49df0cad3e89ee1d14cd6c73f84289e6a143e2763a51b94d7beceed7b35f9329

Sharing

Copy URL Twitter E-mail

General

Target

49df0cad3e89ee1d14cd6c73f84289e6a143e2763a51b94d7beceed7b35f9329
Size

105KB
MD5

1cce37c7217a6a35e41e699389618836
SHA1

de63116f118de29ca5f18f79eb302dc43bcf6d3b
SHA256

49df0cad3e89ee1d14cd6c73f84289e6a143e2763a51b94d7beceed7b35f9329
SHA512

caef53060e4219d82efcd1dbdf524ab45f0f43bdd940df7f5bdec6efd1510ac3a7984c7f58141da547bad177130c7e5b748e51e18d2d901301ec53389e9d515a
SSDEEP

3072:RquBizHekjcO9PaF/pstBaDqwONnct43bBl3N2UV:RquBiz+kjcOVaF/p/uwONct43D92U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49df0cad3e89ee1d14cd6c73f84289e6a143e2763a51b94d7beceed7b35f9329

Files

49df0cad3e89ee1d14cd6c73f84289e6a143e2763a51b94d7beceed7b35f9329
.exe windows:5 windows x64

1def79b0b18f8fa217588b56483673e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mfc100

ord10534
ord12579
ord7769
ord7999
ord7295
ord12665
ord11145
ord369
ord316
ord310
ord1294
ord4340
ord5321
ord12185
ord2788
ord2785
ord7057
ord2354
ord13684
ord13686
ord13685
ord13683
ord13687
ord13670
ord13598
ord13599
ord7931
ord10712
ord3275
ord10577
ord12920
ord7766
ord10841
ord5973
ord9688
ord8047
ord2754
ord12284
ord10877
ord10875
ord1474
ord1481
ord1487
ord1485
ord1492
ord4218
ord4255
ord4226
ord4238
ord4234
ord4230
ord4260
ord4251
ord4222
ord4264
ord4243
ord4209
ord4213
ord4246
ord3849
ord13605
ord3842
ord2573
ord11099
ord6807
ord12926
ord5887
ord10366
ord12138
ord5046
ord2285
ord10747
ord3355
ord2852
ord2851
ord2753
ord10790
ord4920
ord5236
ord8982
ord5580
ord883
ord3303
ord11548
ord2116
ord3600
ord2655
ord7920
ord5550
ord1872
ord1895
ord3254
ord3136
ord3156
ord6423
ord9171
ord12845
ord776
ord1188
ord9724
ord11125
ord4124
ord300
ord1291
ord2538
ord5035
ord305
ord3828
ord4608
ord6706
ord12503
ord3270
ord5562
ord8001
ord10794
ord2353
ord12181
ord5319
ord2659
ord2877
ord2878
ord10054
ord9701
ord7833
ord10754
ord1295
ord6868
ord13109
ord13106
ord13111
ord13108
ord13110
ord13107
ord3288
ord5031
ord10859
ord10867
ord3935
ord7063
ord9145
ord10871
ord10840
ord11470
ord4458
ord4722
ord4892
ord8135
ord4700
ord4895
ord4461
ord4597
ord4445
ord6640
ord6641
ord6631
ord4595
ord7065
ord8977
ord8000
ord5872
ord906
ord946
ord889
ord924
ord3479
ord12311
ord1863
ord6865
ord1267
ord2380
ord7277
ord7286
ord7213
ord11410
ord13393
ord2526
ord4555
ord877
ord6580
ord11106
ord11107
ord12927
ord6806
ord12925
ord8182
ord3535
ord3477
ord11489
ord6823
ord1709
ord13700
ord10609
ord7561
ord12808
ord9095
ord2049
ord12928
ord1274

msvcr100

memset
_setmbcp
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__getmainargs
_amsg_exit
_onexit
_lock
__dllonexit
_unlock
__C_specific_handler
atoi
__CxxFrameHandler3

kernel32

EncodePointer
RtlLookupFunctionEntry
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
Sleep
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
DecodePointer

user32

GetClientRect
GetSystemMetrics
IsIconic
SendMessageA
LoadIconW
EnableWindow
DrawIcon

comctl32

InitCommonControlsEx

swmultinetapi

SWMultiNet_SetDeviceOneParam
SWMultiNet_ReadDeviceOneParam
SWMultiNet_WriteCardG2
SWMultiNet_CloseAllDevice
SWMultiNet_RelayOn
SWMultiNet_GetSockFromIP
SWMultiNet_SetCallback
SWMultiNet_CloseDevice
SWMultiNet_GetDeviceSystemInfo
SWMultiNet_OpenDevice
SWMultiNet_InventoryG2
SWMultiNet_RelayOff

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1def79b0b18f8fa217588b56483673e8

Headers

DLL Characteristics

File Characteristics

Imports

mfc100

msvcr100

kernel32

user32

comctl32

swmultinetapi

Sections

.text Size: 15KB - Virtual size: 15KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 780B

.rsrc Size: 71KB - Virtual size: 70KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 780B

.rsrc
Size: 71KB - Virtual size: 70KB

.reloc
Size: 1KB - Virtual size: 1KB