49be461cb9e0f82f3ccc8fa23f4b223b

Sharing

Copy URL Twitter E-mail

General

Target

49be461cb9e0f82f3ccc8fa23f4b223b
Size

122KB
MD5

49be461cb9e0f82f3ccc8fa23f4b223b
SHA1

4174f8f083373a440016ae970d5ce882bed9df53
SHA256

6502f3103f00db1ec4720f6c94183d3d0be0b683b7c1e6c9a2734ee1eb3670a0
SHA512

20ac605eab18936a00817792594848c54313a57c51e556d5ba5ff69bb59b985efbfb3f8eb57a2ed42cad809cc3e36122a7c007c4e364abbc3b5f990c18694f9f
SSDEEP

3072:h3jxPGORgz8idNx8H5N8NdExmcRimNR8MgSLEs+qpn:FxP9mz8wnM5N8nE1RPN7Wsp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49be461cb9e0f82f3ccc8fa23f4b223b

Files

49be461cb9e0f82f3ccc8fa23f4b223b
.exe windows:1 windows x86 arch:x86

3ddfd974589f91e0b96b84606ed389ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileType
TerminateProcess
GetEnvironmentStringsW
Module32First
GetEnvironmentVariableA
FreeEnvironmentStringsA
GetTimeFormatA
GetStartupInfoA
ResetEvent
GetConsoleMode
HeapCreate
VerLanguageNameA
TerminateThread
CreateFileA
SetLastError
ReadProcessMemory
GetSystemDirectoryA
SetFilePointer
GetProcessHeap
GetModuleHandleA
WaitForSingleObject
GetStringTypeW
GetTickCount
lstrcmpiA

user32

DestroyWindow
DefMDIChildProcA
DrawMenuBar
DeleteMenu
DrawIconEx
IsDialogMessageA
ScreenToClient
IsDlgButtonChecked
GetWindowRect
ReleaseDC
MoveWindow
ShowWindow
SetWindowPos
SetTimer
MessageBoxA
BeginPaint
InvalidateRect
GetDlgCtrlID
GetKeyState
GetClassNameA
DefFrameProcA

gdi32

GetTextExtentPoint32A
CreateSolidBrush
SaveDC
ExtTextOutA
RectInRegion
CreatePen
LineTo
GetObjectA
SelectObject
SetTextColor
DeleteObject
EndPage
SetBkColor
RestoreDC
StartDocA
MoveToEx
GetStockObject
GetBkColor
SetTextAlign

msvcrt

putc
swprintf
_ismbcl2
_mbsrchr
_safe_fprem1
_safe_fdiv
__set_app_type
_gmtime64
__setusermatherr
_adj_fptan
__p__commode
_setjmp
_get_osfhandle
__p__fmode
_purecall
atof
_chmod
_beep
_adj_fdivr_m32i
_wrmdir
_mktime64
_exit
_adjust_fdiv
_wfopen
wcspbrk
_except_handler3
memcpy
_XcptFilter
_scwprintf
_controlfp
_getmbcp
_initterm
_pipe
_acmdln
_snwscanf
exit
__getmainargs

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ddfd974589f91e0b96b84606ed389ae

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msvcrt

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 184KB

.rsrc Size: 127KB - Virtual size: 126KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 184KB

.rsrc
Size: 127KB - Virtual size: 126KB