7f49d759dd43c56b31512bec03619a38

Sharing

Copy URL Twitter E-mail

General

Target

7f49d759dd43c56b31512bec03619a38
Size

152KB
MD5

7f49d759dd43c56b31512bec03619a38
SHA1

35a4d62877f7fd097c2bfe1024a7d3abe5372257
SHA256

8ca46769ae7499a551bc22a558c74bd5a51c26dddff773b1f0e197b8c69e0765
SHA512

56eb23884f132eb309c17eae2c77610558ffcd12fd127812399370e10e093ddd82f1b51a64da91f0ca923ddf034c467f89eeafa1296bfbdccaaf4c59be0c3fe1
SSDEEP

3072:GkSpZPqE7XOpJlXBBCkVbTiVcQtjijgrSnUb/xoxjR:pGZPbmBssbTiVJt+j8SUo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7f49d759dd43c56b31512bec03619a38

Files

7f49d759dd43c56b31512bec03619a38
.dll windows:4 windows x86 arch:x86

3546aa8ac8f71e1a992b2447ecf0c233

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcessId
IsBadReadPtr
ResetEvent
FlushInstructionCache
GetCurrentThread
VirtualProtect
GetProcessVersion
FreeLibrary
SetThreadPriority
CloseHandle
WaitForSingleObject
GetFileSize
GetLastError
FindFirstFileA
GetModuleFileNameA
GetCurrentThreadId
GetThreadPriority
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSection
GetExitCodeProcess
OpenProcess
SetEvent
WaitForMultipleObjects
CreateEventA
HeapFree
GetProcessHeap
CreateThread
HeapAlloc
FindClose
FindNextFileA
GetModuleHandleA
lstrlenA
GetFileTime
CreateFileA
HeapReAlloc
HeapValidate
IsBadWritePtr
lstrlenW
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
GetCPInfo
IsBadCodePtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
TerminateProcess
LCMapStringW
LCMapStringA
GetCurrentProcess
GetProcAddress
LoadLibraryA
MultiByteToWideChar
SetUnhandledExceptionFilter
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
Sleep
FlushFileBuffers
RaiseException
InterlockedDecrement
InterlockedIncrement
MoveFileA
GetCommandLineA
GetVersion
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
ReadFile
WriteFile
WideCharToMultiByte
ExitProcess
SetStdHandle
GetEnvironmentVariableA

user32

SetLastErrorEx
GetDC
GetForegroundWindow
GetKeyboardLayout
MapVirtualKeyExA
GetMessageA
DispatchMessageA
TranslateMessage
SetWindowPos
SetWindowLongA
SetFocus
GetWindowDC
GetWindowThreadProcessId
SetThreadDesktop
SetParent
SetCursorPos
GetWindowRect
GetIconInfo
FindWindowA
GetClientRect
SetRectEmpty
SetRect
IsRectEmpty

gdi32

SetRectRgn

advapi32

RevertToSelf

oleaut32

SysAllocStringLen
SysFreeString
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SYNC
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3546aa8ac8f71e1a992b2447ecf0c233

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

oleaut32

Sections

.text Size: 108KB - Virtual size: 107KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 12KB - Virtual size: 17KB

.SYNC Size: 4KB - Virtual size: 3KB

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 108KB - Virtual size: 107KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 12KB - Virtual size: 17KB

.SYNC
Size: 4KB - Virtual size: 3KB

.reloc
Size: 12KB - Virtual size: 9KB