38aabe98c8c582079e0de8bd99c73472

Sharing

Copy URL Twitter E-mail

General

Target

38aabe98c8c582079e0de8bd99c73472
Size

197KB
MD5

38aabe98c8c582079e0de8bd99c73472
SHA1

4c39b62cdb6cfd2bcac45233e3a7f4557d5fcde2
SHA256

02a8d341018d5d04ff5a41926be149c7d0d6e7ebbe7f26d620771f2af4163c0f
SHA512

dca179e6ef7917fb0b1507e1c413e4f328d34411cdfb00ddb2a7bf4cedd503db1a5eae09688a66a4e8e360f69948da430f4a8546bfbc98abdf896bce7f887a7b
SSDEEP

3072:rDzbN+o76j4fumxSzlfSk4TJMg4Yclx7LhyohQpgmZXYj7uwGy0hcNklQS:rX1OkXSzl1OY1yoOpKuwPrYQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38aabe98c8c582079e0de8bd99c73472

Files

38aabe98c8c582079e0de8bd99c73472
.exe windows:4 windows x86 arch:x86

eeb472ee3fd7bc88851875c9fd4a3fac

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsBadStringPtrA
GetFileTime
SetLocaleInfoA
lstrcmpi
FindAtomW
GetModuleHandleA
GetProcAddress
GetCommandLineA
GetTempPathW
GetSystemDefaultLangID
CreateFileA
QueryPerformanceFrequency
CopyFileA
lstrcmpiA
GetCurrentDirectoryW
GetLocaleInfoW
CreateEventA
lstrlen
lstrlenW
ExpandEnvironmentStringsA
OpenMutexA
GetComputerNameA
SetLocaleInfoW
BeginUpdateResourceW
GetCurrentProcessId
GetCPInfo
GetProcessHeap
MoveFileA
lstrcatA
GetExpandedNameA
GetShortPathNameW
GetUserDefaultLangID
GetLocalTime
ReplaceFileW
GetEnvironmentVariableW
LoadResource
ExitProcess
ReadFile
lstrcmpA
GetSystemDefaultLCID
GetStartupInfoW
GetTempPathA
EnumDateFormatsW
SystemTimeToFileTime
GetEnvironmentStringsA

user32

GetKeyState
CreateDialogIndirectParamA
CheckDlgButton
SetCursorPos
InsertMenuA
UpdateLayeredWindow
RegisterClassExA
GetMenuItemID
GetClientRect
CreateDialogParamA
DialogBoxIndirectParamA
CreatePopupMenu
OffsetRect
EnumChildWindows
CopyRect
CheckRadioButton
CharLowerW
WinHelpA
PeekMessageW
ActivateKeyboardLayout
GetClassNameW
wvsprintfA
PostMessageA
RegisterWindowMessageW
GetCursorPos
PostMessageW
MessageBoxA
InvalidateRect
GetMenuState
SetWindowLongA
IsWindow
MessageBoxW
SendDlgItemMessageA
DestroyCursor
CreateMenu
CharPrevA
IsIconic
CopyImage
EnableWindow
DrawIcon
FindWindowW
GetWindowLongW
wvsprintfW
BringWindowToTop
SendDlgItemMessageW
LoadBitmapW
DefFrameProcA

gdi32

Polyline
EnumFontsW
MoveToEx
GetNearestColor
GetCharWidthA
UpdateColors
CreateDCA
GetPixelFormat
OffsetRgn
CombineRgn
GetLogColorSpaceA
SetColorSpace
SetDIBits
SetColorAdjustment
InvertRgn
GetPolyFillMode

advapi32

RegSaveKeyA
RegReplaceKeyA
RegOpenKeyExA
RegDeleteKeyW

inetcomm

EssReceiptDecodeEx
EssSecurityLabelEncodeEx
MimeOleGetPropertySchema
MimeOleAlgNameFromSMimeCap
HrGetAttachIcon
MimeOleGetCertsFromThumbprints
MimeOleCreateHeaderTable
EssContentHintEncodeEx
HrGetLastOpenFileDirectory
MimeOleGetFileExtension
MimeOleCreateMessageParts
MimeOleDecodeHeader
MimeOleCreateHashTable

sqlunirl

_EnumResourceNames_@16
ConvertMultiSZNameToW
_CreateEnhMetaFile_@16
_CreateProcessAsUser_@44
_EnumResourceTypes_@12
_AddAtom_@4
_DefFrameProc_@20
_GetPrivateProfileSectionNames_@12
_DrawState_@40
_DialogBoxParam_@20
_DlgDirList_@20
_NDdeShareAdd_@20

wsock32

NPLoadNameSpaces
getpeername
send
connect
GetNameByTypeA
WSAAsyncGetServByPort
getsockname
gethostbyname
closesocket

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.YtM
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.brp
Size: 512B - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.GtLiHu
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.NtXc
Size: 1KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.NIBZ
Size: 1024B - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zsP
Size: 1KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eeb472ee3fd7bc88851875c9fd4a3fac

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

inetcomm

sqlunirl

wsock32

Sections

.text Size: 11KB - Virtual size: 11KB

.YtM Size: 1024B - Virtual size: 6KB

.brp Size: 512B - Virtual size: 48KB

.GtLiHu Size: 4KB - Virtual size: 16KB

.NtXc Size: 1KB - Virtual size: 24KB

.data Size: 4KB - Virtual size: 4KB

.NIBZ Size: 1024B - Virtual size: 43KB

.zsP Size: 1KB - Virtual size: 254KB

.rsrc Size: 169KB - Virtual size: 168KB

.reloc Size: 1024B - Virtual size: 908B

.text
Size: 11KB - Virtual size: 11KB

.YtM
Size: 1024B - Virtual size: 6KB

.brp
Size: 512B - Virtual size: 48KB

.GtLiHu
Size: 4KB - Virtual size: 16KB

.NtXc
Size: 1KB - Virtual size: 24KB

.data
Size: 4KB - Virtual size: 4KB

.NIBZ
Size: 1024B - Virtual size: 43KB

.zsP
Size: 1KB - Virtual size: 254KB

.rsrc
Size: 169KB - Virtual size: 168KB

.reloc
Size: 1024B - Virtual size: 908B