49595fa6ef17c2317e84c8a43385075bc3974f3bd957d86f7340be3948719838

Sharing

Copy URL Twitter E-mail

General

Target

49595fa6ef17c2317e84c8a43385075bc3974f3bd957d86f7340be3948719838
Size

1.6MB
MD5

48f159eb8ee833c75465d11649f27241
SHA1

210f681927a2e048fabd4fa555c3ebc894f9919a
SHA256

49595fa6ef17c2317e84c8a43385075bc3974f3bd957d86f7340be3948719838
SHA512

762233817ce8da045e326c66b96fd9f2d1fc89f2fb08109260ecb04426d9f4e66af49393407517ef062ceb334e72dd41d2ea449ab34ed51033a9d043a96be9cf
SSDEEP

24576:YV6tNi5uqHCsiT0QBzmPTPQR1cdeEJ2JKmW4hL+sOqfCRmjW0B8oUF1p:YsNaDmF1o0xphL+sOq2PVF7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49595fa6ef17c2317e84c8a43385075bc3974f3bd957d86f7340be3948719838

Files

49595fa6ef17c2317e84c8a43385075bc3974f3bd957d86f7340be3948719838
.dll windows:5 windows x86

fb17de6dcf005bd495d4bceed22b6c81

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegConnectRegistryA
ClearEventLogW
RegEnumKeyExA
SetKernelObjectSecurity
OpenEventLogA
RegCloseKey
AreAnyAccessesGranted

winmm

midiOutPrepareHeader
CloseDriver

user32

IsCharAlphaW
GetUpdateRgn
SetDlgItemInt
TrackPopupMenuEx
GetForegroundWindow
ShowWindow
SetCapture
GetMenuContextHelpId
GetClipboardViewer
GetNextDlgGroupItem

clusapi

ClusterRegEnumValue

winspool.drv

DeletePrinter
EnumFormsW
DeletePortW

winscard

SCardEstablishContext

setupapi

SetupInstallFilesFromInfSectionW
CM_Locate_DevNodeA
SetupDiEnumDeviceInfo
SetupQueryInfOriginalFileInformationW
CM_Request_Device_Eject_ExW
SetupDiOpenDeviceInterfaceRegKey

ole32

HGLOBAL_UserFree
CreateOleAdviseHolder

opengl32

glEnable

wininet

InternetOpenUrlW
HttpAddRequestHeadersW

shell32

SHAddToRecentDocs
ShellAboutW
SHGetSpecialFolderLocation
DragQueryFileW

lz32

LZRead

gdi32

PlayMetaFile
CreateDiscardableBitmap
GetCharABCWidthsW
ResizePalette
OffsetRgn
GetStretchBltMode

esent

JetTerm2
JetGetBookmark

avifil32

AVIStreamStart

rpcrt4

NdrSimpleStructUnmarshall
RpcMgmtEnableIdleCleanup
I_RpcGetBufferWithObject
RpcAsyncAbortCall
UuidIsNil

kernel32

GetUserDefaultLCID
LoadLibraryW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetProcessHeap
SetInformationJobObject
Process32FirstW
GetACP
HeapDestroy
SetEndOfFile
MulDiv
GetSystemTimeAsFileTime
GetBinaryTypeW
WaitForSingleObjectEx

oleaut32

VarCyFromDate
VarBstrCat
GetRecordInfoFromGuids
GetErrorInfo
VarR8FromI2
SafeArrayCreate

Exports

Exports

IehhzrfLieerati

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CODE
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb17de6dcf005bd495d4bceed22b6c81

Headers

File Characteristics

Imports

advapi32

winmm

user32

clusapi

winspool.drv

winscard

setupapi

ole32

opengl32

wininet

shell32

lz32

gdi32

esent

avifil32

rpcrt4

kernel32

oleaut32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 48KB - Virtual size: 46KB

CODE Size: 1.5MB - Virtual size: 1.5MB

.rsrc Size: 4KB - Virtual size: 896B

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 48KB - Virtual size: 46KB

CODE
Size: 1.5MB - Virtual size: 1.5MB

.rsrc
Size: 4KB - Virtual size: 896B

.reloc
Size: 12KB - Virtual size: 11KB