49afe9b5decb3d0187f9bdd54f1b91b9

Sharing

Copy URL Twitter E-mail

General

Target

49afe9b5decb3d0187f9bdd54f1b91b9
Size

428KB
MD5

49afe9b5decb3d0187f9bdd54f1b91b9
SHA1

6031e648c0d714a5148442ddbc3d6f67cdd88b54
SHA256

51a970d0abdccd0a411ac4a95202b9903858c1cd78a21ce791cdb780c4494f5c
SHA512

f3f22131da7ecebf403a9c1101873d19ff9d7ca111ee94abd4b55fdbbf7499d26938db63e78fb0f6fb18300d8ddd41a2b1949a4d016634f2260ceae1bc69200e
SSDEEP

12288:6A+SyUEkE76CfzFnXFAZD2g3EODRjJJ3r4rtQPaGj:6A+SyUEkEeozFnXngdljJJ3r4rtQPaGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49afe9b5decb3d0187f9bdd54f1b91b9

Files

49afe9b5decb3d0187f9bdd54f1b91b9
.exe windows:4 windows x86 arch:x86

fe791d5f89102f81ed825e3b7e79b414

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteW

mfc80u

ord764
ord266
ord1197
ord1182
ord1178
ord265
ord762

msvcr80

_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_except_handler4_common
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
_CxxThrowException
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
wcsncpy
__RTtypeid
_wmakepath_s
_waccess
_wsplitpath_s
wcslen
strchr
strncmp
isalnum
isalpha
tolower
isspace
memmove
memcpy
fseek
ftell
fread
__CxxFrameHandler3
fprintf
strcmp
fopen_s
strlen
rand
srand
malloc
_resetstkoflw
free
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
memmove_s
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
_vsnprintf_s
fclose
fputs
fopen
_localtime64_s
_time64
_vswprintf_c_l
_snwprintf_s
atoi
_vswprintf
_purecall
__RTDynamicCast
memset
_controlfp_s

kernel32

RaiseException
lstrlenW
GetVersionExA
GetThreadLocale
MultiByteToWideChar
GetCommandLineW
GetModuleHandleW
GetProcAddress
LoadLibraryW
GetTickCount
OutputDebugStringW
GetModuleFileNameW
GetLastError
FreeLibrary
Sleep
LocalAlloc
InterlockedExchange
LoadLibraryA
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetLocaleInfoA
GetACP
WideCharToMultiByte

user32

PeekMessageW
GetSystemMetrics
LoadIconW
FlashWindow
PtInRect
PostQuitMessage
GetMessageW
SendMessageW
TranslateMessage
DispatchMessageW
SetTimer
DefWindowProcW
DestroyWindow
SetWindowLongW
CreateWindowExW
IsWindow
KillTimer
MessageBoxW
IsIconic
ShowWindow

msvcp80

??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V32@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

ws2_32

htons
htonl
ntohl
ntohs

gdiplus

GdipAlloc
GdipDisposeImage
GdipCreateBitmapFromGdiDib
GdipLoadImageFromFile
GdiplusShutdown
GdiplusStartup
GdipCloneImage
GdipFree
GdipCreateBitmapFromFile

Sections

.text
Size: 308KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe791d5f89102f81ed825e3b7e79b414

Headers

File Characteristics

Imports

shell32

mfc80u

msvcr80

kernel32

user32

msvcp80

ws2_32

gdiplus

Sections

.text Size: 308KB - Virtual size: 304KB

.rdata Size: 68KB - Virtual size: 66KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 40KB - Virtual size: 39KB

.text
Size: 308KB - Virtual size: 304KB

.rdata
Size: 68KB - Virtual size: 66KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 40KB - Virtual size: 39KB