49935fce10f803540c268c0b5[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

49935fce10f803540c268c0b5.exe
Size

293KB
MD5

00cb030d867c2724a163620dc64ade24
SHA1

b04772ca1e23e5ef06c8d2c2c5313a8f10886d07
SHA256

49935fce10f803540c268c0b5013d42120e03b04ac454e939d4841e995a90821
SHA512

b2f2f02abde7fe4d63320d5bb4c141f111f137a92d5d5d940825acb34e2e86a9fd89713d5fd75af40254438432b1fb127326a48f11bc2217e8b0ff4ee83c8160
SSDEEP

6144:YxTNhvxJ6h2fFtOxpp6bTGgiENpHGSpqlTXC1AYklTBSwAOzpd2:4TNh58srOfpAPi0EfCQlTYw/w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49935fce10f803540c268c0b5.exe

Files

49935fce10f803540c268c0b5.exe
.dll windows x86

56465ca5be139aa4e8e3e33ef8a1d938

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoUninitialize

winhttp

WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpOpen
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpSendRequest
WinHttpConnect
WinHttpCrackUrl

advapi32

OpenThreadToken
SetSecurityDescriptorDacl
RevertToSelf
AccessCheck
SetSecurityDescriptorOwner
AllocateAndInitializeSid
ImpersonateSelf
IsValidSecurityDescriptor
OpenProcessToken
FreeSid
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
SetSecurityDescriptorGroup
AddAccessAllowedAce

netapi32

Netbios

kernel32

GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
SetStdHandle
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
HeapSize
GetComputerNameA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
GetSystemFirmwareTable
VirtualProtect
HeapFree
SetLastError
VirtualFree
GetCurrentProcess
WriteFile
VirtualAlloc
CreateMutexA
WaitForSingleObject
LocalAlloc
CreateFileW
UnmapViewOfFile
MultiByteToWideChar
Sleep
GetLastError
OpenMutexA
GetCurrentThread
LoadLibraryA
CloseHandle
GetNativeSystemInfo
CreateThread
HeapAlloc
GetProcAddress
CreateFileMappingA
LocalFree
GetProcessHeap
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
IsBadReadPtr
MapViewOfFile
GetTickCount
WriteConsoleW
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
FindFirstFileExW
RtlUnwind
RaiseException
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapReAlloc
GetStdHandle
GetFileType
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindClose

Sections

.text
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56465ca5be139aa4e8e3e33ef8a1d938

Headers

DLL Characteristics

File Characteristics

Imports

ole32

winhttp

advapi32

netapi32

kernel32

Sections

.text Size: 197KB - Virtual size: 196KB

.rdata Size: 77KB - Virtual size: 76KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 1024B - Virtual size: 816B

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 197KB - Virtual size: 196KB

.rdata
Size: 77KB - Virtual size: 76KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 1024B - Virtual size: 816B

.reloc
Size: 9KB - Virtual size: 8KB