49c8ccdf8b8a9221329425abb1f4db3a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

49c8ccdf8b8a9221329425abb1f4db3a
Size

745KB
MD5

49c8ccdf8b8a9221329425abb1f4db3a
SHA1

c053131ae31a89b162f99b486df1860f55a64d71
SHA256

40c98df09438e3165e23591aae126ac527800a54bf83925bd30a5ff14cd17810
SHA512

6ad3d97704cf3a1af670666b9f0bd0cb8c30b3700f4843b10d488d4cc32384ef2e26d93a00fc9305eabcffb2c0c3ad9451eb0977c8f106a1f818738859904e0b
SSDEEP

12288:gZOHTnMhkUTOKhOJxrDhSAQdXSvqK3rmZzqERoHHrIOUmzzcnwx/e5g8WRhtyX/7:pT0LIGdXCmZzqcerIjDC8Wh2/H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49c8ccdf8b8a9221329425abb1f4db3a

Files

49c8ccdf8b8a9221329425abb1f4db3a
.exe windows:4 windows x86 arch:x86

f010e94066ebc087c6c6c08751ede611

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileType
CloseHandle
DeleteFileW
Sleep
ExitProcess
HeapSize
EnterCriticalSection
WaitForSingleObject
RemoveDirectoryA
GetModuleHandleA
SetFileAttributesW
ReadFile
VirtualAlloc
SetLastError
SetLastError
GetVersion
GetFileTime
FindAtomW
GetFileAttributesA
SuspendThread
CreateFileA
GetEnvironmentVariableW
GetCurrentDirectoryW
IsBadReadPtr
GetCommandLineW

cryptui

CryptUIWizImport
CryptUIWizBuildCTL
CryptUIDlgSelectStoreA
CryptUIDlgViewContext
DllUnregisterServer
LocalEnroll
CryptUIDlgFreeCAContext
LocalEnrollNoDS
CryptUIDlgFreeCAContext
CryptUIWizDigitalSign
CryptUIWizExport
DllRegisterServer
CryptUIDlgFreeCAContext

cmpbk32

PhoneBookFreeFilter
PhoneBookFreeFilter
PhoneBookFreeFilter
PhoneBookFreeFilter

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 737KB - Virtual size: 737KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ