48a219e196e481cf340e84e8c7f33d6c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

48a219e196e481cf340e84e8c7f33d6c
Size

475KB
MD5

48a219e196e481cf340e84e8c7f33d6c
SHA1

949a4f67811156756d4c04c2bd5bd6f848487c7e
SHA256

3c0e0c3c8989f00e91e11a371f9628d7180b3f5f3c97548a4a64a11b7be6b97f
SHA512

dcce7c76eab2fb9400263718b86f051becf76d394aadb04b45c30a34e258d95ba725f89e7ee021ed57e8fb341a56a59e610234d8c77b061d749ae0d5d909155b
SSDEEP

12288:KhxqN1n/Fb9qjk7C9qAX+nEkhKvtj1Dgs31fVSZLVDZUI/kF9vpJt0czK:miMSCkAOEZvN1cSQLVDZUI/kLzI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48a219e196e481cf340e84e8c7f33d6c

Files

48a219e196e481cf340e84e8c7f33d6c
.exe windows:4 windows x86 arch:x86

0c38562f7fde8d48f3e995056d452417

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
TerminateProcess
GetSystemInfo
GetModuleFileNameA
GetProcAddress
VirtualAlloc
HeapReAlloc
CreateMailslotW
RtlZeroMemory
GetSystemTimeAsFileTime
GetCurrentProcessId
HeapAlloc
GetTickCount
GetCurrentThreadId
GetCurrentProcess
GetModuleHandleA
InterlockedCompareExchange
DeleteFileA
ExitProcess
InterlockedExchange
RtlUnwind
GetFullPathNameW
QueryPerformanceCounter
VirtualQuery
LoadLibraryA

comdlg32

GetSaveFileNameW
ReplaceTextW
FindTextA
PrintDlgW
GetFileTitleA
GetSaveFileNameA
GetOpenFileNameW
GetFileTitleW
PageSetupDlgA
FindTextW
PageSetupDlgW
ChooseFontA
ChooseColorA
LoadAlterBitmap
GetOpenFileNameA
ReplaceTextA
ChooseFontW

Sections

.text
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ