138def3a00cd4b3f8da202a23926b5cb

Sharing

Copy URL Twitter E-mail

General

Target

138def3a00cd4b3f8da202a23926b5cb
Size

365KB
MD5

138def3a00cd4b3f8da202a23926b5cb
SHA1

d983500148b7b2dabd18efc5d440c10c24ab00c2
SHA256

edd581e1e9b5f135a45eefb7e17f553876105a01683e96f13df0118d6f3b24b3
SHA512

115286ca9f2b134f5594dc31758217eade2f4bfc48c4081567042d3720757ee0b453ef1b1dc7f82a93d37407a324740d007671f0a3e490c1d4740a051af6d530
SSDEEP

6144:Z0KOypBAlUllfLlHmsZ3cJJ1ZAcdNVWBcjsIfDdJMcE8cp8ThEWF0wXoxDVyFGCr:nFlf5HoNdNquD2wqWF0wXgkwC1iw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
138def3a00cd4b3f8da202a23926b5cb

Files

138def3a00cd4b3f8da202a23926b5cb
.exe windows:5 windows x86 arch:x86

d0af3c190441496817a24bae9b9eb9fa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

CallNamedPipeW
UTRegister
SetConsoleNumberOfCommandsW
SetComputerNameW
GetSystemWindowsDirectoryA
UnmapViewOfFile
LoadLibraryA
SearchPathW
GetEnvironmentStringsW
CreateJobObjectA
LockFile
SetConsoleIcon
GetConsoleAliasExesLengthA
GetConsoleTitleA
lstrcpy
GetConsoleAliasExesW
GetConsoleCursorMode
QueryPerformanceCounter
VirtualAlloc
GetConsoleAliasesLengthW
ProcessIdToSessionId
HeapDestroy
GetProfileSectionW
AddVectoredExceptionHandler
OpenWaitableTimerW
GetLogicalDrives
InterlockedPushEntrySList
UnregisterWait
HeapCreate
GetConsoleScreenBufferInfo
SetFileValidData
GetDiskFreeSpaceExW
GetCurrentThread
InitializeCriticalSectionAndSpinCount
SetStdHandle
CreateProcessInternalA
GetConsoleAliasesW
FindActCtxSectionStringW

oleaut32

SafeArrayUnaccessData
VarDateFromUI8
VarUI2FromI2
RegisterTypeLib
VarBoolFromDisp
VarUI8FromUI2
VarI4FromBool
VarI4FromStr
OleLoadPictureEx
VarI1FromI8
VarCyFromUI8
VariantClear
VarBstrFromUI8
VarUI2FromCy
VariantCopy
VarPow
VarDecFromI4
SafeArraySetIID
VarR4FromI8
LPSAFEARRAY_Size
SetVarConversionLocaleSetting
SafeArrayAllocDescriptor
VarUI1FromUI4
GetAltMonthNames
VarI4FromUI4
VarI8FromI2
VarUI2FromDec
VarDecDiv
VariantTimeToSystemTime
VarUI2FromBool
SysAllocStringLen
VarR8FromI8
VarUI4FromI8
VarBoolFromCy
VarI4FromCy
VarUI8FromR8
VarCyFromI8
OleLoadPictureFileEx
VarBstrFromR8
VarBoolFromUI8
CreateDispTypeInfo
VarDecFromBool
VarRound
VarI2FromUI2
VarUI2FromStr
UnRegisterTypeLib
VarCyNeg
SafeArrayGetRecordInfo
VarUI1FromStr
VarBstrFromI8
VarMul
VarDecFromI1
SetErrorInfo
VarI2FromUI1
OleSavePictureFile
DosDateTimeToVariantTime
GetErrorInfo
VarTokenizeFormatString
VarCyFromR4
SysStringLen
LHashValOfNameSys
VarFormat
VarDecCmpR8
VarBoolFromUI2
BstrFromVector
VarI8FromDisp
OACreateTypeLib2
VarCyInt
VarDecFromCy
VarFormatNumber
VarFormatPercent
VarUI8FromDate
VarEqv
VarDecFix
VarUI1FromR8
VarDecAdd
VarDecRound
VarDateFromI2
VarDateFromUI1
VarUdateFromDate
DispCallFunc
VarDecFromUI4
VarI4FromUI8
VarInt
VARIANT_UserMarshal
VarR4CmpR8

winsta

ServerQueryInetConnectorInformationA
_WinStationWaitForConnect
WinStationGetMachinePolicy
WinStationNameFromLogonIdA
WinStationSetPoolCount
_WinStationGetApplicationInfo
WinStationIsHelpAssistantSession
WinStationGetProcessSid
_WinStationNotifyLogoff
WinStationActivateLicense
WinStationEnumerateW
WinStationSendMessageA
WinStationQueryInformationW
_NWLogonQueryAdmin
_WinStationBreakPoint
LogonIdFromWinStationNameA
WinStationEnumerateA
_NWLogonSetAdmin
ServerLicensingGetPolicyInformationA
WinStationQueryLogonCredentialsW
_WinStationUpdateClientCachedCredentials
WinStationUnRegisterConsoleNotification
ServerLicensingUnloadPolicy
ServerGetInternetConnectorStatus
WinStationRemoveLicense
WinStationFreeMemory
WinStationWaitSystemEvent
WinStationGetLanAdapterNameW
ServerLicensingOpenW
WinStationQueryUpdateRequired
ServerLicensingOpenA
WinStationRenameW
WinStationOpenServerW
_WinStationNotifyNewSession
_WinStationCallback
ServerLicensingGetPolicy
_WinStationReadRegistry
WinStationShutdownSystem

cfgmgr32

CM_Invert_Range_List
CM_Set_HW_Prof_FlagsA
CM_Set_DevNode_Registry_PropertyW
CM_Enumerate_Enumerators_ExA
CM_Get_Device_ID_List_ExA
CM_Open_Class_KeyA
CM_Unregister_Device_InterfaceA
CM_Set_DevNode_Problem
CM_Open_Class_Key_ExW
CMP_Init_Detection
CM_Get_Device_ID_ExA
CM_Test_Range_Available
CM_Create_DevNodeA
CM_Setup_DevNode_Ex
CM_Get_Parent_Ex
CM_Get_Depth_Ex
CM_Get_Device_ID_ListA
CM_Next_Range
CM_Disconnect_Machine
CM_Locate_DevNodeW
CM_Get_DevNode_Status_Ex
CM_Get_Res_Des_Data
CM_Remove_SubTree_Ex
CM_Get_Device_Interface_List_Size_ExA
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Registry_PropertyA
CM_Add_ID_ExW
CM_Query_Arbitrator_Free_Size_Ex
CM_Get_Device_IDA
CM_Locate_DevNodeA
CM_Get_Device_IDW
CM_Query_Resource_Conflict_List
CM_Get_Class_Registry_PropertyA
CM_Disable_DevNode
CM_Add_IDW
CM_Get_Version_Ex
CM_Enable_DevNode
CM_Query_Remove_SubTree_Ex

clusapi

OnlineClusterResource
SetClusterNetworkPriorityOrder
GetClusterNetInterface
CloseCluster
GetClusterFromGroup
ClusterRegDeleteKey
ClusterRegCreateKey
GetClusterNetworkKey
GetClusterGroupState
BackupClusterDatabase
ClusterRegSetValue
ClusterRegQueryInfoKey
ClusterOpenEnum
ChangeClusterResourceGroup
ClusterEnum
ClusterResourceTypeGetEnumCount
GetClusterFromNetwork
AddClusterResourceDependency
CanResourceBeDependent
CloseClusterGroup
ClusterRegSetKeySecurity
CloseClusterNode
ClusterResourceTypeControl
GetClusterFromNode
RemoveClusterResourceNode
GetNodeClusterState
CreateClusterNotifyPort
ClusterRegEnumKey
DeleteClusterResource
GetClusterFromNetInterface
SetClusterQuorumResource

rasdlg

RasUserPrefsDlg
RasPhonebookDlgW
RasUserEnableManualDial
DwTerminalDlg
RasSrvEnumConnections
RasAutodialQueryDlgW
GetRasDialOutProtocols
RouterEntryDlgA
RasSrvHangupConnection
RasSrvAllowConnectionsConfig
RasSrvIsServiceRunning
RasEntryDlgW
RouterEntryDlgW
RasAutodialQueryDlgA
RasPhonebookDlgA
RasSrvInitializeService
RasDialDlgW
RasEntryDlgA
RasSrvAddPropPages
RasSrvCleanupService
RasSrvIsConnectionConnected
RasUserGetManualDial
RasDialDlgA

Sections

.text
Size: 93KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 520KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 191KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0af3c190441496817a24bae9b9eb9fa

Headers

File Characteristics

Imports

kernel32

oleaut32

winsta

cfgmgr32

clusapi

rasdlg

Sections

.text Size: 93KB - Virtual size: 96KB

.rdata Size: 77KB - Virtual size: 80KB

.data Size: 512B - Virtual size: 520KB

.rsrc Size: 191KB - Virtual size: 192KB

.reloc Size: 1KB - Virtual size: 4KB

.text
Size: 93KB - Virtual size: 96KB

.rdata
Size: 77KB - Virtual size: 80KB

.data
Size: 512B - Virtual size: 520KB

.rsrc
Size: 191KB - Virtual size: 192KB

.reloc
Size: 1KB - Virtual size: 4KB