49f8246116737e242dbf1a917943e303 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

49f8246116737e242dbf1a917943e303
Size

10KB
MD5

49f8246116737e242dbf1a917943e303
SHA1

2673820199f12cc711e0134cf9c11d4e44435fdb
SHA256

ba7a3d0c3c6add4ed2ab825cdb1db6f917827e6bd00c426166277ba03eeaa82e
SHA512

cf739391077b8e3d76f2bd56b2d7adc6c6b4242d7414c6418d6170083d4afdfaf28ded0fd0aa272f658072056bc41640a0817346b301e149e2bcbb6fd7933b03
SSDEEP

192:KdlmrDjP1wUykHkqIJFuHY/+yksOJU1JmqHPwG+8:KnKjP1wUykHkqIuHAZjT1JLvH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49f8246116737e242dbf1a917943e303

Files

49f8246116737e242dbf1a917943e303
.dll windows:4 windows x86 arch:x86

c3f70bcbfaeefdd2ef363667b4b7322e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
GetComputerNameA
WriteProcessMemory
ReadProcessMemory
ExitProcess
GetCurrentProcessId
GlobalUnlock
GlobalLock
GlobalAlloc
Sleep
CreateThread
GetCurrentProcess
GlobalFree

user32

GetWindowThreadProcessId
GetWindowTextA
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
FindWindowA

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle

msvcrt

memset
_adjust_fdiv
malloc
_initterm
free
memcpy
strchr
strncpy
strcmp
strcat
strrchr
??3@YAXPAX@Z
_stricmp
??2@YAPAXI@Z
sprintf
strcpy
strlen

Exports

Exports

fa
fc

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 476B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdat
Size: 1024B - Virtual size: 526B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 666B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ