49f004c83143f6584cf815787212108f5e073085fad0691926ad489bb8a5c89f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

49f004c83143f6584cf815787212108f5e073085fad0691926ad489bb8a5c89f
Size

3.8MB
MD5

2957f1a3f14d142083a96f410f0bad07
SHA1

67a3f289b75bd71afb7b7dbd82253d46bd1ad604
SHA256

49f004c83143f6584cf815787212108f5e073085fad0691926ad489bb8a5c89f
SHA512

a8e9fd1c1cdc11264433233e7bbc29e8a11af1ee7059bee407c48306853f9437848546a5025aa75c91e668ee9a5df1ddff9e5bcb274d93a2389b14f8b94bf806
SSDEEP

49152:7Kx2ntkJxjxlLWX5WyMAEUlr4k3zTcyLDZBjqeliEE/L0oHNT3+aS0VpWwsi3iqh:7KYntk/xsT4kjf9lMEUpaMC+iqzFj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49f004c83143f6584cf815787212108f5e073085fad0691926ad489bb8a5c89f

Files

49f004c83143f6584cf815787212108f5e073085fad0691926ad489bb8a5c89f
.exe windows x86

91188fa717ed3d2f8cfcfc2da9906a61

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

msimg32

AlphaBlend

ole32

IsEqualGUID

comctl32

FlatSB_SetScrollPos

imm32

ImmSetCompositionWindow

winspool.drv

WritePrinter

shell32

ShellExecuteExA

wininet

InternetSetOptionA

urlmon

URLDownloadToFileA

comdlg32

PrintDlgA

winmm

timeGetTime

Sections

CODE
Size: 3.8MB - Virtual size: 12.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE