c49f84981d97da32e100a410c15807ad

Sharing

Copy URL Twitter E-mail

General

Target

c49f84981d97da32e100a410c15807ad
Size

665KB
MD5

c49f84981d97da32e100a410c15807ad
SHA1

1632018778414fa87bda448bef8e9e725c5d5ec4
SHA256

1143e31b04cba275804f7e26c292915960df971728bf027f6f36880c0063a513
SHA512

812bea65a684fa6ad34df9c79062538cfc3cf407cfc8294dac3b9e6ae59f35d5a49dd8522577557f62f84cf4fbf513cb1d33d58bd2a14328c3189adcdd3b2ff3
SSDEEP

12288:pgd0sxvPG0TTGqQVu6gDgoG3KaRc6VyNaQsWuD4WnQ28PASOxJAnNbVPn7qrY2hZ:2as1NeJoaqbPYNn2PAjEtn7QTesk/wrn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c49f84981d97da32e100a410c15807ad

Files

c49f84981d97da32e100a410c15807ad
.exe windows:4 windows x86 arch:x86

2376f8808b2533fbe8c6a0e5b91c357a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleW
GetACP
GetSystemTimeAsFileTime
GetCommandLineA
FreeLibrary
IsValidCodePage
EnumSystemLocalesA
TlsAlloc
HeapFree
GetCurrentProcessId
GetProfileSectionW
GetStringTypeA
GetModuleHandleA
GetConsoleMode
RtlUnwind
SetFilePointer
GetLocaleInfoW
GetModuleFileNameW
GetExitCodeThread
GetSystemTime
WritePrivateProfileStructW
CloseHandle
TlsFree
CreateMutexA
CreateThread
GetLogicalDrives
GetStringTypeW
GetProcAddress
QueryPerformanceCounter
HeapCreate
lstrlenA
HeapAlloc
GetFileType
LCMapStringA
VirtualAlloc
HeapSize
EnterCriticalSection
GetEnvironmentStringsW
OpenMutexA
LoadLibraryA
RaiseException
WriteConsoleA
FindClose
SetStdHandle
TerminateProcess
VirtualFree
SetEndOfFile
GetProcAddress
SetLastError
IsBadReadPtr
InterlockedDecrement
SetHandleCount
lstrlenW
GetLocaleInfoA
GetDateFormatA
GetSystemDirectoryA
GetConsoleOutputCP
GetCurrentThreadId
MultiByteToWideChar
LeaveCriticalSection
SetEnvironmentVariableA
IsDebuggerPresent
OutputDebugStringA
GetLastError
GetUserDefaultLCID
GetCurrentProcess
TlsSetValue
GetCurrentThread
InterlockedExchange
GetModuleFileNameA
DebugBreak
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsGetValue
WriteFile
DeleteAtom
DeleteCriticalSection
CompareStringW
GetStartupInfoA
OutputDebugStringW
CreateFileA
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
HeapReAlloc
ReadFile
FreeEnvironmentStringsW
LCMapStringW
Sleep
FormatMessageW
WideCharToMultiByte
CreateSemaphoreA
GetConsoleCP
IsValidLocale
GetEnvironmentStrings
HeapDestroy
FreeEnvironmentStringsA
GetTickCount
LoadLibraryW
GetTimeZoneInformation
SetConsoleCtrlHandler
VirtualQuery
InterlockedExchangeAdd
GetOEMCP
GetProcessHeap
GetStdHandle
InterlockedIncrement
GlobalUnlock
FlushFileBuffers
HeapValidate
CompareStringA
ExitProcess
GetCPInfo
GetTimeFormatA
FindFirstFileA

shell32

ExtractIconExA

user32

LoadCursorFromFileW
RegisterClassA
ShowScrollBar
BroadcastSystemMessageW
CreateDialogParamA
GetCursorInfo
DrawIcon
SetMenuContextHelpId
DlgDirListComboBoxA
EnumDesktopWindows
GetWindowModuleFileNameW
IsDialogMessageW
EndMenu
GetDoubleClickTime
RegisterClassExA
GetWindowInfo
SetPropW
CharLowerBuffW

gdi32

DeleteObject
Escape
CloseEnhMetaFile
SetSystemPaletteUse
GetCharacterPlacementW
CreateDIBitmap
FixBrushOrgEx
CreateDIBPatternBrush
PolyTextOutA
UnrealizeObject
CreateICW
GdiSetBatchLimit
SetGraphicsMode
UpdateICMRegKeyA
GetBitmapDimensionEx
Ellipse
SetFontEnumeration
CreateBitmapIndirect

comctl32

InitCommonControlsEx

comdlg32

ReplaceTextW
ChooseColorA
PageSetupDlgA

advapi32

RegSaveKeyA
RegDeleteValueA
LookupAccountSidW
CreateServiceA
LookupPrivilegeDisplayNameA
RegLoadKeyA
RegEnumKeyA
CryptDestroyHash
CryptGenRandom
DuplicateToken
CreateServiceW
RegRestoreKeyW
RegDeleteKeyW
CryptGetDefaultProviderA
ReportEventW
LogonUserW
RegReplaceKeyA
DuplicateTokenEx
RegCreateKeyA
CryptSetHashParam
CryptSignHashW
CryptSetProviderExW
CryptGetHashParam
RegSetValueExA
CryptGetDefaultProviderW

Sections

.text
Size: 293KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 315KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2376f8808b2533fbe8c6a0e5b91c357a

Headers

File Characteristics

Imports

kernel32

shell32

user32

gdi32

comctl32

comdlg32

advapi32

Sections

.text Size: 293KB - Virtual size: 292KB

.rdata Size: 49KB - Virtual size: 65KB

.data Size: 315KB - Virtual size: 314KB

.rsrc Size: 7KB - Virtual size: 6KB

.text
Size: 293KB - Virtual size: 292KB

.rdata
Size: 49KB - Virtual size: 65KB

.data
Size: 315KB - Virtual size: 314KB

.rsrc
Size: 7KB - Virtual size: 6KB