49633ab8a007e348d4b8d4bedb556fa0d9c90aa51bfaf65e1f47ec385f4b8234

General

Target

49633ab8a007e348d4b8d4bedb556fa0d9c90aa51bfaf65e1f47ec385f4b8234
Size

1.3MB
MD5

b35a6bee7c78d7421dc1ba78fbb1fc37
SHA1

9906e821dac8f949c2bd857d83011d6283670ab2
SHA256

49633ab8a007e348d4b8d4bedb556fa0d9c90aa51bfaf65e1f47ec385f4b8234
SHA512

c68461d612d1cb4de3fa0429fd14e9e30dc48fd075c41b1b13fb5463807de8bfa64bf37a4db579904804cc027d58af218e4e5611e4008af4839401df5de124fe
SSDEEP

24576:2Tqk5xi2skYTcSUDi5Uj9EFjxyfS3vVlEDa1ZJEz:2jiASyiUj9EFjxyKN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49633ab8a007e348d4b8d4bedb556fa0d9c90aa51bfaf65e1f47ec385f4b8234

Files

49633ab8a007e348d4b8d4bedb556fa0d9c90aa51bfaf65e1f47ec385f4b8234
.dll windows:6 windows x86 arch:x86

cca71859be28a1505efd36068720cec7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EncodePointer
DecodePointer
RaiseException
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
GetCurrentThreadId
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
GetSystemTimeAsFileTime
ExitProcess
GetModuleHandleExW
GetProcAddress
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetStdHandle
GetFileType
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetProcessHeap
GetModuleFileNameA
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
HeapReAlloc
LCMapStringW
LoadLibraryExW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
OutputDebugStringW
CloseHandle
SetStdHandle
WriteConsoleW
CreateFileW
QueryPerformanceCounter
SetLastError
DeleteCriticalSection
GetLastError

Exports

Exports

JSymmetric_encrypt
JencryptMaxnumber
JencryptVersion
Symmetric_DecryptString
Symmetric_EncryptString
Symmetric_Hash_crc
Symmetric_hash

Sections

.text
Size: 896KB - Virtual size: 896KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 366KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cca71859be28a1505efd36068720cec7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 896KB - Virtual size: 896KB

.rdata Size: 366KB - Virtual size: 365KB

.data Size: 42KB - Virtual size: 55KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 41KB - Virtual size: 41KB

.text
Size: 896KB - Virtual size: 896KB

.rdata
Size: 366KB - Virtual size: 365KB

.data
Size: 42KB - Virtual size: 55KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 41KB - Virtual size: 41KB