049c4b64a10630a5b2672be106dc0c1c

Sharing

Copy URL Twitter E-mail

General

Target

049c4b64a10630a5b2672be106dc0c1c
Size

405KB
MD5

049c4b64a10630a5b2672be106dc0c1c
SHA1

5027049cb373e9a63ce7dd227d5ebfdebf292025
SHA256

944adcdeae16f142e4ee199ea3040e52089c1aba384cb4e9295cf602e2c6c211
SHA512

0cba30ade8d956ef10faf1f3825bfa0a343d3c3b8f148902419f00db44f6a4cb53d9e1d98ff6b43a69a932e6cb26036956f0496fced031130baa7429ae68c0ab
SSDEEP

12288:4eWLt9HHmB3/zpx8lTH8CY/1TnpjpybJMYgstWCL:NLbp8HpYTI2Ygs7L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
049c4b64a10630a5b2672be106dc0c1c

Files

049c4b64a10630a5b2672be106dc0c1c
.exe windows:4 windows x86 arch:x86

8d891018a43e540c9d5d9eabf0485b2b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptEnumProvidersW

comdlg32

GetFileTitleW
GetFileTitleA
GetOpenFileNameA
GetSaveFileNameA
PrintDlgA
LoadAlterBitmap
FindTextW
ReplaceTextW
FindTextA
GetSaveFileNameW
ChooseFontA
PageSetupDlgW
PageSetupDlgA
ChooseFontW
PrintDlgW
ChooseColorW

shell32

SheSetCurDrive
SHGetSpecialFolderPathA

user32

GetListBoxInfo
ChangeMenuW
CharLowerBuffW
BeginDeferWindowPos
FindWindowExA
GetWindowTextLengthA
GetDesktopWindow
ChildWindowFromPoint
CallMsgFilter
GetInputState
wvsprintfA
PostQuitMessage

kernel32

InitializeCriticalSection
CreateDirectoryA
HeapDestroy
GetLastError
SetHandleCount
EnterCriticalSection
lstrcmpW
InterlockedExchange
GetCurrentProcessId
HeapReAlloc
UnhandledExceptionFilter
GetCurrentThreadId
GetSystemTimeAsFileTime
lstrcpyn
VirtualQuery
GetSystemTime
VirtualAlloc
WriteFile
DeleteAtom
HeapCreate
CreateFileMappingA
ExitProcess
GetCurrentProcess
TlsSetValue
LeaveCriticalSection
HeapAlloc
IsBadWritePtr
ContinueDebugEvent
FillConsoleOutputCharacterA
DeleteCriticalSection
GetCommandLineA
CompareStringA
GetModuleFileNameW
GetVersion
GetModuleFileNameA
SetCurrentDirectoryA
GetEnvironmentStrings
VirtualFree
TlsAlloc
EnumCalendarInfoA
SetEvent
GetUserDefaultLCID
LoadLibraryA
RtlZeroMemory
GetFileType
QueryPerformanceCounter
GetModuleHandleA
CreateFileA
SetEndOfFile
TlsGetValue
GetProcAddress
GetSystemInfo
TerminateThread
GetStartupInfoW
SetVolumeLabelA
TerminateProcess
WriteProfileStringA
FreeEnvironmentStringsW
GetStartupInfoA
MultiByteToWideChar
HeapFree
GetCommandLineW
WaitForMultipleObjects
TlsFree
GetTickCount
FreeEnvironmentStringsA
CreateProcessW
RtlUnwind
SetLastError
GetCurrentThread
GetEnvironmentStringsW
GetStdHandle
TryEnterCriticalSection

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 269KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d891018a43e540c9d5d9eabf0485b2b

Headers

File Characteristics

Imports

advapi32

comdlg32

shell32

user32

kernel32

Sections

.text Size: 128KB - Virtual size: 128KB

.data Size: 269KB - Virtual size: 286KB

.rsrc Size: 6KB - Virtual size: 6KB

.text
Size: 128KB - Virtual size: 128KB

.data
Size: 269KB - Virtual size: 286KB

.rsrc
Size: 6KB - Virtual size: 6KB