38347b184c11baf6febf38b90b8a0279

Sharing

Copy URL Twitter E-mail

General

Target

38347b184c11baf6febf38b90b8a0279
Size

446KB
MD5

38347b184c11baf6febf38b90b8a0279
SHA1

b4ca2c3c60cc0fae2001712eba561fd6af3d2cba
SHA256

6f11b1448860389e9502f69af2dba7d9daf059049043216e9c1907c61c5a1992
SHA512

f0196bdd6a413f7c97913c1e58ac2b909cd3dd24d0a49d6dfe15e338acda465849a5d8571d016e051477f83457be64345d21a47f55ac64549fb2324c830ce838
SSDEEP

12288:YPnkM2VSWwEWuSZUR6y/5RqT9dkxH6l7g+tV:YPSBwEWuSuGxdk1E7BtV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38347b184c11baf6febf38b90b8a0279

Files

38347b184c11baf6febf38b90b8a0279
.exe windows:4 windows x86 arch:x86

a64cb1fe704489d597fd7ec6863bb39e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeEnvironmentStringsA
GetUserDefaultLCID
GetLocaleInfoW
WriteConsoleInputW
GetStartupInfoA
lstrcmp
HeapAlloc
LoadLibraryA
TlsGetValue
SetConsoleCtrlHandler
VirtualFree
WritePrivateProfileStringA
WriteConsoleOutputCharacterW
GetACP
TlsAlloc
TlsFree
FreeEnvironmentStringsW
GetStringTypeW
GetTimeFormatA
GetFileAttributesExA
SetUnhandledExceptionFilter
GetDateFormatA
GetTimeZoneInformation
GetEnvironmentStrings
FileTimeToSystemTime
HeapSize
UnhandledExceptionFilter
GetStringTypeA
GetProcAddress
CompareStringW
GetStdHandle
HeapFree
CreateNamedPipeW
GetCurrentThread
FindFirstFileExA
InitializeCriticalSectionAndSpinCount
VirtualQuery
MultiByteToWideChar
WriteFile
SetHandleCount
FreeLibrary
InterlockedIncrement
TlsSetValue
GetOEMCP
HeapReAlloc
LeaveCriticalSection
ExitProcess
CompareStringA
GetVolumeInformationW
VirtualAlloc
TerminateProcess
QueryPerformanceCounter
GetCurrentProcess
IsValidLocale
GetModuleHandleA
GetLastError
IsDebuggerPresent
IsValidCodePage
GetCurrentThreadId
SetLastError
WideCharToMultiByte
GetCommandLineA
GetLocaleInfoA
GetCurrentProcessId
GetModuleFileNameA
LCMapStringA
GetCPInfo
RaiseException
GetTickCount
HeapDestroy
EnumSystemLocalesA
GetFileType
Sleep
SetEnvironmentVariableA
RtlUnwind
GetEnvironmentStringsW
GetSystemTimeAsFileTime
InterlockedExchange
LCMapStringW
EnterCriticalSection
DeleteCriticalSection
GetModuleHandleW
VirtualFreeEx
HeapCreate
InterlockedDecrement

advapi32

CryptGetDefaultProviderW
CryptVerifySignatureW
RegConnectRegistryA
CryptGenKey
RegQueryValueExA
RegDeleteKeyW
LookupAccountSidW
LookupPrivilegeDisplayNameA
CryptSetProvParam
CryptVerifySignatureA
LookupAccountNameA
CryptSetProviderExW
LogonUserW
RegOpenKeyExW
RegLoadKeyA
LogonUserA
CryptAcquireContextW

shell32

ShellExecuteA
SHBrowseForFolder
SHGetInstanceExplorer
SHEmptyRecycleBinA
SHAddToRecentDocs
SHEmptyRecycleBinW
SHGetDesktopFolder
SHBrowseForFolderW
SHGetPathFromIDList
SHGetDataFromIDListA
SHGetSpecialFolderPathA
ShellExecuteEx
SHFileOperation
ExtractAssociatedIconA
SHLoadInProc

user32

DrawIcon
WindowFromDC
SetMessageQueue
CharUpperBuffA
ReleaseDC
DdeUnaccessData
DefFrameProcW
LookupIconIdFromDirectory
DdeNameService
CharPrevA
GetAsyncKeyState
PostMessageA
OpenDesktopA
GetTitleBarInfo
GetMenuItemRect

Sections

.text
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 276KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a64cb1fe704489d597fd7ec6863bb39e

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

user32

Sections

.text Size: 155KB - Virtual size: 154KB

.data Size: 276KB - Virtual size: 289KB

.rsrc Size: 13KB - Virtual size: 13KB

.text
Size: 155KB - Virtual size: 154KB

.data
Size: 276KB - Virtual size: 289KB

.rsrc
Size: 13KB - Virtual size: 13KB