38ce89db7678626b30a5fa53cb1e16dd1d2b94f176c4fb19d375e68e18e5f5ad

Sharing

Copy URL

Twitter E-mail

General

Target

38ce89db7678626b30a5fa53cb1e16dd1d2b94f176c4fb19d375e68e18e5f5ad
Size

280KB
MD5

f9fa6543d730b50f6703c09dfc42708e
SHA1

184a62b9cdbfa015c027dc6796f2d9c8f82253e8
SHA256

38ce89db7678626b30a5fa53cb1e16dd1d2b94f176c4fb19d375e68e18e5f5ad
SHA512

633f320472639b0d55f6dad49caa82a99d4fb18a762e1b79614cd1b94811c33c98c2c91244789cf6776d452f68fa9c272054c801a167d7c877b3c06b1ebf8267
SSDEEP

384:I9B+mv+6h+hcNDjgIpjjgu9+zEgvk4C6grh3TJTEmuQlKCU2:1r6hucNIIqtzEgMbJuQlKv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38ce89db7678626b30a5fa53cb1e16dd1d2b94f176c4fb19d375e68e18e5f5ad

Files

38ce89db7678626b30a5fa53cb1e16dd1d2b94f176c4fb19d375e68e18e5f5ad
.exe windows:6 windows x86 arch:x86

872bb6ec1525fcdb50ba4e7aa76fa5ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

scrntest

?DoScreenTest@@YAJXZ

mfc120u

ord12878
ord2759
ord8343
ord8352
ord8268
ord12736
ord8206
ord5262
ord2444
ord12412
ord12413
ord14448
ord7806
ord14454
ord9279
ord4109
ord4047
ord12818
ord7825
ord1992
ord11857
ord11858
ord14326
ord12402
ord7884
ord14526
ord6251
ord11768
ord6253
ord14527
ord6252
ord3809
ord5821
ord12114
ord12122
ord8099
ord10314
ord12126
ord12094
ord12799
ord5157
ord5454
ord5664
ord9231
ord5430
ord5667
ord5160
ord5316
ord5137
ord7609
ord7610
ord14076
ord8855
ord7600
ord5314
ord8101
ord10131
ord9089
ord1508
ord8361
ord14168
ord12454
ord1506
ord14528
ord9090
ord6759
ord4547
ord13771
ord2163
ord7881
ord1468
ord993
ord7542
ord10260
ord2204
ord2367

msvcr120

_CxxThrowException
__CxxFrameHandler3
_amsg_exit
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
_commode
_fmode
_wcmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
__set_app_type
__wgetmainargs
memcpy
__crtGetShowWindowMode
_XcptFilter
memset
memmove
free
_purecall

kernel32

InitializeCriticalSectionEx
OutputDebugStringW
GetLastError
DecodePointer
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
EncodePointer
DeleteCriticalSection

comctl32

InitCommonControlsEx

ole32

CoInitialize

gdiplus

GdiplusStartup
GdiplusShutdown

msvcp120

?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 266KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

872bb6ec1525fcdb50ba4e7aa76fa5ee

Headers

DLL Characteristics

File Characteristics

Imports

scrntest

mfc120u

msvcr120

kernel32

comctl32

ole32

gdiplus

msvcp120

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 266KB - Virtual size: 266KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 266KB - Virtual size: 266KB

.reloc
Size: 1KB - Virtual size: 1KB