38f767e4a881f6ff968d97e1136caff5

Sharing

Copy URL Twitter E-mail

General

Target

38f767e4a881f6ff968d97e1136caff5
Size

180KB
MD5

38f767e4a881f6ff968d97e1136caff5
SHA1

7cb11dc68ee3261b605d70864692871a33945840
SHA256

f422932e6043a52ae4e2337637d0ced7a9b71415dd3d4fca692cc9520d7906e9
SHA512

c29ba31325d8d4b9e69ddf04ce38cabe5a1be9b695da79e893d32918e0ad7271fd412dd244255d7f248602e3c623112b7d0e5b39574d2e1d39189a3e730adf78
SSDEEP

3072:szWAxYgFYHJeFm7SExWo29SQt/rGV+ImglXh6LixOM8Lx5s4+q8TBfsjBslwl:szWAxYgFg4m+aWb9J/+mgRh6L1M28TBg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38f767e4a881f6ff968d97e1136caff5

Files

38f767e4a881f6ff968d97e1136caff5
.dll windows:4 windows x86 arch:x86

b9ce856954b311bc412764520af7187e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

IsBadWritePtr
MoveFileExA
GetExitCodeThread
CreateThread
ExitProcess
SetUnhandledExceptionFilter
GetCurrentThreadId
SystemTimeToFileTime
GetSystemTime
DeleteFileA
GetModuleFileNameA
GetFileSize
CreateFileA
GetTempFileNameA
GetTempPathA
WriteFile
GetWindowsDirectoryA
SetFilePointer
TerminateThread
GetVersionExA
QueryDosDeviceA
DefineDosDeviceA
GetCurrentProcess
HeapReAlloc
GetOverlappedResult
LoadLibraryA
GetProcAddress
GetSystemDirectoryA
CreateProcessA
Sleep
CloseHandle
GetLastError
FreeLibrary
ResetEvent
SetEvent
CreateEventA
IsBadReadPtr
ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
HeapFree
GetProcessHeap
HeapAlloc
ReadFile
CreateMutexA
DeviceIoControl
GetVolumeInformationA
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
SetStdHandle
SetEndOfFile
InitializeCriticalSection
IsBadCodePtr
GetLocaleInfoA
EnterCriticalSection
RtlUnwind
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
InterlockedExchange
VirtualQuery
GetACP
GetOEMCP
GetCPInfo
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
TerminateProcess
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
LeaveCriticalSection

user32

wsprintfA

advapi32

AddAce
RegDeleteValueA
InitializeSecurityDescriptor
OpenProcessToken
GetTokenInformation
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
AllocateAndInitializeSid
GetLengthSid
RegEnumKeyExA
IsValidSecurityDescriptor
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey

dnsapi

DnsRecordListFree
DnsQuery_A

ws2_32

WSAStartup
WSASend
WSARecv
WSASocketA
WSACreateEvent
htons
gethostname
WSAEventSelect
WSACloseEvent
WSAGetOverlappedResult
WSAGetLastError
shutdown
setsockopt
closesocket
WSAConnect
WSAEnumNetworkEvents

iphlpapi

GetIpAddrTable

Exports

Exports

mlmain

Sections

.text
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b9ce856954b311bc412764520af7187e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

dnsapi

ws2_32

iphlpapi

Exports

Exports

Sections

.text Size: 132KB - Virtual size: 128KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 4KB - Virtual size: 10KB

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 132KB - Virtual size: 128KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 4KB - Virtual size: 10KB

.reloc
Size: 12KB - Virtual size: 9KB