v749ZVeU[.]4y | Triage

Sharing

Copy URL Twitter E-mail

General

Target

v749ZVeU.4y
Size

1.4MB
MD5

049f82eda31c03066af98866bb3503b2
SHA1

8704f58b3ebd40e32df96638ed0d77586c4dac19
SHA256

5e41dd55790aa692606c51c13eebacf5e389beccd6c0f459bf4a011ac499ae59
SHA512

6d6a0b3bffa00b55021a977220b07b3f848f3dbc88e3ed312a374bb967984285e75fc82ffbb54c1ef142b88ead528abfb789394dfce57ea63c70b5463f7ae200
SSDEEP

24576:rClCcYH4eSGApcn5IQYADXQV8wEJ95e5Ym0FZksYnQ/pYyp7LnGJrl+WiLuM:0vAiqIQYyS8JcWRhYypLnGJr5id

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
v749ZVeU.4y

Files

v749ZVeU.4y
.dll windows x86

cc8cd6f0867d108eb26c8927ab7c6516

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

VarBstrFromR4

wintrust

CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext

crypt32

CryptFindLocalizedName

comdlg32

ReplaceTextA

netapi32

NetGroupGetInfo

rpcrt4

RpcServerUseAllProtseqsIf
RpcAsyncCompleteCall
I_RpcBindingToStaticStringBindingW

gdi32

OffsetClipRgn
PlgBlt
CreateEllipticRgn
SelectClipPath
GetPolyFillMode
SetWindowOrgEx

opengl32

glOrtho

msvcrt

memset
fputs

shlwapi

SHSkipJunction
AssocIsDangerous

clusapi

ClusterRegSetValue

shell32

ExtractAssociatedIconW

kernel32

GetFileSize
ConnectNamedPipe
LockFile
SetConsoleCursorInfo
GetUserDefaultLCID
GetBinaryTypeW
GetModuleFileNameW
GetModuleHandleA
GetModuleFileNameA
RaiseException
GetTempFileNameA
GetTapeParameters
TryEnterCriticalSection

user32

ToAsciiEx
ChangeMenuA
DialogBoxIndirectParamA
GetGUIThreadInfo
GetDlgItem
SetClipboardData
AdjustWindowRect
ActivateKeyboardLayout
MonitorFromRect
VkKeyScanA

ole32

HDC_UserSize
HBITMAP_UserMarshal
OleCreateLinkFromData
OleGetIconOfClass
OleMetafilePictFromIconAndLabel
CoRevertToSelf

advapi32

GetSecurityDescriptorControl
SetSecurityDescriptorSacl
RegQueryValueA
CryptSetProvParam

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CODE
Size: 676KB - Virtual size: 672KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt1
Size: 284KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

yid
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

FZrm5
Size: 196KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.erloc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc8cd6f0867d108eb26c8927ab7c6516

Headers

File Characteristics

Imports

oleaut32

wintrust

crypt32

comdlg32

netapi32

rpcrt4

gdi32

opengl32

msvcrt

shlwapi

clusapi

shell32

kernel32

user32

ole32

advapi32

Sections

.text Size: 48KB - Virtual size: 44KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 13KB

CODE Size: 676KB - Virtual size: 672KB

.crt1 Size: 284KB - Virtual size: 280KB

yid Size: 92KB - Virtual size: 88KB

FZrm5 Size: 196KB - Virtual size: 192KB

.erloc Size: 52KB - Virtual size: 49KB

.CRT Size: 32KB - Virtual size: 28KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 44KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 13KB

CODE
Size: 676KB - Virtual size: 672KB

.crt1
Size: 284KB - Virtual size: 280KB

yid
Size: 92KB - Virtual size: 88KB

FZrm5
Size: 196KB - Virtual size: 192KB

.erloc
Size: 52KB - Virtual size: 49KB

.CRT
Size: 32KB - Virtual size: 28KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB