038aaf22db331d911c039ac2020d2048290f2a852ece1ad27d240257c2aedbb7

Sharing

Copy URL Twitter E-mail

General

Target

038aaf22db331d911c039ac2020d2048290f2a852ece1ad27d240257c2aedbb7
Size

1020KB
MD5

13e3c1b12263b690294db30d27140fcf
SHA1

d14e9f556f3d5e99f4a37d91be905b5dd1e2f75b
SHA256

038aaf22db331d911c039ac2020d2048290f2a852ece1ad27d240257c2aedbb7
SHA512

d825d1c6626d10f8bf7e3580518f85a90ad6d3829aff8bc9ac2090c20090d43be9721fde6e71d59e7febcabb64fdd5ace5e81bc5a1f06f381ba936f89d0572ec
SSDEEP

24576:7cDGFtMs2CgzUJpLKbKYKxA61qnuouP7RfcC:7cDGFtMsAzUaUxfhLr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
038aaf22db331d911c039ac2020d2048290f2a852ece1ad27d240257c2aedbb7

Files

038aaf22db331d911c039ac2020d2048290f2a852ece1ad27d240257c2aedbb7
.exe windows:5 windows x86 arch:x86

757e72dfde14ba6b508510611e8a37f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

wintrust

CryptCATGetAttrInfo
WinVerifyTrust
CryptCATAdminReleaseCatalogContext
WTHelperGetProvSignerFromChain
WinVerifyTrustEx
CryptCATEnumerateCatAttr
CryptCATEnumerateAttr
CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
CryptCATAdminAddCatalog
CryptCATOpen
CryptCATGetCatAttrInfo
WintrustAddActionID

kernel32

HeapReAlloc
GetStringTypeExW
TzSpecificLocalTimeToSystemTime
OpenFileMappingA
GetNamedPipeInfo
GetNumberFormatW
lstrcmpW
GetPrivateProfileIntA
SetTimerQueueTimer
VirtualAlloc
SetEvent

tapi32

lineOpen
tapiGetLocationInfoW
lineShutdown
lineGetCountryW
lineTranslateDialogW
lineTranslateAddressW
lineDeallocateCall
lineGetDevCapsW
lineConfigDialogW
lineSetDevConfigA
lineGetAddressCapsA
lineGetTranslateCapsW
lineClose
lineInitialize
lineGetDevConfigA
lineGetIDA

netapi32

NetGroupAddUser
NetStatisticsGet
NetLocalGroupDelMembers
NetWkstaGetInfo
NetGetAnyDCName
NetGetJoinInformation
NetShareDelSticky
NetLocalGroupEnum
NetQueryDisplayInformation
I_NetServerReqChallenge
NetShareCheck
DsGetDcNameWithAccountW
NetShareDel
NetpwNameValidate
NetUnregisterDomainNameChangeNotification
NetUserEnum
NetServerEnum

advapi32

CryptExportKey
WmiOpenBlock
GetSidSubAuthority
GetSidSubAuthorityCount
DeleteService
GetWindowsAccountDomainSid
LookupPrivilegeValueW
CryptSignHashA
LsaOpenPolicy
GetFileSecurityW
RegNotifyChangeKeyValue
AllocateAndInitializeSid
ControlService
GetKernelObjectSecurity
LsaNtStatusToWinError
RegQueryValueExA
LsaQuerySecret
UnlockServiceDatabase
LsaICLookupSids
FreeSid
SetKernelObjectSecurity
RegOpenKeyExA

Sections

CODE
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 103KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 155KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

TLSCBA
Size: 105KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.INIT
Size: 54KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 143KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 140KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

757e72dfde14ba6b508510611e8a37f1

Headers

File Characteristics

Imports

wintrust

kernel32

tapi32

netapi32

advapi32

Sections

CODE Size: 212KB - Virtual size: 212KB

DATA Size: 103KB - Virtual size: 148KB

DATA Size: 155KB - Virtual size: 181KB

TLSCBA Size: 105KB - Virtual size: 172KB

.INIT Size: 54KB - Virtual size: 127KB

.idata Size: 143KB - Virtual size: 219KB

.edata Size: 140KB - Virtual size: 171KB

.rsrc Size: 102KB - Virtual size: 102KB

.reloc Size: 3KB - Virtual size: 2KB

CODE
Size: 212KB - Virtual size: 212KB

DATA
Size: 103KB - Virtual size: 148KB

DATA
Size: 155KB - Virtual size: 181KB

TLSCBA
Size: 105KB - Virtual size: 172KB

.INIT
Size: 54KB - Virtual size: 127KB

.idata
Size: 143KB - Virtual size: 219KB

.edata
Size: 140KB - Virtual size: 171KB

.rsrc
Size: 102KB - Virtual size: 102KB

.reloc
Size: 3KB - Virtual size: 2KB