47564229c1bae21d7f442e03e38a5c16

General

Target

47564229c1bae21d7f442e03e38a5c16
Size

110KB
MD5

47564229c1bae21d7f442e03e38a5c16
SHA1

2929abb5a9bc82c7c4eb926f8d241c98fe5b94fa
SHA256

ecce65dd022a2646869ca4a229e226fbd6b2806bc84fad70c97e6b7da876aa6b
SHA512

a2b7dac78eb09def9570f6f4fd3828235995f9bdd4a070ca8451cbbd3965276b5cdaed5f56f8adfbf95bf36270d0615ebd4d85d6d7a489cd685a0d9b80c5e81b
SSDEEP

3072:mmZdMpJ9Ja0GU1gUnUHFoPBOgvU2R5An6:mYwPa08UUktUY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47564229c1bae21d7f442e03e38a5c16

Files

47564229c1bae21d7f442e03e38a5c16
.dll windows:5 windows x86 arch:x86

39de208faab48e8f534458f1cee66a17

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

core_rl_magick_

FormatMagickString
GetFirstImageInList
CloseBlob
ThrowMagickException
EOFBlob
SyncImage
LoadImageTag
SyncAuthenticPixels
GetAuthenticIndexQueue
QueueAuthenticPixels
AcquireImageColormap
ReadBlobMSBShort
ReadBlobByte
DestroyImageList
OpenBlob
AcquireImage
LogMagickEvent
UnregisterMagickInfo
SaveImageTag
GetVirtualPixels
WriteBlobMSBShort
WriteBlobByte
SetImageType
TransformImageColorspace
RegisterMagickInfo
ConstantString
SetMagickInfo

msvcr90

_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
__clean_type_info_names_internal
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_encode_pointer
_errno
strerror
_malloc_crt

kernel32

LoadLibraryA
GetProcAddress
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange

Exports

Exports

RegisterOTBImage
UnregisterOTBImage

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39de208faab48e8f534458f1cee66a17

Headers

File Characteristics

Imports

core_rl_magick_

msvcr90

kernel32

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 872B

.rsrc Size: 100KB - Virtual size: 99KB

.reloc Size: 1024B - Virtual size: 560B

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 872B

.rsrc
Size: 100KB - Virtual size: 99KB

.reloc
Size: 1024B - Virtual size: 560B