49a5742ef90a0e9b1629845efe4a8b4e79a9538526369132c82fc96f3b5f1e1e

General

Target

49a5742ef90a0e9b1629845efe4a8b4e79a9538526369132c82fc96f3b5f1e1e
Size

64KB
MD5

f01a35e0c8b8c459b3b79a939a163b57
SHA1

c592cc6c9375de03273274c25ad38f52bf722be3
SHA256

49a5742ef90a0e9b1629845efe4a8b4e79a9538526369132c82fc96f3b5f1e1e
SHA512

cbc7bbc609fd363930135dcd8923ea24b716e7a9c5256858a532b00d720c629f73df29b97f4997ee260143d845fe5236c15f59191a1c3e0dbf7c74c33d17a72a
SSDEEP

384:x60TuhyQPXiMTJf6kr1xq3UZU9w1xq3UZU9EN:x8hyQPikP3ZU9qZU9s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49a5742ef90a0e9b1629845efe4a8b4e79a9538526369132c82fc96f3b5f1e1e

Files

49a5742ef90a0e9b1629845efe4a8b4e79a9538526369132c82fc96f3b5f1e1e
.exe windows:4 windows x86

77a1c7a4a4413b03282e4b9a4ce221a7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

kernel32

CreateFileMappingW
CreateEventW
MapViewOfFile
CreateThread
SetEvent
WaitForSingleObject
CloseHandle
UnmapViewOfFile
WaitForMultipleObjects
OpenEventW
ResetEvent
GetVersionExW
LoadLibraryW
GetCurrentProcessId
FreeLibrary
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime
GetProcAddress

user32

DefWindowProcW
DestroyWindow
PostQuitMessage
UpdateWindow
ShowWindow
CreateWindowExW
RegisterClassExW
LoadCursorW
LoadIconW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadStringW

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

msvcr80

_controlfp_s
_cexit
_invoke_watson
_amsg_exit
__wgetmainargs
memset
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77a1c7a4a4413b03282e4b9a4ce221a7

Headers

File Characteristics

Imports

wtsapi32

kernel32

user32

advapi32

msvcr80

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 48KB - Virtual size: 47KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 48KB - Virtual size: 47KB