49a195b0c1fd129394188884c7852cd3 | Triage

Sharing

General

Target

49a195b0c1fd129394188884c7852cd3
Size

162KB
MD5

49a195b0c1fd129394188884c7852cd3
SHA1

c760840d6069def4ac0440933e5cfd62e140c26d
SHA256

e29bef1649994b6a54425f05b7c3af354ba7f8717c21ed70e1874af8469a1a84
SHA512

ccc9debf05fdc00e16d05db98e2733f673397b5caa36c85f3121b1ad7b9469846341d0439034a19cb6fe0b35763e4455e564476a232b28484cf58db6dd921387
SSDEEP

3072:4c5kEgs8RAVV0GWQCDfwRc5ksBoIDMk/yut7ERZOH3p:MM8RIGG7838MqOH3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49a195b0c1fd129394188884c7852cd3

Files

49a195b0c1fd129394188884c7852cd3
.exe windows:4 windows x86 arch:x86

222000ed758720a8c2a11fb65b4d182a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

shlwapi

PathCombineW
PathFileExistsW

user32

wsprintfW
SendMessageA
DispatchMessageW
PostThreadMessageW
CharNextW
KillTimer
SetTimer
TranslateMessage
GetMessageW
GetDC
CharUpperW
UnregisterClassA

kernel32

MultiByteToWideChar
LockResource
lstrcpyA
OutputDebugStringW
GetProcessAffinityMask
WideCharToMultiByte
GlobalFree
FindClose
lstrcpyW
lstrcmpiW
EnumResourceNamesW
InitializeCriticalSection
GetTickCount
GetCPInfo
FreeEnvironmentStringsW
GetACP
GetLastError
lstrcpyA
lstrlenW
GlobalAlloc
GetModuleHandleW

oleacc

LresultFromObject
CreateStdAccessibleObject

ole32

CoRegisterClassObject
CoRevokeClassObject
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoTaskMemRealloc
CoInitialize
CoUninitialize
CoTaskMemAlloc
StringFromCLSID

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.isete
Size: 1024B - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ