46a52927e76eb4eca1d333e4d82e82e381a312dabd9d3829bf8bf2c829629cbf

Sharing

Copy URL

Twitter E-mail

General

Target

46a52927e76eb4eca1d333e4d82e82e381a312dabd9d3829bf8bf2c829629cbf
Size

2.2MB
MD5

6fab8d882c6bbe2f85b1bb446fe74fc2
SHA1

9971336d72ed9c22c0f6ee05ea07c1b8881677f7
SHA256

46a52927e76eb4eca1d333e4d82e82e381a312dabd9d3829bf8bf2c829629cbf
SHA512

c5fbd418c2736f2c2dfd4eeba959e451d638b310d2a860bab11628e8b94c5774bc481ad94abc3ea270bb3291739cae76bc5c4672d9cd597e63368e4493122e73
SSDEEP

49152:52DQ0MdfppbpIca7TiqFsv9HUInu3BfoUYNUDZrdmC+xED:5ttXbpbaJ60WiBfoUFZrdPc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46a52927e76eb4eca1d333e4d82e82e381a312dabd9d3829bf8bf2c829629cbf

Files

46a52927e76eb4eca1d333e4d82e82e381a312dabd9d3829bf8bf2c829629cbf
.dll windows:5 windows x86

0ad369829c75a4b1d4050cd563b6e4a4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

StrRChrA

clusapi

GetClusterFromResource

version

GetFileVersionInfoSizeA

kernel32

GetModuleFileNameA
CloseHandle
GetModuleHandleA
GetProcAddress
GetModuleFileNameW
OutputDebugStringA
GetBinaryTypeA
SetStdHandle
InterlockedPushEntrySList
GetSystemTimeAsFileTime

shell32

SHChangeNotify
SHParseDisplayName

rasapi32

RasFreeEapUserIdentityW

msvcrt

putc
toupper

winmm

waveInUnprepareHeader
waveOutClose

psapi

GetModuleBaseNameA

winspool.drv

AddPrinterConnectionW

lz32

LZInit

advapi32

RegEnumValueW
NotifyChangeEventLog
AccessCheckAndAuditAlarmW

oleaut32

GetErrorInfo
GetRecordInfoFromGuids

ws2_32

select

rpcrt4

RpcBindingFromStringBindingA

crypt32

CryptFindOIDInfo

gdi32

Pie
CreateHalftonePalette
AbortDoc

wininet

FindNextUrlCacheGroup

user32

GetUpdateRgn
IsWindowEnabled
wsprintfA
MonitorFromPoint
DrawFrameControl
DialogBoxParamW
SetWindowRgn
GetKeyboardLayout

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ZYDZ
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ad369829c75a4b1d4050cd563b6e4a4

Headers

File Characteristics

Imports

shlwapi

clusapi

version

kernel32

shell32

rasapi32

msvcrt

winmm

psapi

winspool.drv

lz32

advapi32

oleaut32

ws2_32

rpcrt4

crypt32

gdi32

wininet

user32

Sections

.text Size: 44KB - Virtual size: 40KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 52KB - Virtual size: 51KB

ZYDZ Size: 2.0MB - Virtual size: 2.0MB

.rsrc Size: 56KB - Virtual size: 55KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 44KB - Virtual size: 40KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 52KB - Virtual size: 51KB

ZYDZ
Size: 2.0MB - Virtual size: 2.0MB

.rsrc
Size: 56KB - Virtual size: 55KB

.reloc
Size: 12KB - Virtual size: 8KB