38b3ad07b35d7dcbd054e87295ee1d60ab2f894111d458e88c6c183cd7ffefc8

Sharing

Copy URL

Twitter E-mail

General

Target

38b3ad07b35d7dcbd054e87295ee1d60ab2f894111d458e88c6c183cd7ffefc8
Size

344KB
MD5

73b6567e0fb62eeb98aeaa8af712c650
SHA1

a540265e45623ef70377b6d21118b732835a8337
SHA256

38b3ad07b35d7dcbd054e87295ee1d60ab2f894111d458e88c6c183cd7ffefc8
SHA512

2e03cdb91083ad989caa260fde1646f011a3632067495ff18367056c7873a804fc9898b8462fd8736ac0d351472d61fb789cf3383b16f28d1cef5551e1041c71
SSDEEP

6144:h04sqI3VM+bMHClEf6HCAW3/hpb7BuHRaumHyxaK3yaFPR65n:C4sx3VNbMilED5v3CRPsykK3DF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38b3ad07b35d7dcbd054e87295ee1d60ab2f894111d458e88c6c183cd7ffefc8

Files

38b3ad07b35d7dcbd054e87295ee1d60ab2f894111d458e88c6c183cd7ffefc8
.exe windows:4 windows x86

9b75b16edb59346e07a9d6ae7fc2c1ea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetProcessWindowStation
CreateMDIWindowW

kernel32

LocalAlloc
WriteFile
GetThreadPriorityBoost
GetCurrentThread
GetThreadPriority
GetCPInfoExA
GetTickCount
FileTimeToDosDateTime
LocalSize
GetConsoleCP
EnumCalendarInfoA
FindActCtxSectionGuid
GetStringTypeExA
IsWow64Process
ExpandEnvironmentStringsA
GetShortPathNameW
LocalFlags
EnumDateFormatsExA
IsBadHugeReadPtr
MoveFileA
GetProcessTimes
LocalFree
lstrcmpA
GetProfileSectionA
InterlockedIncrement
CloseHandle
MoveFileWithProgressW
GetCalendarInfoA
GetLocaleInfoA
CreateFileW
SetComputerNameExA
GetVolumeNameForVolumeMountPointA
EnumSystemLocalesA
GetCalendarInfoW
GetNamedPipeHandleStateW
GetStringTypeA
InterlockedPushEntrySList
MoveFileWithProgressA
WaitForMultipleObjectsEx
GlobalFlags
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleInputW
GetFileType
ReadFile
GetLocaleInfoW
GetCommandLineA
GetVersionExA
GetStartupInfoA
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleA
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
RaiseException
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
InterlockedDecrement
GetCurrentThreadId
HeapDestroy
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringA
GetCPInfo
GetACP
GetOEMCP
GetConsoleMode
FlushFileBuffers
FatalAppExitA
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSection
GetModuleHandleW
HeapAlloc
Sleep
VirtualAlloc
HeapReAlloc
RtlUnwind
SetFilePointer
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
IsValidLocale
IsValidCodePage
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
VirtualProtect
GetSystemInfo
VirtualQuery
GetTimeZoneInformation
CreateFileA

mprapi

MprAdminServerGetInfo
MprAdminMIBEntrySet

clusapi

OfflineClusterResource

shell32

SHQueryRecycleBinW

Sections

.text
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

~f6c:D
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.erloc
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

B;z^#
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b75b16edb59346e07a9d6ae7fc2c1ea

Headers

File Characteristics

Imports

user32

kernel32

mprapi

clusapi

shell32

Sections

.text Size: 156KB - Virtual size: 152KB

~f6c:D Size: 28KB - Virtual size: 25KB

.data Size: 8KB - Virtual size: 12KB

.erloc Size: 64KB - Virtual size: 61KB

B;z^# Size: 40KB - Virtual size: 36KB

.rsrc Size: 44KB - Virtual size: 246KB

.text
Size: 156KB - Virtual size: 152KB

~f6c:D
Size: 28KB - Virtual size: 25KB

.data
Size: 8KB - Virtual size: 12KB

.erloc
Size: 64KB - Virtual size: 61KB

B;z^#
Size: 40KB - Virtual size: 36KB

.rsrc
Size: 44KB - Virtual size: 246KB