049862afdc7954170ee7c951089415d40b8218316bf2cca28988e96c4baa5b81

Sharing

Copy URL

Twitter E-mail

General

Target

049862afdc7954170ee7c951089415d40b8218316bf2cca28988e96c4baa5b81
Size

131KB
MD5

e6ff755ce98b9c3466d1e06e231d2f7c
SHA1

d75b55a9bcaacc6338c0ff30b2130f602456b562
SHA256

049862afdc7954170ee7c951089415d40b8218316bf2cca28988e96c4baa5b81
SHA512

3bd1523155b6431af612bcb1bbc8ba73831f28de7c59ae8ea06f4fd466a5cb1cfa79c9b52cbccc09fcae5bae10a734a6abc1e9e210cfb7b26c52e0f29c3d7500
SSDEEP

3072:9zvFC6GSmPs+n4yhTjdTIfC4rr9XVsFoUPcovm/5Z:9QpPs5yhdozrxX+oUvvA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
049862afdc7954170ee7c951089415d40b8218316bf2cca28988e96c4baa5b81

Files

049862afdc7954170ee7c951089415d40b8218316bf2cca28988e96c4baa5b81
.exe windows x64

8e68ba435c47320d64805c131d79046d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

lstrlenA
GetTickCount
WideCharToMultiByte
MultiByteToWideChar
WritePrivateProfileStringA
Sleep
FindClose
FindFirstFileA
GetLastError
GetCurrentThreadId
CloseHandle
CreateFileA
GetProcAddress
LoadLibraryA
GetPrivateProfileSectionA
SetLastError
TerminateProcess
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
SetStdHandle
GetPrivateProfileIntA
WritePrivateProfileSectionA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DeleteFileA
SetEndOfFile
GetStringTypeA
GetStringTypeW
GetModuleFileNameA
GetLocaleInfoA
HeapSize
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ReadFile
HeapFree
GetProcessHeap
RtlLookupFunctionEntry
RtlUnwindEx
GetSystemTimeAsFileTime
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
RaiseException
RtlPcToFileHeader
HeapAlloc
HeapReAlloc
GetCommandLineA
GetStartupInfoA
LCMapStringA
LCMapStringW
GetCPInfo
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
SetHandleCount
GetStdHandle
GetFileType
GetTimeZoneInformation
GetACP
GetOEMCP
IsValidCodePage
WriteFile
GetConsoleCP
GetConsoleMode
HeapSetInformation
HeapCreate
GetModuleHandleW
ExitProcess

user32

wsprintfA
GetMessageA
TranslateMessage
DispatchMessageA
RegisterClassExA
DefWindowProcA
DestroyWindow
PostQuitMessage
CreateWindowExA
PostMessageA

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

SysFreeString
VariantClear
SysAllocString

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8e68ba435c47320d64805c131d79046d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

Sections

.text Size: 95KB - Virtual size: 94KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 7KB - Virtual size: 15KB

.pdata Size: 5KB - Virtual size: 5KB

.text
Size: 95KB - Virtual size: 94KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 7KB - Virtual size: 15KB

.pdata
Size: 5KB - Virtual size: 5KB