38de37aa1a2f628c2fbef376f447f9c4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

38de37aa1a2f628c2fbef376f447f9c4
Size

137KB
MD5

38de37aa1a2f628c2fbef376f447f9c4
SHA1

7bb2db78328c99f053b21a5357ce8aa7db5a4187
SHA256

58ec77254f281f1d5c76d9d38b1f24ef0d9ff3ecabd2329f1cc7cb20752613ef
SHA512

196182f7bf099e4faaf402aa932a332bc8a69ad11c91d59c65ea0113d226af464e155cdb7f39ec715340e27e31520b2ba4cfa538b6b4963b54f16bcaf2335a7b
SSDEEP

1536:d2Agp9Hh3aKYEiuyDh+P2t26aj2oE4D5JsuUGPYofJEvdb1JjHxkhw2e5YQjY:MAgp1h3PiJtiD5muUGwoqb1JLx92jQj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38de37aa1a2f628c2fbef376f447f9c4

Files

38de37aa1a2f628c2fbef376f447f9c4
.exe windows:4 windows x86 arch:x86

acce91a0c34341b08342c954a1f9e679

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceExA
CloseHandle
SearchPathA
FindClose
GetModuleHandleA
GetLastError
Sleep
GetTickCount
DeleteCriticalSection
SetEvent
TlsGetValue
FindAtomA
FindVolumeClose
GetCalendarInfoA
VirtualProtect
lstrlenA
CreateThread
ExitProcess
GetDiskFreeSpaceA
ReleaseMutex

advapi32

IsValidSid
RegEnumKeyExA
RegCloseKey
LsaClose
FreeSid
GetFileSecurityA
RegCreateKeyExA
RegLoadKeyA
LsaSetSecret
CloseEventLog
CloseTrace
OpenEventLogA
AccessCheck
LsaFreeMemory
RegCloseKey

msdtcuiu

DtcPerfCollect
DllGetClassObject
DllRegisterServer
DtcPerfClose
DtcPerfOpen

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE