48c4966fe0f357df05cf9814306c7fb1e054f825280a7147298427b19f1947a6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

48c4966fe0f357df05cf9814306c7fb1e054f825280a7147298427b19f1947a6
Size

10.6MB
MD5

0b578fc9986d129442ea3765aabc4571
SHA1

a8e2a6c00d85912c43b22535990cfc8f4c9d244e
SHA256

48c4966fe0f357df05cf9814306c7fb1e054f825280a7147298427b19f1947a6
SHA512

72b06526281d74fdef1a935759d82beae9901efab64a454cb15f61abb868527691ef30ac883f10d035da73d4af80b79902d797a52a153fb4f8fefc3cb29b8d1e
SSDEEP

196608:jooDmf0jjH3itiFDxEG9c6jeIpHXihzlOUKaX028qOVlYxLtrRxgFwF:k4fStiFDxEi1p3i/zKFrqOjgJrrgFw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48c4966fe0f357df05cf9814306c7fb1e054f825280a7147298427b19f1947a6

Files

48c4966fe0f357df05cf9814306c7fb1e054f825280a7147298427b19f1947a6
.dll windows:5 windows x86

6df92be45b9329dde7487c47edf52661

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetVersionExA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

DispatchMessageA

gdi32

GetDeviceCaps

winspool.drv

OpenPrinterA

advapi32

RegCloseKey

comctl32

ord17

oleaut32

SystemTimeToVariantTime

Exports

Exports

Hook

Sections

.text
Size: - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.4#A
Size: - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.`$t
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.`q|
Size: 10.6MB - Virtual size: 10.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ