4e588fc1c336e8c453c3a29b30eccf76fd2122f299b643c4197d67f2896dc17c[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

4e588fc1c336e8c453c3a29b30eccf76fd2122f299b643c4197d67f2896dc17c.exe
Size

120KB
MD5

dc3bbfc6e9091a53a317227febc1e4d7
SHA1

080aac5ec1de2bdfb46be09d665d11ef188ad540
SHA256

4e588fc1c336e8c453c3a29b30eccf76fd2122f299b643c4197d67f2896dc17c
SHA512

36e0cbe1744bbbebfdceb73c1ccc17729de4652abf9ff18b75664f2462eabe96b4377059d7e366a396d679512d803c5b44d5f5fceb6ff03b4d72481e15f97ecd
SSDEEP

3072:m9tSR5/g/J/h5uVm9Zi68W/4vphU83q64EX26jMt7Egylk:mWR5/g/J/vzr8WQ/U83JH2UMEgJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4e588fc1c336e8c453c3a29b30eccf76fd2122f299b643c4197d67f2896dc17c.exe

Files

4e588fc1c336e8c453c3a29b30eccf76fd2122f299b643c4197d67f2896dc17c.exe
.exe windows:6 windows x86 arch:x86

2756131450ad813b9aa1211bdb9ce473

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc120u

ord5262
ord10260
ord2444
ord12413
ord12412
ord14448
ord7806
ord14454
ord9279
ord4109
ord4047
ord12818
ord7825
ord1992
ord11858
ord11857
ord14326
ord12402
ord7884
ord14526
ord6251
ord14528
ord6253
ord14527
ord8206
ord992
ord6758
ord3809
ord7542
ord12114
ord8099
ord12126
ord12094
ord5157
ord5454
ord5664
ord9231
ord5430
ord5667
ord5160
ord5316
ord5137
ord7609
ord7610
ord7600
ord5314
ord8101
ord10131
ord9090
ord8601
ord4546
ord12736
ord12799
ord10314
ord12122
ord8268
ord1508
ord6252
ord1467
ord1520
ord1042
ord2204
ord296
ord5019
ord8352
ord5821
ord2367

msvcr120

_cexit
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
?terminate@@YAXXZ
_except_handler4_common
??1type_info@@UAE@XZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
_commode
_fmode
_wcmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_exit
exit
__set_app_type
__wgetmainargs
free
printf
__CxxFrameHandler3
__argc
__wargv
memset
_XcptFilter
__crtGetShowWindowMode
_amsg_exit

kernel32

OutputDebugStringW
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
EncodePointer
DecodePointer
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
GetCurrentProcess
Sleep
CloseHandle
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError

user32

FindWindowExW
GetDesktopWindow
GetClientRect
InvalidateRect
PostMessageW
SendMessageW

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

ole32

CoCreateInstance
CoUninitialize
CoInitialize

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2756131450ad813b9aa1211bdb9ce473

Headers

DLL Characteristics

File Characteristics

Imports

mfc120u

msvcr120

kernel32

user32

advapi32

ole32

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 27KB - Virtual size: 26KB

.reloc Size: 69KB - Virtual size: 72KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 27KB - Virtual size: 26KB

.reloc
Size: 69KB - Virtual size: 72KB