38e1aa092a57e10bf67da9f4e643e59dc050d683900d7ff930191a174f191778

Sharing

Copy URL

Twitter E-mail

General

Target

38e1aa092a57e10bf67da9f4e643e59dc050d683900d7ff930191a174f191778
Size

7.1MB
MD5

1d35572dfa6a564b147bad355ad1be78
SHA1

fb87f6ab6f9f27d920901577c533fb8e466cbe6a
SHA256

38e1aa092a57e10bf67da9f4e643e59dc050d683900d7ff930191a174f191778
SHA512

8cd56244d3ab5da5a83d8c3086cbb2e95aaf487d0d8c39c736433c1296087431ecfc7481739111bd50a5f6c8b55b209a245976a3f9e028a549f12995e5e3141f
SSDEEP

196608:VhpnqHrY6/B0K8QSA0cv1FMEHF7vyMXwrEUxfY5PS/:Jr6uK8xvcvYe7vyAuEUsPS/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38e1aa092a57e10bf67da9f4e643e59dc050d683900d7ff930191a174f191778

Files

38e1aa092a57e10bf67da9f4e643e59dc050d683900d7ff930191a174f191778
.exe windows x86

ac18dc6a1c61398696cfd62f5dc166eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostname
sendto
recvfrom
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
htonl
WSAIoctl
htons
getsockname
listen
bind
accept
WSASetLastError
WSAGetLastError
WSACleanup
__WSAFDIsSet
closesocket
select
shutdown
WSASocketW
inet_pton
getaddrinfo
WSAStartup
getpeername
send
socket
ntohs
connect
recv
getsockopt
freeaddrinfo
ioctlsocket
getnameinfo
setsockopt
ntohl

advapi32

CryptHashData
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
CryptCreateHash
ReportEventW
RegisterEventSourceW
DeregisterEventSource
OpenProcessToken
GetTokenInformation

crypt32

CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertOpenStore
CertFreeCertificateContext
CertOpenSystemStoreW
CertEnumCertificatesInStore
CertCloseStore
CertFindCertificateInStore

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTextureFromFileInMemory
D3DXCreateTextureFromFileInMemoryEx

kernel32

GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
MultiByteToWideChar
QueryPerformanceFrequency
QueryPerformanceCounter
HeapFree
GetFullPathNameW
WriteFile
SetFilePointer
SetEndOfFile
WaitForSingleObject
CreateFileW
Sleep
LoadLibraryA
DeleteFileW
CloseHandle
HeapAlloc
GetProcAddress
GetProcessHeap
CreateProcessW
CreateMutexW
GetLastError
GetModuleHandleW
ReadFile
CreateThread
ExitProcess
GetCurrentProcess
GetVolumeInformationW
EnterCriticalSection
VirtualFree
VirtualAlloc
TerminateProcess
LeaveCriticalSection
HeapReAlloc
GetExitCodeProcess
CreateDirectoryW
SetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FormatMessageW
GetStdHandle
GetEnvironmentVariableW
GetFileType
GetModuleHandleExW
SwitchToFiber
DeleteFiber
CreateFiber
GetCurrentProcessId
GetSystemTimeAsFileTime
ConvertFiberToThread
ConvertThreadToFiber
FindClose
FindFirstFileW
FindNextFileW
WideCharToMultiByte
GetCommandLineA
LoadLibraryW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetSystemTime
SystemTimeToFileTime
InitializeCriticalSectionEx
SleepEx
GetSystemDirectoryA
CompareStringW
GetTickCount
GetCommandLineW
WaitForSingleObjectEx
GetEnvironmentVariableA
PeekNamedPipe
WaitForMultipleObjects
VerSetConditionMask
VerifyVersionInfoA
CreateFileA
GetFileSizeEx
ExitThread
LoadLibraryExW
InterlockedPushEntrySList
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
ResetEvent
SetEvent
GetStringTypeW
GetCPInfo
CompareStringEx
GetOEMCP
GetACP
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeLibrary
SetEnvironmentVariableW
IsValidCodePage
FindFirstFileExW
HeapSize
GetCurrentDirectoryW
LCMapStringEx
DecodePointer
EncodePointer
InitOnceBeginInitialize
InitOnceComplete
RaiseException
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetConsoleOutputCP
GetModuleFileNameW
SetFilePointerEx
FreeLibraryAndExitThread
SetConsoleCtrlHandler
GetDriveTypeW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
MoveFileExA
FileTimeToSystemTime
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetTimeZoneInformation
GetFileAttributesExW
GetModuleHandleA
WriteConsoleW
SetStdHandle
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetCursorPos
SetCursorPos
ReleaseCapture
GetClientRect
SetCursor
SetCapture
LoadCursorW
GetForegroundWindow
IsChild
ClientToScreen
GetCapture
ScreenToClient
ShowWindow
GetDesktopWindow
PostQuitMessage
RegisterClassExW
UnregisterClassW
CreateWindowExW
MessageBoxW
DestroyWindow
GetWindowRect
DefWindowProcW
TranslateMessage
PeekMessageW
DispatchMessageW
GetProcessWindowStation
GetUserObjectInformationW
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
GetKeyState

shell32

ShellExecuteW
SHGetKnownFolderPath

ole32

CoTaskMemFree

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

xinput1_3

ord2
ord4

bcrypt

BCryptGenRandom

ntdll

RtlAdjustPrivilege

normaliz

IdnToAscii

wldap32

ord200
ord301
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord217
ord143

Sections

.text
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 919KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Y=L
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Y.^
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Lg]
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac18dc6a1c61398696cfd62f5dc166eb

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

advapi32

crypt32

d3d9

d3dx9_43

kernel32

user32

shell32

ole32

imm32

xinput1_3

bcrypt

ntdll

normaliz

wldap32

Sections

.text Size: - Virtual size: 2.3MB

.rdata Size: - Virtual size: 919KB

.data Size: - Virtual size: 60KB

.Y=L Size: - Virtual size: 3.2MB

.Y.^ Size: 6KB - Virtual size: 6KB

.Lg] Size: 7.0MB - Virtual size: 7.0MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 112KB - Virtual size: 111KB

.text
Size: - Virtual size: 2.3MB

.rdata
Size: - Virtual size: 919KB

.data
Size: - Virtual size: 60KB

.Y=L
Size: - Virtual size: 3.2MB

.Y.^
Size: 6KB - Virtual size: 6KB

.Lg]
Size: 7.0MB - Virtual size: 7.0MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 112KB - Virtual size: 111KB