49d5165d7ba598f870bf8048d8a756fb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

49d5165d7ba598f870bf8048d8a756fb
Size

154KB
MD5

49d5165d7ba598f870bf8048d8a756fb
SHA1

211c6dee9df04602dbae8309f8d6603ce1655080
SHA256

bea49c72fb29748ba3b144a2525ce4e90f6181ba7f01540cdb698ba063985c34
SHA512

e908b92720a77bd892a0a201f8a0c01e331b0e0d4059cfc5f461494a1d21fcf7d39c3fe13d414d1674c49b399041864015d66582456066432cbef916ab509bab
SSDEEP

3072:pHEavhF3uwMZup7+VSEjf6y7gkSq0wdTVH4vZq7NWORp:hhFVMZbVf6yS4bWuUO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49d5165d7ba598f870bf8048d8a756fb

Files

49d5165d7ba598f870bf8048d8a756fb
.exe windows:4 windows x86 arch:x86

cd755f0bd6c6325507b97d09eabbc9ad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

comctl32

ImageList_SetIconSize

urlmon

URLDownloadToFileA

Sections

CODE
Size: 136KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE