38c8eaf9634e4220993cdf7748de9989

Sharing

Copy URL

Twitter E-mail

General

Target

38c8eaf9634e4220993cdf7748de9989
Size

240KB
MD5

38c8eaf9634e4220993cdf7748de9989
SHA1

c4c5844a87daa440ebe69fcd8689ff6f20f16b71
SHA256

29d0a2aa26ab6dfc35431bf23afe6daa35893a3ea2f0f785afd9a640de4ecebf
SHA512

36224c115b50cad7b365512bb9b50b52b7cf558baf45678a43613cd7346750d8eabd50eec9ef33fd76f431f25597f71975e13687914817e19ac949c7f21cb328
SSDEEP

3072:q/sGT0zQ+DeMN0oAesZv9jPCY/TT6Bt6G9LdJ+O6zcrn9ywFPCD1uW5g:q/s8chwesdBPCY/vooO6m9Bk44g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38c8eaf9634e4220993cdf7748de9989

Files

38c8eaf9634e4220993cdf7748de9989
.exe windows:4 windows x86 arch:x86

7da653e33a30870d118cd58ce27815d5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

NdrConvert
NdrSendReceive
NdrConformantArrayMarshall
NdrConformantStringMarshall
NdrGetBuffer
NdrConformantArrayBufferSize
NdrConformantStringBufferSize
NdrClientInitializeNew
RpcRaiseException
NdrComplexArrayUnmarshall
NdrComplexArrayMarshall
NdrComplexArrayBufferSize
NdrConformantArrayUnmarshall
RpcEpUnregister
RpcServerUseProtseqEpA
RpcServerUseProtseqA
RpcServerRegisterIf
RpcServerInqBindings
RpcEpRegisterA
RpcBindingVectorFree
RpcServerUnregisterIf
RpcStringBindingComposeA
RpcStringFreeA
RpcBindingFromStringBindingA
RpcEpResolveBinding
RpcBindingFree
RpcMgmtIsServerListening
NdrConformantVaryingArrayBufferSize
NdrConformantVaryingArrayMarshall
NdrConformantVaryingArrayUnmarshall
NdrConformantStringUnmarshall
NdrFreeBuffer

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

wsock32

gethostbyname
inet_addr

kernel32

GetSystemInfo
VirtualProtect
GetTimeZoneInformation
CreateFileA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
SetUnhandledExceptionFilter
SetEnvironmentVariableA
GetOEMCP
GetACP
CompareStringW
CompareStringA
GetCPInfo
InitializeCriticalSection
SetFilePointer
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetLastError
OpenEventA
GetComputerNameA
GetCommandLineA
GetCurrentProcessId
CloseHandle
VirtualQuery
WaitForSingleObject
ResetEvent
WaitForMultipleObjects
MultiByteToWideChar
WideCharToMultiByte
CreateSemaphoreA
Sleep
GetModuleFileNameA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetDiskFreeSpaceA
LocalFree
FormatMessageA
FindClose
lstrcmpiA
GetDateFormatA
FindNextFileA
FindFirstFileA
SetLastError
CreateDirectoryA
MoveFileExA
CopyFileA
GetFileAttributesA
GetTimeFormatA
RemoveDirectoryA
DeleteFileA
GetTickCount
CreateEventA
SetEvent
HeapFree
HeapReAlloc
HeapAlloc
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetEndOfFile
ReadFile
ReleaseSemaphore
RaiseException
UnhandledExceptionFilter
TlsFree
TlsAlloc
QueryPerformanceCounter
ExitProcess
RtlUnwind
ResumeThread
CreateThread
TlsSetValue
TlsGetValue
ExitThread
TerminateProcess
GetCurrentProcess
GetProcAddress
GetModuleHandleA
IsBadWritePtr
IsBadReadPtr
HeapValidate
GetCurrentThreadId
GetSystemTimeAsFileTime
GetStartupInfoA
GetVersionExA
DebugBreak
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
LoadLibraryA
InterlockedIncrement
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection

user32

wsprintfA
MessageBoxA

advapi32

RegEnumValueA
RegOpenKeyA
RegDeleteKeyA
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExW
RegQueryValueExW
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey

ole32

CoInitialize
CoUninitialize

oleaut32

SysAllocStringLen
VarDateFromStr
SysFreeString

Sections

.text
Size: 152KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7da653e33a30870d118cd58ce27815d5

Headers

File Characteristics

Imports

rpcrt4

version

wsock32

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 152KB - Virtual size: 149KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 16KB - Virtual size: 21KB

.rsrc Size: 52KB - Virtual size: 52KB

.text
Size: 152KB - Virtual size: 149KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 16KB - Virtual size: 21KB

.rsrc
Size: 52KB - Virtual size: 52KB