49483b15154d8527818744bb4d517f457bc236ae24b6c3686f965477da819d18

Sharing

Copy URL Twitter E-mail

General

Target

49483b15154d8527818744bb4d517f457bc236ae24b6c3686f965477da819d18
Size

1.9MB
MD5

8c23c14e48aad6d333e3b27eea6ee52a
SHA1

66adbdf2a7bc8432b1d63b87161835f6201d6a60
SHA256

49483b15154d8527818744bb4d517f457bc236ae24b6c3686f965477da819d18
SHA512

15bd95aa18c9313c8074bfcdc0cb9c40fd6083ddbd1351875e260ee3f22dd4b90a54e27d0169147fa24cd9c10368a33ea18d6d1798043331f963ce66064f77ad
SSDEEP

49152:ZL4yQ+qqcHjCxNc6KYGCWxEjy083YVJjCZXb/iAj5Xi12h:ZL4jrNCWxEu3YVJjC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49483b15154d8527818744bb4d517f457bc236ae24b6c3686f965477da819d18

Files

49483b15154d8527818744bb4d517f457bc236ae24b6c3686f965477da819d18
.dll windows:6 windows x86 arch:x86

ef1b2feaae5fb91d00996d427e8c0015

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Dev\agent2\_work\31\s\bin\Release\xlEM4900.pdb

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetModuleFileNameA
GetTickCount
GetTickCount64
GetSystemTime
MultiByteToWideChar
GetComputerNameA
CloseHandle
CreateProcessA
GetCommandLineA
WideCharToMultiByte
OutputDebugStringA
GetLocaleInfoA
GetNumberFormatA
LocalFree
LocalAlloc
FormatMessageA
GetProfileIntA
GetProfileStringA
GetLocalTime
ReleaseMutex
_lopen
InitializeCriticalSection
FileTimeToSystemTime
SystemTimeToFileTime
VirtualAlloc
ExitProcess
GetTimeZoneInformation
SetLastError
WaitForSingleObject
GetSystemTimeAsFileTime
GetCurrentProcess
DuplicateHandle
CompareFileTime
CreateFileA
GetFileTime
Sleep
GetFileAttributesA
TryEnterCriticalSection
SetWaitableTimer
GetProcessAffinityMask
CreateWaitableTimerA
GetThreadTimes
CreateDirectoryA
ExitThread
CreateThread
GetLastError
RaiseException
_lclose
DecodePointer
SetThreadContext
DebugBreak
TerminateThread
ResumeThread
SuspendThread
CreateEventA
SetEvent
SetEndOfFile
CreateFileW
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapSize
HeapReAlloc
CreateDirectoryW
ReadConsoleW
GetConsoleMode
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
TerminateProcess
RtlUnwind
InterlockedFlushSList
FreeLibrary
LoadLibraryExW
GetStdHandle
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
GetSystemInfo
VirtualProtect
VirtualQuery
ReadFile
GetCurrentThread
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
WriteFile
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
FreeLibraryAndExitThread

user32

MessageBoxA

advapi32

ReportEventA
RegisterEventSourceA
DeregisterEventSource

ole32

CoInitializeEx
CoCreateInstance
CLSIDFromProgID
OleRun
CoUninitialize

oleaut32

GetErrorInfo
VariantClear
VariantChangeType
SysAllocStringLen
VariantCopy
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString
VariantInit
SystemTimeToVariantTime
SafeArrayUnaccessData
SafeArrayAccessData
VarBstrCmp
SysStringLen

Exports

Exports

Init
Process
Terminate

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 493KB - Virtual size: 492KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef1b2feaae5fb91d00996d427e8c0015

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 493KB - Virtual size: 492KB

.data Size: 52KB - Virtual size: 58KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 103KB - Virtual size: 102KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 493KB - Virtual size: 492KB

.data
Size: 52KB - Virtual size: 58KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 103KB - Virtual size: 102KB