38e72d85c3428dfa6e74720190904705

Sharing

Copy URL Twitter E-mail

General

Target

38e72d85c3428dfa6e74720190904705
Size

441KB
MD5

38e72d85c3428dfa6e74720190904705
SHA1

2ca212fa651c482064779fe3c75bb64667bc0186
SHA256

88628b597b27efc3fd46e142bcb7b2ee5685137876b70f19b4eaa143dc69ac1f
SHA512

9c0db7f8ea7f25dd5cc33b09a8595461206ea4731c1b277135e4bf0230bd325add8e76a5ead6993faffbd043b2bfbbcb3ed547bb99983a930b6b611e1d4c5436
SSDEEP

12288:ZSEVS8gfiEUXWwbgY+Fx0UqMdvnqMT85OLVa:ZJgfSG4gj0UTqMQ5OL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38e72d85c3428dfa6e74720190904705

Files

38e72d85c3428dfa6e74720190904705
.exe windows:4 windows x86 arch:x86

08a5f24344428121c19f573ce7e208e9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptGetDefaultProviderA
LookupPrivilegeNameW
InitializeSecurityDescriptor
LookupPrivilegeDisplayNameW
CryptGetKeyParam
LogonUserW
AbortSystemShutdownW
StartServiceA
CryptDestroyHash
LookupPrivilegeValueW
CreateServiceA
CryptDuplicateKey
CryptEnumProvidersA
ReportEventA
LookupPrivilegeDisplayNameA
CryptImportKey
LookupAccountNameA
CryptExportKey
GetUserNameA
RegLoadKeyA
RegOpenKeyExW
RevertToSelf
RegOpenKeyW

wininet

InternetGetCertByURLA
FindNextUrlCacheContainerA
GopherOpenFileW
FindFirstUrlCacheContainerA
FreeUrlCacheSpaceA
InternetSecurityProtocolToStringA
GopherGetLocatorTypeA
RegisterUrlCacheNotification
InternetTimeToSystemTime

shell32

SHBrowseForFolder

gdi32

LineDDA
SelectObject
CreateDIBitmap
GetCharABCWidthsFloatW
CreateColorSpaceW
StartPage
GetDCOrgEx

comdlg32

GetSaveFileNameW
PageSetupDlgA
GetSaveFileNameA
PrintDlgW

kernel32

IsValidLocale
LoadModule
CompareStringW
SetLastError
GetModuleHandleA
VirtualProtect
GetShortPathNameW
GetCurrentThreadId
ReadConsoleInputW
DeleteCriticalSection
EnterCriticalSection
GetTickCount
MultiByteToWideChar
LoadLibraryA
CloseHandle
GetCPInfo
EnumResourceNamesA
GetStdHandle
LCMapStringW
FoldStringA
TerminateProcess
GetSystemInfo
GetStartupInfoA
IsValidCodePage
GetFileType
FreeEnvironmentStringsA
CompareStringA
InterlockedExchange
GetCurrentProcess
VirtualAlloc
HeapCreate
FreeEnvironmentStringsW
LoadLibraryW
TlsGetValue
GetEnvironmentStrings
EnumSystemLocalesA
GetVersionExA
GetLastError
GetProcAddress
CreateFileW
GetOEMCP
QueryPerformanceCounter
HeapReAlloc
ReadFile
TlsSetValue
TlsFree
HeapAlloc
GetTimeZoneInformation
GetComputerNameA
WideCharToMultiByte
GetCommandLineA
HeapDestroy
SetThreadAffinityMask
RtlUnwind
VirtualProtectEx
GetTimeFormatA
IsBadWritePtr
WriteFile
GetModuleFileNameA
GetCurrentThread
TlsAlloc
LeaveCriticalSection
GetCurrentProcessId
GetUserDefaultLCID
ExitProcess
HeapFree
GetACP
GetEnvironmentStringsW
ResetEvent
LCMapStringA
SetHandleCount
ReleaseSemaphore
CreateDirectoryW
InitializeCriticalSection
GetStringTypeW
VirtualFree
VirtualQuery
GetSystemTimeAsFileTime
GetLocaleInfoA
GetLocaleInfoW
GetDateFormatA
SetEnvironmentVariableA
GetStringTypeA
GetDriveTypeA
GetSystemTimeAdjustment
UnhandledExceptionFilter
HeapSize

Sections

.text
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 279KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

08a5f24344428121c19f573ce7e208e9

Headers

File Characteristics

Imports

advapi32

wininet

shell32

gdi32

comdlg32

kernel32

Sections

.text Size: 145KB - Virtual size: 144KB

.rdata Size: 8KB - Virtual size: 28KB

.data Size: 279KB - Virtual size: 279KB

.rsrc Size: 7KB - Virtual size: 6KB

.text
Size: 145KB - Virtual size: 144KB

.rdata
Size: 8KB - Virtual size: 28KB

.data
Size: 279KB - Virtual size: 279KB

.rsrc
Size: 7KB - Virtual size: 6KB