49309f9f59245fdced378f79c6bf10ac7fb0a4e7d3aa3c784532b06499797dfc

Sharing

Copy URL Twitter E-mail

General

Target

49309f9f59245fdced378f79c6bf10ac7fb0a4e7d3aa3c784532b06499797dfc
Size

1.7MB
MD5

82c2cb06dcef57d29fd0156ae607ddcb
SHA1

cff9e04e4e2a01ca9494cae4f7c8555bad2d38d2
SHA256

49309f9f59245fdced378f79c6bf10ac7fb0a4e7d3aa3c784532b06499797dfc
SHA512

bd51c75bdcbfbe654f36858c069804d87bf8b800dd9cb71843918e32eefddf4e736200a1e003927697278fcf78ee3002071f9e4f5c6684e1d36225144d410b55
SSDEEP

49152:Wcy2ewrIkju+3QllO1tyPO/lDl5HoPJGRv:Wcbn3QvOXyPO/lD8av

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49309f9f59245fdced378f79c6bf10ac7fb0a4e7d3aa3c784532b06499797dfc

Files

49309f9f59245fdced378f79c6bf10ac7fb0a4e7d3aa3c784532b06499797dfc
.exe windows:5 windows x86 arch:x86

f2d5b44df16a36118bb3becd4a3dc460

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
RtlUnwind
FindFirstFileExW
ExitThread
GetModuleHandleExW
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
GetStdHandle
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
GetConsoleMode
HeapSize
GetProcessHeap
FlushFileBuffers
GetConsoleCP
SetFilePointerEx
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
InitializeSListHead
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
InterlockedIncrement
IsProcessorFeaturePresent
GetFileType
SystemTimeToFileTime
LockResource
SizeofResource
FreeResource
LoadResource
FindResourceW
ReadFile
IsBadReadPtr
GetACP
MulDiv
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
GetTickCount
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
EncodePointer
GetCurrentThread
WaitForSingleObjectEx
DuplicateHandle
QueryPerformanceCounter
OutputDebugStringW
IsDebuggerPresent
CreateSemaphoreW
CreateEventW
WaitForMultipleObjects
ReleaseSemaphore
SetEvent
SetThreadPriority
CreateThread
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
MoveFileExW
CreateFileW
GetTempFileNameW
TerminateThread
Sleep
GetCommandLineW
CreateMutexW
LocalFree
lstrcpyW
WinExec
GetCurrentDirectoryW
GetTempPathW
GetVersionExW
DeleteFileW
CreateProcessW
GetModuleHandleW
LoadLibraryW
WaitForSingleObject
TerminateProcess
GetCurrentProcess
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetProcAddress
FreeLibrary
DeleteFileA
CreateFileA
GetModuleFileNameA
FormatMessageA
GetLocalTime
CloseHandle
SetFilePointer
WriteFile
GetFileSize
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
GetCurrentThreadId
GetCurrentProcessId
InterlockedExchange
WideCharToMultiByte
MultiByteToWideChar
FindNextFileW
FindClose
GetUserDefaultLangID
DosDateTimeToFileTime
GetModuleFileNameW

user32

CallWindowProcW
RegisterClassExW
GetClassInfoExW
RegisterClassW
MonitorFromWindow
GetMonitorInfoW
EnableWindow
DefWindowProcW
FillRect
DrawIconEx
DrawTextW
CreateCaret
SetCaretPos
HideCaret
ShowCaret
GetParent
ReleaseCapture
SetCapture
IsWindow
GetFocus
DispatchMessageW
TranslateMessage
GetMessageW
GetCursorPos
ScreenToClient
CreateWindowExW
SetPropW
InvalidateRect
UpdateLayeredWindow
GetUpdateRect
SetFocus
GetWindow
SetWindowLongW
GetWindowLongW
SetWindowPos
GetClientRect
DestroyWindow
GetKeyState
EndPaint
BeginPaint
ReleaseDC
GetDC
SendMessageW
CharNextW
LoadCursorW
SetCursor
InflateRect
SetRectEmpty
SetRect
PtInRect
IsRectEmpty
CopyRect
OffsetRect
IntersectRect
UnionRect
GetPropW
IsZoomed
AttachThreadInput
ShowWindow
GetForegroundWindow
SetForegroundWindow
IsWindowVisible
GetWindowRect
SetWindowRgn
ClientToScreen
GetSysColor
GetCaretPos
GetWindowThreadProcessId
PostMessageW
FindWindowW
PostQuitMessage
IsIconic
BringWindowToTop
SetTimer
KillTimer
CharPrevW
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
RedrawWindow
GetDesktopWindow
GetWindowDC
InvalidateRgn
CreateAcceleratorTableW
MoveWindow
MapWindowPoints
DestroyIcon

advapi32

RegOpenKeyExW
RegQueryValueW
RegQueryValueExA
RegOpenKeyExA
RegQueryValueExW
RegCloseKey

shell32

CommandLineToArgvW
ShellExecuteExW
ShellExecuteW

ole32

CoUninitialize
CoInitialize
OleUninitialize
OleInitialize
CLSIDFromString
CoCreateInstance
CLSIDFromProgID
OleLockRunning
CreateStreamOnHGlobal

shlwapi

PathAppendW
PathRemoveFileSpecW
PathIsRelativeW
PathCombineW
PathRemoveFileSpecA
PathFileExistsW

winhttp

WinHttpCrackUrl
WinHttpReadData
WinHttpSetOption
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpOpen
WinHttpConnect

gdiplus

GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipImageSelectActiveFrame
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromFile
GdipReleaseDC
GdipDrawImageRectI
GdipSetInterpolationMode
GdipLoadImageFromStream
GdipDrawImageRectRect
GdipFree
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipFillRectangleI
GdipSetTextRenderingHint
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipCloneStringFormat
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipMeasureString
GdipDrawString
GdipCreateStringFormat
GdipCreateLineBrushI
GdipGetImageWidth
GdipGetImageHeight

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

msimg32

AlphaBlend

comctl32

_TrackMouseEvent
ord17

gdi32

GetDeviceCaps
CreateFontIndirectW
GetObjectW
SetBkColor
GetCharABCWidthsW
EnumFontFamiliesW
GetObjectA
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgnIndirect
CombineRgn
GetStockObject
CreatePen
DeleteObject
DeleteDC
CreateCompatibleDC
CreateDIBSection
SelectObject
SaveDC
RestoreDC
CreateCompatibleBitmap
BitBlt
Rectangle
SetWindowOrgEx
GetTextMetricsW
CreatePenIndirect
SetBkMode
SetStretchBltMode
SetTextColor
GetTextExtentPointW
GetTextExtentPoint32W
TextOutW
StretchBlt
PatBlt
RoundRect
LineTo
MoveToEx
ExtSelectClipRgn
SelectClipRgn
GetClipBox

oleaut32

VariantClear
SysAllocString
VariantInit
SysFreeString

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

Sections

.text
Size: 752KB - Virtual size: 751KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 666KB - Virtual size: 665KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 106KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f2d5b44df16a36118bb3becd4a3dc460

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

winhttp

gdiplus

version

msimg32

comctl32

gdi32

oleaut32

imm32

Sections

.text Size: 752KB - Virtual size: 751KB

.rdata Size: 154KB - Virtual size: 154KB

.data Size: 10KB - Virtual size: 17KB

.gfids Size: 512B - Virtual size: 464B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 666KB - Virtual size: 665KB

.reloc Size: 106KB - Virtual size: 108KB

.text
Size: 752KB - Virtual size: 751KB

.rdata
Size: 154KB - Virtual size: 154KB

.data
Size: 10KB - Virtual size: 17KB

.gfids
Size: 512B - Virtual size: 464B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 666KB - Virtual size: 665KB

.reloc
Size: 106KB - Virtual size: 108KB