48c938a45b43d73c42d435f709e9e0aa

Sharing

Copy URL Twitter E-mail

General

Target

48c938a45b43d73c42d435f709e9e0aa
Size

287KB
MD5

48c938a45b43d73c42d435f709e9e0aa
SHA1

36d13fed3fc36ec9ab7ddae0538ee4fccfb8025f
SHA256

25b5c327da1c47a3e630a7783ff1af4cd14cc7887e2f9020c9c90ff917da60cc
SHA512

dd61e29aabc93d39625e6c931146432c108f8b21151d75f37c1bcbb4786fd8349371877935810daed1aa378b1422937435d48dc01879a948c713c80e318bb43a
SSDEEP

6144:faXEJFZvu+QMDjvttqOm1XLnJk6yAO0AOnYpiki9:fl1vuKDjvttqOm1LJk6yilf9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48c938a45b43d73c42d435f709e9e0aa

Files

48c938a45b43d73c42d435f709e9e0aa
.exe windows:5 windows x86 arch:x86

32c0be9366a0d31036cedbbf2c1c7281

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetSystemMetrics
ReleaseDC
GetDC

advapi32

OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

iphlpapi

GetAdaptersInfo

imagehlp

MakeSureDirectoryPathExists

ws2_32

htons
WSACleanup
socket
closesocket
inet_addr
WSAStartup
connect
send
gethostbyname
recv
setsockopt
WSAGetLastError
inet_ntoa
gethostname

kernel32

WriteConsoleW
CreateFileW
SetEndOfFile
GetCPInfo
SetStdHandle
GetStringTypeW
OutputDebugStringW
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
FlushFileBuffers
GetFileType
SetFilePointerEx
ReadConsoleW
DeleteFileW
GetConsoleMode
HeapReAlloc
HeapAlloc
HeapFree
GetTickCount
GetProcessHeap
TerminateThread
InitializeCriticalSectionAndSpinCount
HeapDestroy
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
Sleep
GetComputerNameA
FindResourceExW
FindResourceW
LoadResource
GetLogicalDriveStringsW
CreateDirectoryW
OpenProcess
WideCharToMultiByte
SizeofResource
GetModuleFileNameW
MultiByteToWideChar
lstrlenW
GetProcAddress
LoadLibraryA
Process32FirstW
LockResource
QueryDosDeviceW
Process32NextW
lstrcmpiW
lstrcatW
CreateToolhelp32Snapshot
CloseHandle
lstrcpyW
CreateThread
GetCurrentProcess
TerminateProcess
VirtualAllocEx
WriteProcessMemory
GetModuleHandleW
GetSystemTimeAsFileTime
GetOEMCP
GlobalAlloc
CreateRemoteThreadEx
lstrcmpW
GlobalFree
GetCurrentProcessId
GetSystemTime
EncodePointer
GetCurrentThreadId
ExitThread
LoadLibraryExW
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
AreFileApisANSI
ReadFile
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
RtlUnwind
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetStdHandle
WriteFile
IsValidCodePage
GetACP
GetConsoleCP

shell32

ShellExecuteA

gdi32

GetDIBits
BitBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
GetDeviceCaps

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle
InternetReadFile

psapi

GetProcessImageFileNameW

Sections

.text
Size: 194KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32c0be9366a0d31036cedbbf2c1c7281

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

iphlpapi

imagehlp

ws2_32

kernel32

shell32

gdi32

wininet

psapi

Sections

.text Size: 194KB - Virtual size: 193KB

.rdata Size: 71KB - Virtual size: 71KB

.data Size: 10KB - Virtual size: 19KB

.rsrc Size: 1024B - Virtual size: 648B

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 194KB - Virtual size: 193KB

.rdata
Size: 71KB - Virtual size: 71KB

.data
Size: 10KB - Virtual size: 19KB

.rsrc
Size: 1024B - Virtual size: 648B

.reloc
Size: 9KB - Virtual size: 9KB