49f53921a044f692cbeba23f3faafe19

Sharing

Copy URL Twitter E-mail

General

Target

49f53921a044f692cbeba23f3faafe19
Size

177KB
MD5

49f53921a044f692cbeba23f3faafe19
SHA1

1022519dbe6acb7535df1031650d28c5cb7cf6be
SHA256

1a1a234b1e680304ff340cc375afe7f28d68b712ec2b3e0ba00c634d4a21e1a4
SHA512

3e9ada4c36955a8f1ca85df89fe9a38c13470bc1784313641a39eeba8ec4253ef4c702375bd7f48c5404618e42eb4fae4f3f8f486fb4fa9e0821a6f5c17954cd
SSDEEP

3072:5hk1tzi5859xyxqdiI8xS9q9RkNrJyovlggc4BEoYHxhR4NsG4pZfSCLvA62yUMR:V585bYquL9R+JyovTJ2R4Ns1hSYv4dMR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49f53921a044f692cbeba23f3faafe19

Files

49f53921a044f692cbeba23f3faafe19
.exe windows:5 windows x86 arch:x86

7b682a7ff2f35ae05fb81920c2b0f3ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

_lwrite
GetUserDefaultLangID
ReadFile
TlsFree
RemoveDirectoryA
lstrcpynA
SetErrorMode
CreateEventA
FreeResource
CloseHandle
_lclose
SetFileTime
VirtualQuery
SetLocalTime
CompareStringW
IsBadCodePtr
SystemTimeToFileTime
GetCurrentProcess
EnterCriticalSection
ExitThread
GetCPInfo
SetHandleCount
UnhandledExceptionFilter
GetModuleFileNameA
WriteFile
GetTickCount
CreateProcessW
CreateSemaphoreA
GetFileTime
FindClose
SetEndOfFile
CreateFileA
lstrlenA
WideCharToMultiByte
GetStartupInfoA
TerminateProcess
GlobalHandle
GetStdHandle
HeapReAlloc
GetExitCodeProcess
HeapAlloc
CreateDirectoryA
GetVersionExA
FileTimeToLocalFileTime
GetOEMCP
GetProcAddress
LoadLibraryA
GetCommandLineA
GetLastError
GetDateFormatA
DeleteFileA
FlushInstructionCache
GetCurrentProcessId
CreateProcessA
GetEnvironmentStrings
HeapCreate
FileTimeToSystemTime
FreeEnvironmentStringsA
FindResourceA
_llseek
GlobalUnlock
LoadResource
GetStringTypeW
GetCurrentDirectoryA
GetDriveTypeA
GetTempPathA
GetACP
GlobalReAlloc
FreeEnvironmentStringsW
HeapDestroy
GetProfileStringA
FormatMessageA
TlsAlloc
GetTempFileNameA
SetLastError
lstrcatA
lstrcmpiW
GetSystemTime
FormatMessageW
ReleaseSemaphore
GetFullPathNameA
GetUserDefaultLCID
GetEnvironmentStringsW
lstrcmpA
GetStringTypeA
LCMapStringA
GlobalFree
GetSystemDirectoryA
GetShortPathNameA
LoadLibraryExA
GlobalAddAtomA
SetEvent
LockResource
ResetEvent
lstrcmpiA
IsDBCSLeadByte
WinExec
SetEnvironmentVariableA
GetVersion
CreateThread
InterlockedDecrement
GlobalSize
MultiByteToWideChar
GetSystemInfo
HeapSize
SizeofResource
GetFileType
FlushFileBuffers
InitializeCriticalSection
SetFileAttributesA
lstrcpyA
Sleep
GlobalLock
TlsGetValue
VirtualAlloc
CompareStringA
GetFileAttributesA
GetModuleHandleA
DuplicateHandle
MulDiv
SearchPathA
SetStdHandle
LCMapStringW
DeleteCriticalSection
ResumeThread
GetModuleFileNameW
GetTimeZoneInformation
TlsSetValue
InterlockedIncrement
VirtualFree
GetVolumeInformationA
LockFile
GetLocalTime
IsBadReadPtr
FindNextFileA
RtlUnwind
GetSystemDefaultLCID
LeaveCriticalSection
FreeLibrary
GetLocaleInfoA
_lread
ExitProcess
GetWindowsDirectoryA
RaiseException
GetSystemDefaultLangID
GlobalAlloc
GlobalDeleteAtom
MoveFileA
VirtualProtect
HeapFree
SetCurrentDirectoryA
WaitForSingleObject
SetFilePointer
GetStringTypeExA
GetCurrentThreadId
FindFirstFileA
UnlockFile

samlib

SamLookupNamesInDomain
SamConnectWithCreds
SamConnect

ws2_32

setsockopt
WSAConnect

advapi32

RegDeleteKeyW
RegOpenKeyExA
RegOpenKeyA
RegEnumValueA
RegSetValueExW
AdjustTokenPrivileges
RegSetValueA
RegDeleteKeyA
RegQueryValueExW
RegEnumKeyA
SetSecurityDescriptorDacl
RegCloseKey
InitializeSecurityDescriptor
RegCreateKeyA
OpenProcessToken
RegQueryInfoKeyA
RegisterEventSourceA
LookupPrivilegeValueA
ReportEventA
RegCreateKeyW
RegDeleteValueW
RegDeleteValueA
DeregisterEventSource
RegQueryValueA
RegSetValueExA
RegEnumValueW
RegOpenKeyW
RegEnumKeyW
RegQueryValueExA

ole32

OleLoad
OleSave

ddraw

DirectDrawEnumerateA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 140KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b682a7ff2f35ae05fb81920c2b0f3ab

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

samlib

ws2_32

advapi32

ole32

ddraw

Sections

.text Size: 1KB - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 5KB

.data Size: 140KB - Virtual size: 368KB

.rsrc Size: 26KB - Virtual size: 26KB

.rdata Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 64B

.text
Size: 1KB - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 5KB

.data
Size: 140KB - Virtual size: 368KB

.rsrc
Size: 26KB - Virtual size: 26KB

.rdata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 64B