConsoleW
OutputDebugStringA
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
MultiByteToWideChar
WriteFile
SetLastError
TlsFree
TlsSetValue
TlsGetValue
CreateFileW
GetCurrentThreadId
GetLastError
HeapCreate
GetStdHandle
GetProcessHeap
ExitProcess
HeapAlloc
GlobalLock
lstrlenA
GlobalUnlock
LoadLibraryW
TlsAlloc
IsBadReadPtr
HeapValidate
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
RaiseException
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
GetCommandLineA
HeapSetInformation
GetStartupInfoW
EnterCriticalSection
LeaveCriticalSection
DecodePointer
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
GetModuleFileNameW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedIncrement
InterlockedDecrement
GetProcAddress
GetModuleHandleW

user32

InvalidateRect
GetWindowRect
GetWindowDC
GetDlgItem
GetCursorInfo
GetCursorPos
WindowFromPoint
GetWindowThreadProcessId
AttachThreadInput
GetCursor
GetWindowTextA
MsgWaitForMultipleObjects
GetSystemMetrics
SystemParametersInfoA
LoadIconA
LoadCursorA
CreateWindowExA
ShowWindow
SendMessageA
SetFocus
IsIconic
SetForegroundWindow
DestroyAcceleratorTable
MapWindowPoints
SetActiveWindow
SendInput
GetUserObjectSecurity
SetUserObjectSecurity
GetForegroundWindow
BringWindowToTop
IsClipboardFormatAvailable
MessageBoxA
OpenClipboard
GetClipboardData
CloseClipboard
LoadMenuA
GetDC
CreateAcceleratorTableA
GetClientRect

gdi32

MoveToEx
LineTo
SaveDC
SetMapMode
SetWindowExtEx
EnumFontsA
CreateCompatibleBitmap
Rectangle

advapi32

GetSecurityDescriptorDacl
GetAclInformation
InitializeAcl
GetAce
AddAce
AddAccessAllowedAceEx
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CreateObjrefMoniker

shlwapi

StrChrA
StrToIntExA
PathFindFileNameA

setupapi

SetupIterateCabinetA
SetupLogErrorA

Exports

Exports

Stop

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 255KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c60c499092f93ea388f8e4d5b9d84aeb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

shlwapi

setupapi

Exports

Exports

Sections

.text Size: 132KB - Virtual size: 131KB

.rdata Size: 255KB - Virtual size: 254KB

.data Size: 14KB - Virtual size: 22KB

.rsrc Size: 5KB - Virtual size: 5KB

.text
Size: 132KB - Virtual size: 131KB

.rdata
Size: 255KB - Virtual size: 254KB

.data
Size: 14KB - Virtual size: 22KB

.rsrc
Size: 5KB - Virtual size: 5KB