38ae706141f841e5e9df4a5f51b66e2d

Sharing

Copy URL Twitter E-mail

General

Target

38ae706141f841e5e9df4a5f51b66e2d
Size

313KB
MD5

38ae706141f841e5e9df4a5f51b66e2d
SHA1

91d53789455d1d993d802d8859ed5b05cb960fff
SHA256

3f6bf36ccf4bb66306e63bb7910079b98064e97cf29bf0a0f895b7449cbb3d03
SHA512

f9eefdca137d8b31a48b34abddca5fad3dadece32171b5b675a38a2390f435ac6cc18ab12def47b57959d89d86d3df3cb06c4a180b2ed012523107d953c335ff
SSDEEP

6144:JGk/IDniUh8ybb4PHw6uPv6I4GkXa3zEXC6AjMBb8mJ88B6q91um:g/b8qEY6Oh4GkXa3zFMPjMEum

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38ae706141f841e5e9df4a5f51b66e2d

Files

38ae706141f841e5e9df4a5f51b66e2d
.exe windows:5 windows x86 arch:x86

50ba80c852b2c0ae0e23cca8a56a6b60

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

olecli32

BmCopy
GenClone
OleDraw
ErrReconnect
OleCreateLinkFromClip
OleSetHostNames
OleRename
LeQueryBounds
OleRelease
GenCopy
OleClone
GenEnumFormat
LeShow
ObjRename
ObjQuerySize
OleQueryProtocol
OleEnumObjects
DefCreateLinkFromFile
PbGetData
GenEqual
OleCreateFromTemplate
OleSetTargetDevice
DibQueryBounds
ErrShow
OleDelete
PbCreateInvisible
DocWndProc
OleExecute
LeReconnect
MfQueryBounds

ole32

HENHMETAFILE_UserSize
CreateOleAdviseHolder
HMETAFILEPICT_UserFree
CoMarshalInterface
PropVariantCopy
SetErrorInfo
OleCreateFromData
CoGetInterfaceAndReleaseStream
CoReactivateObject
GetHookInterface
HDC_UserMarshal
MonikerRelativePathTo
GetConvertStg
WriteOleStg
HACCEL_UserMarshal
MonikerCommonPrefixWith
WriteStringStream
CreateClassMoniker
CreateDataCache
ReadClassStg
OleDuplicateData
CoSetProxyBlanket
OleCreateLinkEx
GetClassFile
CoFreeAllLibraries
SNB_UserSize
CreateDataAdviseHolder
CreateItemMoniker

kernel32

GetFileTime
QueryPerformanceCounter
WriteProfileStringA
MoveFileExA
GetCurrentConsoleFont
GlobalGetAtomNameW
GetCurrentThread
CreateEventA
SetEndOfFile
GetModuleHandleW
TransactNamedPipe
GetEnvironmentStrings
GetUserDefaultLCID
lstrcatA
FatalAppExitW
LoadLibraryW
GetLocaleInfoW
IsBadStringPtrW

msvfw32

DrawDibTime
ICClose
ICOpen
DrawDibEnd
MCIWndCreateW
GetOpenFileNamePreviewW
DrawDibGetPalette
MCIWndCreate
DrawDibStop
ICSendMessage
ICCompressorChoose
ICSeqCompressFrameEnd
ICSeqCompressFrame
ICInstall
ICRemove
ICOpenFunction
DrawDibDraw
VideoForWindowsVersion
GetOpenFileNamePreviewA
ICLocate
ICDecompress
DrawDibSetPalette
ICImageCompress
DrawDibBegin
ICInfo
DrawDibRealize
MCIWndRegisterClass
DrawDibProfileDisplay

shell32

RealShellExecuteW
SHGetNewLinkInfoA
SHFormatDrive
DllInstall
SHGetFolderPathAndSubDirA
SHGetFolderLocation
StrNCmpIW
DragQueryFileA
SHEmptyRecycleBinA
InternalExtractIconListA
ShellExecuteExW
SHGetIconOverlayIndexA
SHFileOperationA

shlwapi

SHQueryInfoKeyW
PathUnquoteSpacesA
PathIsNetworkPathW
SHRegDeleteUSValueA
PathGetArgsW
PathRemoveFileSpecA
SHRegSetPathA
PathFindOnPathA
SHDeleteEmptyKeyW
SHRegWriteUSValueA
PathCombineA
PathRemoveBackslashA
PathGetDriveNumberA
SHRegDeleteEmptyUSKeyW
StrChrIW
ColorAdjustLuma
PathSetDlgItemPathW
UrlGetLocationW

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50ba80c852b2c0ae0e23cca8a56a6b60

Headers

File Characteristics

Imports

olecli32

ole32

kernel32

msvfw32

shell32

shlwapi

Sections

.text Size: 130KB - Virtual size: 129KB

.rdata Size: 60KB - Virtual size: 60KB

.data Size: 8KB - Virtual size: 62KB

.rsrc Size: 112KB - Virtual size: 112KB

.text
Size: 130KB - Virtual size: 129KB

.rdata
Size: 60KB - Virtual size: 60KB

.data
Size: 8KB - Virtual size: 62KB

.rsrc
Size: 112KB - Virtual size: 112KB