049873e3f995108d21381b9d30839ab1

Sharing

Copy URL

Twitter E-mail

General

Target

049873e3f995108d21381b9d30839ab1
Size

25KB
MD5

049873e3f995108d21381b9d30839ab1
SHA1

ef1e00a4070bc331b3d62ec4b6a15bf873e1a324
SHA256

d33dda1376bffef7178339bd6676c2d2ce6eb7b2039bd4a887f234933357ed6a
SHA512

660d6f3ef298313680f3d7355a10bf22c1204018197eea8b5bd124691851f0661de2f20a8456dce5164b53f0a24f32e4411734dba45f510606b2f8afbf0fe846
SSDEEP

384:bioHPED4qpSV9iLcyRa5zLnJk+1wUrIXLreXPy7s8O1GMo:bLPSUioeaVCkwQIXLMPy75

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
049873e3f995108d21381b9d30839ab1

Files

049873e3f995108d21381b9d30839ab1
.dll windows:4 windows x86 arch:x86

5b18ea429622f33db74ffb0d689b3130

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
ReadFile
GetFileSize
CreateFileA
DeleteFileA
GetTempPathA
GetProcAddress
CreateThread
SetFilePointer
GetModuleHandleA
VirtualQueryEx
HeapAlloc
GetProcessHeap
OutputDebugStringA
ReadProcessMemory
Sleep
GetFileAttributesW
CloseHandle
LoadLibraryA
OpenProcess
TerminateProcess
GetCurrentProcess
GetModuleFileNameA
GetPrivateProfileStringA

user32

GetDC
GetWindowRect
wsprintfA
GetWindow
GetClassNameW

wininet

InternetCloseHandle

msvcrt

_strupr
strcat
memset
sprintf
strlen
strcpy
??3@YAXPAX@Z
wcscmp
??2@YAPAXI@Z
ftell
fseek
fopen
mbstowcs
strrchr
wcslen
strstr
wcsncat
wcscpy
wcsstr
strncpy
exit
free
printf
malloc
rand
_stricmp
memcpy
__CxxFrameHandler
_except_handler3
_local_unwind2
strcmp
_vsnprintf
__dllonexit
_onexit
_strcmpi

gdiplus

GdiplusStartup
GdipGetImageEncoders
GdipSaveImageToFile
GdipDisposeImage
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteObject
DeleteDC

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b18ea429622f33db74ffb0d689b3130

Headers

File Characteristics

Imports

kernel32

user32

wininet

msvcrt

gdiplus

gdi32

msvcp60

Sections

.text Size: 17KB - Virtual size: 16KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 5KB

.CRT Size: 512B - Virtual size: 4B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 17KB - Virtual size: 16KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 4B

.reloc
Size: 2KB - Virtual size: 1KB