38439eed8321de612702d6e1fac02c4c

General

Target

38439eed8321de612702d6e1fac02c4c
Size

76KB
MD5

38439eed8321de612702d6e1fac02c4c
SHA1

2e79415332e442eb7c2b4c6c42429b99971f3173
SHA256

cfeceade6ae1ecfc9ee7c60dcf47df0f9f92420cd9c2e7bc19dd0882e75745fe
SHA512

5a938c09c72c045ecdbebb61e1dcb6661e907f60f872b8626eb18e84a7176e71ec5527a7030fc0d4c246f537ab714c5e25281a1e433efa24ea2ffb8d1570e9af
SSDEEP

1536:4cWGte8kE/rdZgP8xCSKewPDknYcs/IHsWjcdWv:4cpt3kEHKQnAWv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38439eed8321de612702d6e1fac02c4c

Files

38439eed8321de612702d6e1fac02c4c
.dll windows:5 windows x86 arch:x86

7c5f250ba58f1406db94bb7f2181ad77

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
CloseHandle
GetHandleInformation
GetProcAddress
LoadLibraryA
CreateEventA
Sleep
WriteFile
SetEvent
WaitForSingleObject
CreateFileA
ExitThread
GetCurrentProcess
ExitProcess
GetCommandLineA
GetCurrentThreadId
IsProcessorFeaturePresent
IsDebuggerPresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
MultiByteToWideChar
HeapAlloc
GetModuleHandleExW
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
LCMapStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetModuleFileNameW
LoadLibraryExW
RtlUnwind
HeapReAlloc
SetStdHandle
WriteConsoleW
OutputDebugStringW
HeapSize
FlushFileBuffers
CreateFileW

advapi32

AllocateAndInitializeSid
DuplicateTokenEx
SetThreadToken
OpenProcessToken
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
FreeSid

Exports

Exports

_ReflectiveLoader@4
_a@16

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c5f250ba58f1406db94bb7f2181ad77

Headers

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 49KB - Virtual size: 48KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 11KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 49KB - Virtual size: 48KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 11KB

.reloc
Size: 3KB - Virtual size: 3KB