d49871063447039f2f5d0627139fdb61

Sharing

Copy URL Twitter E-mail

General

Target

d49871063447039f2f5d0627139fdb61
Size

4.9MB
MD5

d49871063447039f2f5d0627139fdb61
SHA1

312b5b6fbeb1cdc11722a058987b6e9255285801
SHA256

b97568beaab726cde6153ed920be62a43f00a4b1c9483e1996801829be4592a1
SHA512

b31b0b8043d986c3ca70715d3072c7d399e34c53898a1aa57116440bbd159173354e69322502ba9e44584504ff3c6aa885b4888651ed0ba49846aeb2910f227f
SSDEEP

49152:rctMH3y0E2B6KOGO0d7unIe6OmMZRQKFd8aLY97z+vwtyW+nfTsEbdlkbXS2eeS:rtda0dSINMZRTFpY97FtCQOkV3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d49871063447039f2f5d0627139fdb61

Files

d49871063447039f2f5d0627139fdb61
.exe windows:5 windows x86 arch:x86

4bc3a08d4481ca7a203273f0ebb7256c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

dsound

DirectSoundCreate8

gdi32

GetDIBits
DeleteObject
GetStockObject
GetObjectW
CreateCompatibleDC
SelectObject
DeleteDC

iphlpapi

GetAdaptersInfo

kernel32

SetEnvironmentVariableA
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InterlockedIncrement
InterlockedDecrement
GetProcAddress
FreeLibrary
LoadLibraryW
WideCharToMultiByte
MultiByteToWideChar
GetFileAttributesW
Sleep
GetExitCodeThread
CloseHandle
SetThreadPriority
CreateThread
GetModuleFileNameW
CreateMutexA
InterlockedExchange
WaitForSingleObject
ReleaseMutex
GetShortPathNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
GlobalUnlock
GlobalLock
GlobalAlloc
GetLastError
CreateMutexW
SetLastError
GetSystemDirectoryW
TerminateProcess
ExitThread
GetFullPathNameW
FindFirstFileW
FindClose
FindNextFileW
CreateDirectoryW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
GetVersionExW
DeleteCriticalSection
GetCommandLineW
SetThreadExecutionState
GetModuleFileNameA
FormatMessageA
LoadLibraryA
SwitchToFiber
CreateFiber
DeleteFiber
ConvertThreadToFiber
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetTickCount
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentProcess
lstrlenW
GetVersionExA
ExpandEnvironmentStringsW
CreateSemaphoreW
ReleaseSemaphore
LocalFree
FormatMessageW
HeapDestroy
HeapAlloc
HeapCreate
HeapFree
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
CreateEventW
InitializeCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
HeapReAlloc
GetDriveTypeA
GetFullPathNameA
DeleteFileW
GetSystemTimeAsFileTime
ExitProcess
DeleteFileA
CreateDirectoryA
GetFileAttributesA
WriteFile
GetStdHandle
GetCurrentThreadId
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
LockResource
GetFileType
VirtualFree
GetCurrentProcessId
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetModuleHandleA
GetCurrentDirectoryA
SetFilePointer
ReadFile
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
FlushFileBuffers
CompareStringA
CompareStringW
CreateFileA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
CreateFileMappingA

shell32

ShellExecuteW
ExtractIconW
CommandLineToArgvW
SHGetSpecialFolderPathW
ShellExecuteA

user32

EnumDisplaySettingsW
CallWindowProcW
DefWindowProcW
GetWindowRect
SetFocus
DestroyWindow
MoveWindow
GetClientRect
SetWindowLongW
GetWindowLongW
GetWindow
CreateWindowExW
RegisterClassW
SetClassLongW
LoadCursorW
ReleaseCapture
SendMessageW
GetParent
PostMessageW
TrackMouseEvent
SetCursorPos
ShowWindow
PostQuitMessage
SetForegroundWindow
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
GetClipboardData
IsClipboardFormatAvailable
SetCursor
SetTimer
LoadIconW
FindWindowW
GetSystemMetrics
GetCursorPos
SetCapture
SetMenuItemInfoW
GetSystemMenu
GetKeyState
IsWindow
ReleaseDC
GetDC
GetIconInfo
CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx
SystemParametersInfoW
MessageBoxW
ClipCursor
GetClassLongW
IsWindowVisible
IsZoomed
AdjustWindowRect
IsIconic
SetWindowPos
SetWindowPlacement
GetMenu
GetWindowPlacement
SetMenu
UnregisterClassW
DestroyMenu
AdjustWindowRectEx
ScreenToClient
SetRect
DestroyAcceleratorTable
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
PeekMessageW
GetWindowInfo
GetCapture
SystemParametersInfoA

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wininet

HttpSendRequestW
HttpAddRequestHeadersW
InternetOpenUrlW
InternetSetOptionW
InternetReadFile
InternetOpenW
InternetCloseHandle
InternetQueryOptionW
HttpOpenRequestW
InternetQueryDataAvailable
InternetConnectW
InternetCrackUrlW

winmm

timeEndPeriod
timeBeginPeriod
timeGetTime

ole32

CoCreateGuid
CoInitialize

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 819KB - Virtual size: 819KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 131KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4bc3a08d4481ca7a203273f0ebb7256c

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

dsound

gdi32

iphlpapi

kernel32

shell32

user32

version

wininet

winmm

ole32

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 819KB - Virtual size: 819KB

.data Size: 131KB - Virtual size: 171KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 819KB - Virtual size: 819KB

.data
Size: 131KB - Virtual size: 171KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB