38884ee2da9c07292aace204ddde3909

Sharing

Copy URL

Twitter E-mail

General

Target

38884ee2da9c07292aace204ddde3909
Size

146KB
MD5

38884ee2da9c07292aace204ddde3909
SHA1

2912c3ce1fb7f5442471223f32b64cdbc521437d
SHA256

3358fb045027db3039215cf4d74fb938bcb0974a82848d70fae9ddc6b1355a49
SHA512

52535e940fdd302611aceead23e7c8d0e45db2d27c569f7cb6b31fe405d293766e7aa8c0a19d8b52109e984199664d6c0760d860de67d6cb8407d2b05162ec02
SSDEEP

3072:Cn8nBGsEMXOoKBFRamYd5J4/W828GRKbJJYeAmT/fwVBCBP/Z:CqAsEgKBFRa9JZJSJffw+BJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38884ee2da9c07292aace204ddde3909

Files

38884ee2da9c07292aace204ddde3909
.exe windows:5 windows x86 arch:x86

972c799cc8cf0470f67b7a1c56767843

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dnsapi

DnsApiRealloc
DnsAsyncRegisterTerm
Dns_SendEx
DnsReplaceRecordSetUTF8
DnsRemoveRegistrations
DnsWriteQuestionToBuffer_W
DnsExtractRecordsFromMessage_W
DnsUpdateTest_UTF8
DnsStringCopyAllocateEx
Dns_SendAndRecvUdp
DnsModifyRecordsInSet_UTF8
DnsQueryConfigDword
DnsQueryConfig
DnsFlushResolverCacheEntry_UTF8
DnsRecordCompare
DnsFlushResolverCacheEntry_A
DnsApiHeapReset
Dns_ParseMessage
DnsRecordSetCopyEx
DnsQuery_UTF8
DnsGetBufferLengthForStringCopy
DnsUpdate
DnsCopyStringEx
DnsNameCopy

sqlunirl

_CreateProcessAsUser_@44
_IsDialogMessage@8
_ExpandEnvironmentStrings_@12
_lstrcat_@8
_GetOpenFileName@4
__lopen_@8
_DrawState_@40
_PrivilegedServiceAuditAlarm_@20
_FindResource@12
_GetMessage_@16
_CreateEnhMetaFile_@16
_ChangeDisplaySettings_@8
newMultiByteFromWideChar
_CharUpper@4
_GetWindowText@12
_SetWindowsHookEx_@16
_VkKeyScan_@4
_CreateDirectoryEx_@12
_GetClassInfoEx_@12
_OemToChar_@8
_OpenWaitableTimer_@12
_SHGetFileInfo_@20
_SetProp@12
_NDdeSetShareSecurity_@16
_ExtractAssociatedIcon_@12
_OpenFileMapping_@12

kernel32

GetModuleHandleA
SetThreadLocale
GetSystemDirectoryW
DosDateTimeToFileTime
CreateActCtxW
_lcreat
CreateSemaphoreA
EnumSystemGeoID
CreateWaitableTimerW
UnregisterWait
Process32FirstW
CmdBatNotification
LoadLibraryA
MultiByteToWideChar
OutputDebugStringW
GetConsoleKeyboardLayoutNameW
GetFirmwareEnvironmentVariableW
GetPrivateProfileStructW

advpack

UserInstStubWrapper
DelNodeRunDLL32
DoInfInstall
NeedRebootInit
GetVersionFromFile
RebootCheckOnInstall
FileSaveRestore
OpenINFEngine
RegSaveRestoreOnINF
LaunchINFSection
TranslateInfStringEx
LaunchINFSectionEx
CloseINFEngine
IsNTAdmin
FileSaveMarkNotExist
RegRestoreAll
GetVersionFromFileEx
FileSaveRestoreOnINF
ExecuteCab
ExtractFiles
RunSetupCommand
TranslateInfString
RegisterOCX
AdvInstallFile
DelNode

wininet

InternetGetCertByURL
DeleteIE3Cache
InternetCombineUrlA
InternetCanonicalizeUrlW
InternetGoOnline
DeleteUrlCacheContainerW
SetUrlCacheConfigInfoW
InternetReadFileExA
GetUrlCacheEntryInfoExW
InternetAlgIdToStringA
InternetSetStatusCallback
InternetGetLastResponseInfoA
InternetLockRequestFile
GetUrlCacheGroupAttributeW
FindNextUrlCacheContainerW
FtpFindFirstFileA
DeleteUrlCacheContainerA
GetUrlCacheHeaderData
FindNextUrlCacheEntryExW
HttpEndRequestA
InternetAlgIdToStringW
FtpGetCurrentDirectoryW
FreeUrlCacheSpaceA

cmutil

CmLoadIconA
?GPPS@CIniW@@QBEPAGPBG00@Z
CmEndOfStrW
?GetHInst@CIniA@@QBEPAUHINSTANCE__@@XZ
?CloseFile@CmLogFile@@AAEJXZ
??4CIniW@@QAEAAV0@ABV0@@Z
GetOSBuildNumber
??_FCIniA@@QAEXXZ
??0CIniW@@QAE@PAUHINSTANCE__@@PBG111@Z
?Init@CmLogFile@@QAEJPAUHINSTANCE__@@HPBG@Z
?CIniA_DeleteEntryFromReg@CIniA@@IBEHPAUHKEY__@@PBD1@Z
SzToWz
?Log@CmLogFile@@QAAXW4_CMLOG_ITEM@@ZZ
?LoadSection@CIniW@@QBEPAGPBG@Z
MakeBold
??4CIniA@@QAEAAV0@ABV0@@Z
?CIniW_DeleteEntryFromReg@CIniW@@IBEHPAUHKEY__@@PBG1@Z
?SetPrimaryRegPath@CIniA@@QAEXPBD@Z

imagehlp

SymLoadModule64
SymEnumerateSymbolsW
SymSetContext
SymGetSymNext64
SymEnumTypes
SymGetSymNext
SymLoadModule
ImageDirectoryEntryToDataEx
ImageAddCertificate
SymGetModuleBase
RemoveRelocations
SymFindFileInPath
SymGetModuleInfo64
SetImageConfigInformation
SymEnumSymbols
GetImageConfigInformation
FindFileInPath
UnmapDebugInformation
SymGetLineFromAddr
SymEnumerateModules
ReBaseImage64
FindDebugInfoFileEx
SymGetSymFromAddr64

mfcsubs

?SpanExcluding@CString@@QBE?AV1@PBG@Z
?GetAssocAt@CMapStringToPtr@@IBEPAUCAssoc@1@PBGAAI@Z
??0CString@@QAE@PBD@Z
?SetAtGrow@CStringArray@@QAEXHPBG@Z
??H@YG?AVCString@@ABV0@G@Z
?CopyBeforeWrite@CString@@IAEXXZ
??0CString@@QAE@XZ
?SetAt@CMapStringToPtr@@QAEXPBGPAX@Z
??8@YG_NABVCString@@0@Z
??4CString@@QAEABV0@D@Z

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 106KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

972c799cc8cf0470f67b7a1c56767843

Headers

File Characteristics

Imports

dnsapi

sqlunirl

kernel32

advpack

wininet

cmutil

imagehlp

mfcsubs

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 106KB - Virtual size: 122KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 106KB - Virtual size: 122KB

.rsrc
Size: 3KB - Virtual size: 3KB