0738a366502716a67938fe9655802bb7

Sharing

Copy URL Twitter E-mail

General

Target

0738a366502716a67938fe9655802bb7
Size

158KB
MD5

0738a366502716a67938fe9655802bb7
SHA1

0f8a458b551d9488cb72e80d3e7087a614b3f797
SHA256

74888a3f0d79aaad8c7b89b3a174e5d25ac73b96b5613f68d5a8f713c073be15
SHA512

89b9fb4bfc9c23bf424f710db0cf9635d4b6d3a29a9fe606cbc043a493e25778ab34699a83dea0ff9475ba7854ea4589e3628d411dcc61e5587fcda68b75eb85
SSDEEP

3072:h3jxPGORgz8idNx8H5N8NdExmcRimNR8MgSLEs+qpje7JpsSlUGCC7Ln1:FxP9mz8wnM5N8nE1RPN7WsAFtUs1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0738a366502716a67938fe9655802bb7

Files

0738a366502716a67938fe9655802bb7
.exe windows:1 windows x86 arch:x86

3ddfd974589f91e0b96b84606ed389ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileType
TerminateProcess
GetEnvironmentStringsW
Module32First
GetEnvironmentVariableA
FreeEnvironmentStringsA
GetTimeFormatA
GetStartupInfoA
ResetEvent
GetConsoleMode
HeapCreate
VerLanguageNameA
TerminateThread
CreateFileA
SetLastError
ReadProcessMemory
GetSystemDirectoryA
SetFilePointer
GetProcessHeap
GetModuleHandleA
WaitForSingleObject
GetStringTypeW
GetTickCount
lstrcmpiA

user32

DestroyWindow
DefMDIChildProcA
DrawMenuBar
DeleteMenu
DrawIconEx
IsDialogMessageA
ScreenToClient
IsDlgButtonChecked
GetWindowRect
ReleaseDC
MoveWindow
ShowWindow
SetWindowPos
SetTimer
MessageBoxA
BeginPaint
InvalidateRect
GetDlgCtrlID
GetKeyState
GetClassNameA
DefFrameProcA

gdi32

GetTextExtentPoint32A
CreateSolidBrush
SaveDC
ExtTextOutA
RectInRegion
CreatePen
LineTo
GetObjectA
SelectObject
SetTextColor
DeleteObject
EndPage
SetBkColor
RestoreDC
StartDocA
MoveToEx
GetStockObject
GetBkColor
SetTextAlign

msvcrt

putc
swprintf
_ismbcl2
_mbsrchr
_safe_fprem1
_safe_fdiv
__set_app_type
_gmtime64
__setusermatherr
_adj_fptan
__p__commode
_setjmp
_get_osfhandle
__p__fmode
_purecall
atof
_chmod
_beep
_adj_fdivr_m32i
_wrmdir
_mktime64
_exit
_adjust_fdiv
_wfopen
wcspbrk
_except_handler3
memcpy
_XcptFilter
_scwprintf
_controlfp
_getmbcp
_initterm
_pipe
_acmdln
_snwscanf
exit
__getmainargs

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ddfd974589f91e0b96b84606ed389ae

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msvcrt

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 184KB

.rsrc Size: 127KB - Virtual size: 126KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 184KB

.rsrc
Size: 127KB - Virtual size: 126KB