037e3386b0c41d0193c3e727d41924b241c3e35e5b6dc28c421f08ae310dfcae

General

Target

037e3386b0c41d0193c3e727d41924b241c3e35e5b6dc28c421f08ae310dfcae
Size

629KB
MD5

4f7b6e79512d3829970311997c572683
SHA1

dbab110a8e26d39003ebd15e31755bd6e85dcf75
SHA256

037e3386b0c41d0193c3e727d41924b241c3e35e5b6dc28c421f08ae310dfcae
SHA512

7d32cbe84db2b4b8cca6f3b16d024353e9b6f876f0f30e9ca843b7b3a16aba59adf55157a92be4a75b5383b18f3bba3654c09a67c2d3628d195a0c1a3b959cb3
SSDEEP

12288:lr4DwpRrKO1YYVhiiNdvradYm5MP/idUuYPs4vd8U4NlIz1z7itO6:lrSO1YNWdvCzMPqdUD6dNlu9W3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
037e3386b0c41d0193c3e727d41924b241c3e35e5b6dc28c421f08ae310dfcae

Files

037e3386b0c41d0193c3e727d41924b241c3e35e5b6dc28c421f08ae310dfcae
.exe windows:4 windows x86 arch:x86

1d8a37f2c80392d743f9173bfa9c98c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetLocalTime
VirtualFree
DeleteFileA
GetPrivateProfileStringA
LoadLibraryA
CreateProcessA
HeapFree
LoadLibraryExW
WaitForSingleObject
InterlockedDecrement
CopyFileA
FindNextFileA
GetProcAddress
FindResourceExW
ReadConsoleA
GetShortPathNameA
HeapCreate
IsBadWritePtr
GetFileAttributesA

dsprop

FindSheet
CrackName
CheckADsError
ErrMsg

wtsapi32

WTSSendMessageW
WTSEnumerateServersW
WTSFreeMemory
WTSVirtualChannelOpen
WTSVirtualChannelClose
WTSSetUserConfigW
WTSUnRegisterSessionNotification
WTSDisconnectSession
WTSWaitSystemEvent
WTSVirtualChannelRead

shlwapi

UrlIsNoHistoryW
UrlCreateFromPathW
UrlUnescapeA
PathCompactPathW
PathCommonPrefixW
UrlGetLocationW
UrlIsA
UrlCanonicalizeW
UrlUnescapeA
UrlHashW
PathIsRootW
UrlCompareW

crypt32

CertDeleteCRLFromStore
CertDuplicateCRLContext
CertFindAttribute
CertFindCRLInStore
CertFindRDNAttr
CertNameToStrW
CertFreeCertificateChain
CertCloseStore
CertCompareCertificate
CryptFindOIDInfo

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 211B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d8a37f2c80392d743f9173bfa9c98c9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

dsprop

wtsapi32

shlwapi

crypt32

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 211B

.rsrc Size: 188KB - Virtual size: 187KB

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 211B

.rsrc
Size: 188KB - Virtual size: 187KB