4f336eac6dcb35c95d02374f78829e64d26e0870f9851680f741306d37b408a5 | Triage

Sharing

General

Target

4f336eac6dcb35c95d02374f78829e64d26e0870f9851680f741306d37b408a5
Size

77KB
MD5

3097167476a9e180507d3752dc56fed4
SHA1

7ba73c03d2bc153f4414f17ef89a8cfff7350246
SHA256

4f336eac6dcb35c95d02374f78829e64d26e0870f9851680f741306d37b408a5
SHA512

0af3072b6457107d5002b4b36098e70ae8e365baf0002b4b6de4fbd5f6eb6e698b27def69fc52394bab9de991167cde626ed4cfcf06bff816fe19e7a76eaf7b0
SSDEEP

1536:D1fUytjgJaXV+k3XsTnDfhKDVbtjHC4wupK5tBaYpOIxLKaMkPQ134A:BfUCOb3iB7wlsQQko1v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4f336eac6dcb35c95d02374f78829e64d26e0870f9851680f741306d37b408a5

Files

4f336eac6dcb35c95d02374f78829e64d26e0870f9851680f741306d37b408a5
.exe windows:4 windows x86 arch:x86

8c9f4b0d987bd85b889088831f6faacf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetCurrentProcess
GetVolumeNameForVolumeMountPointA
VirtualProtectEx
ExitProcess

user32

DestroyCaret
GetActiveWindow
GetWindowLongW

Exports

Exports

Rhaherrl
OpenQuoqouc
BeginWxbjrmm

Sections

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ldifew
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.lswsds
Size: 69KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ