49383a314b93ec21c9fc0d5f4d592fa6 | Triage

Sharing

General

Target

49383a314b93ec21c9fc0d5f4d592fa6
Size

36KB
MD5

49383a314b93ec21c9fc0d5f4d592fa6
SHA1

b056c2f65c85ce70ead1be288eb122896e53999c
SHA256

882459fb825fd97543f2cff0110e7fa1c716efc2b47d0ef84c3bdc5ac31c6982
SHA512

1c804af2c551250a286b0294965cbeb0ff46ccc0a4f59bbc3f8cb6c5ee75fdafeb42d09188208d61ff6d96919f26154ec2d62bb76dca59407b4e0ca0f3b3a63c
SSDEEP

768:MX7tjZBRJdd0cuDUBbMn0Jbjj46Peu/W:MXtNd0cu+Mn0Jbjj469W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49383a314b93ec21c9fc0d5f4d592fa6

Files

49383a314b93ec21c9fc0d5f4d592fa6
.exe windows:4 windows x86 arch:x86

c5e040e8be8ce07e548c8232cc95cee8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
lstrlenA
lstrcpynA
WriteFile
lstrcatA
GetProcAddress
LoadLibraryA
CloseHandle
lstrcpyA
ExitProcess
lstrcmpA
GetCommandLineA
CreateProcessA
GetTempFileNameA
OpenMutexA
GetModuleFileNameA
CreateMutexA
GetTempPathA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetVersionExA
VirtualQuery
TerminateProcess
GetCurrentProcess
IsDebuggerPresent

user32

wsprintfA

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ