38b5160173b4f049eae9c06c98a4064e

Sharing

Copy URL Twitter E-mail

General

Target

38b5160173b4f049eae9c06c98a4064e
Size

87KB
MD5

38b5160173b4f049eae9c06c98a4064e
SHA1

40ac8a17458bb1c6863db3f68d489d6e7d28de95
SHA256

76d3deb33b657258615111ef934b01330cc24df67813d198b23c9eb25d1c3a53
SHA512

3d5aa72bf4d45ec183aa92af0fef6779813688e4d89c38be5286d390d6e8728d418b6478c3dd6a93a2c89db70f8435bfd8e224344f70056fde8b97ce590bf160
SSDEEP

1536:m4a7Rgt2AuOCAyTxEmRPMMX3iOX5JEZQqCqZwCahco4sYu:m/atXTAPMMX3wQqr2CahcopYu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38b5160173b4f049eae9c06c98a4064e

Files

38b5160173b4f049eae9c06c98a4064e
.exe windows:4 windows x86 arch:x86

c0a78e305f5fdb74cde1860dcdaefdb2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
lstrcmpiA
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
ExitProcess
CloseHandle
WriteFile
CreateFileA
GetTempPathA
GetTickCount
ExitThread
CreateThread
GlobalUnlock
GlobalLock
GlobalAlloc
InterlockedDecrement
GetLocaleInfoA
GetVersionExA
SetFileAttributesA
lstrlenA
lstrcatA
GetDriveTypeA
GetLogicalDriveStringsA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
CreateMutexA
SetErrorMode
HeapCreate
HeapDestroy
GetEnvironmentVariableA
LocalFree
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
LoadLibraryA
CopyFileA
GetLastError
Sleep
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
SetStdHandle
GetStringTypeW
LCMapStringW
LCMapStringA
WideCharToMultiByte
HeapSize
HeapReAlloc
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
FlushFileBuffers
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentProcess
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
SetFilePointer
ReadFile
IsBadWritePtr
VirtualAlloc
MultiByteToWideChar
RtlUnwind
HeapAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetStartupInfoA
GetCommandLineA
GetVersion
HeapFree
RaiseException
TerminateProcess
VirtualFree

user32

CloseClipboard
SetFocus
SetForegroundWindow
MessageBoxA
ShowWindow
keybd_event
OpenClipboard
EmptyClipboard
SetClipboardData
VkKeyScanA

advapi32

RegSetValueExA
RegCloseKey
RegCreateKeyExA

shell32

ShellExecuteA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

ws2_32

WSAStartup
WSACleanup
closesocket
socket
htons
send
select
recv
gethostbyname
inet_addr
sendto
connect

urlmon

URLDownloadToFileA

shlwapi

PathRemoveFileSpecA

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c0a78e305f5fdb74cde1860dcdaefdb2

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

urlmon

shlwapi

Sections

.text Size: 62KB - Virtual size: 61KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 14KB - Virtual size: 44KB

.text
Size: 62KB - Virtual size: 61KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 14KB - Virtual size: 44KB