38726e4cde6a7726fca26ba4bc8d6f5af5ee3757aec448946c93fd5ddb158078

Sharing

Copy URL Twitter E-mail

General

Target

38726e4cde6a7726fca26ba4bc8d6f5af5ee3757aec448946c93fd5ddb158078
Size

1.2MB
MD5

52db196e69fb02ac1c6988a84bcdd6dc
SHA1

4635062cb498f765449b40ea223be316ebfa44b8
SHA256

38726e4cde6a7726fca26ba4bc8d6f5af5ee3757aec448946c93fd5ddb158078
SHA512

5f741152a3b251b31115e1d2ad70bde6b65b32630a98840ce0c909445fad9ebc730ebb9fa068afdb67171c035325017988b497e22551d97aaed8a8326637afe9
SSDEEP

12288:GAu7eWMFLPmzyNP3K06Uur6+0b5K0pBW6:GDaxFLPmg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38726e4cde6a7726fca26ba4bc8d6f5af5ee3757aec448946c93fd5ddb158078

Files

38726e4cde6a7726fca26ba4bc8d6f5af5ee3757aec448946c93fd5ddb158078
.exe windows x86

3e0ec40fce4f8fba18a02b698984cca8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

DbgPrint
RtlAssert
RtlIsDosDeviceName_U
vDbgPrintExWithPrefix

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW

kernel32

AddConsoleAliasW
AllocConsole
Beep
CloseHandle
CopyFileExW
CopyFileW
CreateDirectoryW
CreateFileW
CreatePipe
CreateProcessW
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
ExitProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterW
FindClose
FindFirstFileW
FindNextFileW
FindResourceExW
FlushConsoleInputBuffer
FlushFileBuffers
FormatMessageW
FreeConsole
FreeEnvironmentStringsW
FreeLibrary
GetCommandLineW
GetConsoleAliasW
GetConsoleAliasesLengthW
GetConsoleAliasesW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetConsoleTitleW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceW
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileSize
GetFileTime
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetVersionExW
GetVolumeInformationW
GetVolumePathNameW
GlobalMemoryStatus
HeapAlloc
HeapFree
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LocalReAlloc
LockResource
MoveFileExW
MoveFileW
MultiByteToWideChar
QueryPerformanceCounter
ReadConsoleInputW
ReadFile
RemoveDirectoryW
ResumeThread
RtlUnwind
SearchPathW
SetConsoleCtrlHandler
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleMode
SetConsoleTextAttribute
SetConsoleTitleW
SetCurrentDirectoryW
SetEnvironmentVariableW
SetFileApisToOEM
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleInformation
SetLastError
SetLocalTime
SetProcessAffinityMask
SetStdHandle
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TerminateProcess
TlsGetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleInputW
WriteConsoleOutputCharacterW
WriteConsoleW
WriteFile
lstrcmpiW
lstrlenW

msvcrt

__dllonexit
__lconv_init
__set_app_type
__setusermatherr
__wgetmainargs
__winitenv
_amsg_exit
_cexit
_fmode
_fpreset
_initterm
_iob
_itow
_lock
_onexit
_pclose
_snwprintf
_unlock
_vsnprintf
_vsnwprintf
_wchdir
_wcmdln
_wcsicmp
_wcslwr
_wcsnicmp
_wcsnset
_wcsupr
_wfopen
_wgetdcwd
_wpopen
_wtoi
_wtol
abort
bsearch
calloc
exit
fclose
fgetws
fprintf
free
fwrite
isalnum
isalpha
iswctype
malloc
memchr
memcmp
memcpy
memmove
memset
qsort
rand
realloc
signal
sprintf
strchr
strcmp
strcpy
strcspn
strncmp
swprintf
towlower
towupper
vfprintf
vswprintf
wcscat
wcschr
wcscmp
wcscpy
wcscspn
wcslen
wcsncat
wcsncmp
wcsncpy
wcspbrk
wcsrchr
wcsspn
wcsstr
wcstok
wcstol
wcstoul

user32

LoadStringW
MessageBeep

Sections

.text
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 79KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 913KB - Virtual size: 912KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rossym
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e0ec40fce4f8fba18a02b698984cca8

Headers

File Characteristics

Imports

ntdll

advapi32

kernel32

msvcrt

user32

Sections

.text Size: 133KB - Virtual size: 132KB

.data Size: 2KB - Virtual size: 1KB

.rdata Size: 14KB - Virtual size: 13KB

/4 Size: 512B - Virtual size: 80B

.bss Size: - Virtual size: 79KB

.idata Size: 6KB - Virtual size: 6KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 913KB - Virtual size: 912KB

.rossym Size: 177KB - Virtual size: 177KB

.text
Size: 133KB - Virtual size: 132KB

.data
Size: 2KB - Virtual size: 1KB

.rdata
Size: 14KB - Virtual size: 13KB

/4
Size: 512B - Virtual size: 80B

.bss
Size: - Virtual size: 79KB

.idata
Size: 6KB - Virtual size: 6KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 913KB - Virtual size: 912KB

.rossym
Size: 177KB - Virtual size: 177KB