49b527dacc10e6d0e9d2924ecc4e59a8d727d5a2eb89aea324d303f4c8e7ba28[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

49b527dacc10e6d0e9d2924ecc4e59a8d727d5a2eb89aea324d303f4c8e7ba28.exe
Size

167KB
MD5

5c86694b89a930b319f453e541d17869
SHA1

3e476f9253d814620a2fa2b9bd19374d420a3c67
SHA256

49b527dacc10e6d0e9d2924ecc4e59a8d727d5a2eb89aea324d303f4c8e7ba28
SHA512

f6c8913125e2f93d73c6358149398d49ca8703d8032dc8ee6314f9b6803c7a96cbf4dfdc3ac82d67b29f222e37114885f27402bcfc6688c0a5bd98b7c08cfe7a
SSDEEP

3072:fW29LkwhSw/x6rO8zjODXz4QMmKdXNPZfu0ICVy45Wr6QL:f39Llp/6O8zjODLMmKdXNI0ICVer6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49b527dacc10e6d0e9d2924ecc4e59a8d727d5a2eb89aea324d303f4c8e7ba28.exe

Files

49b527dacc10e6d0e9d2924ecc4e59a8d727d5a2eb89aea324d303f4c8e7ba28.exe
.exe windows:5 windows x86 arch:x86

85f4f1401ca36bd82fd51e7dd1026f90

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\dugo_caves\betuw sib.pdb

Imports

kernel32

SetVolumeLabelA
SetComputerNameExA
InterlockedIncrement
InterlockedDecrement
CreateJobObjectW
QueryDosDeviceA
SetCommBreak
GetTickCount
EnumResourceTypesA
GetModuleFileNameW
GetLogicalDriveStringsA
GetLastError
SetLastError
GetProcAddress
AttachConsole
VirtualAlloc
LoadLibraryA
WriteConsoleA
LocalAlloc
MoveFileA
RemoveDirectoryW
FindNextChangeNotification
GlobalFindAtomW
FindFirstVolumeMountPointA
GetModuleHandleA
GetConsoleTitleW
GetFileAttributesExW
FatalAppExitA
GetCurrentProcessId
AddConsoleAliasA
DeleteFileA
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
HeapReAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
RaiseException

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 38.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85f4f1401ca36bd82fd51e7dd1026f90

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 114KB - Virtual size: 113KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 18KB - Virtual size: 38.9MB

.rsrc Size: 23KB - Virtual size: 22KB

.text
Size: 114KB - Virtual size: 113KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 18KB - Virtual size: 38.9MB

.rsrc
Size: 23KB - Virtual size: 22KB