38ab01660d3835a1d0e449239c91048cc88457093023c5bf063c47567977b998

Sharing

Copy URL Twitter E-mail

General

Target

38ab01660d3835a1d0e449239c91048cc88457093023c5bf063c47567977b998
Size

2.1MB
MD5

1730043220a924bc02dc7c1fbb2cb4e3
SHA1

7cc5c857168cf44025fc06302d561792c7f1b4a2
SHA256

38ab01660d3835a1d0e449239c91048cc88457093023c5bf063c47567977b998
SHA512

333bb6b86dc2de7fb17dab3a4136deead9ed6cb5704bd762be016b80741524ff1cb835b26a58f603e254cd14408e92eae98c1f283d9ef54d19129eeae69ad997
SSDEEP

49152:aBbQX1AwcQ+fvo7mXzaEdmKabOtsVCwF0htUz7i5+SM9:ap8OJwaDplafF0b8Mvy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38ab01660d3835a1d0e449239c91048cc88457093023c5bf063c47567977b998

Files

38ab01660d3835a1d0e449239c91048cc88457093023c5bf063c47567977b998
.dll windows:5 windows x86 arch:x86

a0ddda20c3f3ec25413810c63cbbbce6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscms

OpenColorProfileW
GetStandardColorSpaceProfileW

secur32

QueryContextAttributesA
MakeSignature
SetContextAttributesW
VerifySignature

wintrust

CryptCATAdminAddCatalog
IsCatalogFile
WintrustLoadFunctionPointers
CryptCATAdminEnumCatalogFromHash

urlmon

FindMimeFromData
CoInternetSetFeatureEnabled

lz32

LZOpenFileW
GetExpandedNameW
LZOpenFileA

comctl32

ImageList_AddMasked

rpcrt4

NdrAllocate
I_RpcGetExtendedError
NdrAsyncServerCall
RpcStringBindingParseA
NdrClearOutParameters

ole32

OleMetafilePictFromIconAndLabel
CoQueryProxyBlanket
PropVariantCopy
OleLoadFromStream
ProgIDFromCLSID
CoIsHandlerConnected
CoLockObjectExternal

msacm32

acmFormatEnumW

shell32

SHGetFolderPathA
ShellExecuteExA
ExtractAssociatedIconA
SHBrowseForFolderW
DragQueryFileW
SHGetMalloc
SHGetSpecialFolderPathW
SHGetPathFromIDListW

shlwapi

SHRegSetUSValueW
StrStrIA
StrFormatByteSizeA
StrDupA
PathCompactPathExW
SHSetValueA

opengl32

glPixelStorei

netapi32

NetGroupGetInfo
NetServerComputerNameDel
NetShareEnum
NetUserSetGroups
NetGroupAddUser

winmm

midiInUnprepareHeader
waveOutMessage
waveInClose
midiStreamOut
GetDriverModuleHandle
waveOutGetDevCapsW
midiOutGetDevCapsW
waveInGetPosition
midiInAddBuffer

rasapi32

RasGetConnectStatusW
RasGetSubEntryPropertiesA

winspool.drv

AddMonitorW

ws2_32

select

mprapi

MprAdminConnectionEnum
MprConfigInterfaceDelete
MprAdminPortEnum
MprConfigInterfaceTransportRemove
MprAdminInterfaceSetCredentials

version

VerFindFileW
GetFileVersionInfoSizeA

msvfw32

ICSeqCompressFrameEnd

wininet

InternetTimeFromSystemTimeA
InternetSetCookieA
CreateUrlCacheEntryW

imm32

ImmGetCandidateListW

user32

LoadKeyboardLayoutW
CreateWindowExA
CallMsgFilterA
GetSystemMetrics
FreeDDElParam
ExcludeUpdateRgn
MessageBoxExW
ToAsciiEx
GetClipCursor
SetMenuDefaultItem
DefMDIChildProcW
ScrollWindowEx
GetUpdateRgn
EndMenu
ShowWindow
SetClipboardViewer
GetMessageW
SwapMouseButton
IsCharLowerW
TabbedTextOutA
GetMonitorInfoA
CopyImage
GetForegroundWindow
SetLayeredWindowAttributes
CheckRadioButton
VkKeyScanExW
OemKeyScan
LockWindowUpdate
TranslateMessage
GetClipboardFormatNameA
PostMessageW

esent

JetCloseTable
JetEscrowUpdate

advapi32

GetSecurityDescriptorSacl
QueryServiceStatusEx
BuildTrusteeWithNameW
StartServiceCtrlDispatcherA
AccessCheckByType
CreatePrivateObjectSecurityEx
GetEffectiveRightsFromAclW
SaferComputeTokenFromLevel
RegDeleteValueW
RegOpenKeyW
CreateProcessAsUserA
CryptContextAddRef
GetServiceKeyNameA
RegisterEventSourceA
OpenServiceA
SetEntriesInAclW
GetKernelObjectSecurity
RegNotifyChangeKeyValue
StartServiceA

crypt32

CryptBinaryToStringA
PFXExportCertStore
CertAlgIdToOID
CertFindChainInStore
PFXVerifyPassword
CryptMsgDuplicate

clusapi

RestoreClusterDatabase
CloseCluster

oleaut32

LoadTypeLibEx
GetActiveObject
CreateDispTypeInfo

gdi32

GetMetaFileA
SetDIBitsToDevice
PolyPolygon
SetMiterLimit
GetCharWidthFloatA
GetTextMetricsA
GetCharacterPlacementA
CreateDiscardableBitmap
ScaleWindowExtEx
GetStockObject
GetDCOrgEx
GetMapMode
Polygon
SetColorSpace

winscard

SCardForgetCardTypeW
SCardReleaseContext
SCardBeginTransaction

setupapi

SetupDiGetDeviceInfoListDetailA
SetupDiGetDeviceRegistryPropertyA
SetupGetStringFieldA
SetupGetLineTextW
CM_Open_Class_KeyW
CM_Get_Device_ID_List_SizeW
SetupDiCallClassInstaller
CM_Disable_DevNode
SetupDiEnumDeviceInfo
SetupGetFileQueueCount
CM_Get_Hardware_Profile_Info_ExW
SetupDiGetClassInstallParamsW
CM_Get_Device_ID_Size_Ex

msvcrt

isleadbyte
fgets
putc
wcscoll
memset
toupper

kernel32

TlsFree
WaitForSingleObject
CreateProcessA
OpenMutexW
QueueUserAPC
SetLastError
CreateActCtxW
VerifyVersionInfoA
HeapSize
DeleteCriticalSection
GetModuleHandleA
GetTimeFormatW
CallNamedPipeA
LocalLock
QueueUserWorkItem
WaitForSingleObjectEx
EnterCriticalSection
GetConsoleOutputCP
LCMapStringA
CreateFileMappingA
IsWow64Process
GetPriorityClass
CloseHandle
GetModuleFileNameA
SetCriticalSectionSpinCount
CreateHardLinkW
GetSystemWow64DirectoryW
SetStdHandle
SetLocaleInfoW
GetSystemDefaultUILanguage
SetMailslotInfo
DuplicateHandle
SetUserGeoID
CreateProcessW
Process32FirstW
GlobalFree
GetCalendarInfoW
FormatMessageW

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.qdata
Size: 868KB - Virtual size: 864KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a0ddda20c3f3ec25413810c63cbbbce6

Headers

DLL Characteristics

File Characteristics

Imports

mscms

secur32

wintrust

urlmon

lz32

comctl32

rpcrt4

ole32

msacm32

shell32

shlwapi

opengl32

netapi32

winmm

rasapi32

winspool.drv

ws2_32

mprapi

version

msvfw32

wininet

imm32

user32

esent

advapi32

crypt32

clusapi

oleaut32

gdi32

winscard

setupapi

msvcrt

kernel32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.qdata Size: 868KB - Virtual size: 864KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 56KB - Virtual size: 57KB

.rsrc Size: 4KB - Virtual size: 912B

.reloc Size: 28KB - Virtual size: 25KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.qdata
Size: 868KB - Virtual size: 864KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 56KB - Virtual size: 57KB

.rsrc
Size: 4KB - Virtual size: 912B

.reloc
Size: 28KB - Virtual size: 25KB