310351c37f061a5ee6cd4cc8e58ca8592f0e3468621d4269f1279e4c896590ac

Sharing

Copy URL Twitter E-mail

General

Target

310351c37f061a5ee6cd4cc8e58ca8592f0e3468621d4269f1279e4c896590ac
Size

512KB
MD5

08bf097aec6422407d140bb558645ef0
SHA1

103cc4213b471873a35016acad616efaa9a6c3a0
SHA256

310351c37f061a5ee6cd4cc8e58ca8592f0e3468621d4269f1279e4c896590ac
SHA512

308512624937a62fad5d42dc8b2eeece03ffc577034fa4636d07e330e1470edc2378deb92d0fba494002f7f061321de6e27e21c3c07a980ee39edfebe3f704ba
SSDEEP

12288:o3oIYLgByBhEV5vIjvXdRWqsMpMMnMMMMMzXKuAS:7XLgc3wajuMpMMnMMMMMzX/B

Score

N/A

Malware Config

Signatures

Files

310351c37f061a5ee6cd4cc8e58ca8592f0e3468621d4269f1279e4c896590ac
.exe windows x86

077c6bc7c8abf3fa6601130fb6631ba2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ddraw

DirectDrawEnumerateA

advapi32

RegisterEventSourceA
OpenProcessToken
InitializeSecurityDescriptor
DeregisterEventSource
RegEnumValueW
RegQueryValueExA
SetSecurityDescriptorDacl
RegDeleteKeyA
RegCreateKeyA
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyA
AdjustTokenPrivileges
RegEnumKeyW
RegSetValueExA
RegQueryValueA
RegQueryValueExW
RegOpenKeyExA
RegOpenKeyA
RegDeleteValueW
RegCloseKey
ReportEventA
RegDeleteValueA
RegOpenKeyW
RegDeleteKeyW
RegSetValueA
LookupPrivilegeValueA
RegCreateKeyW
RegSetValueExW

kernel32

DuplicateHandle
IsBadCodePtr
MultiByteToWideChar
UnlockFile
UnhandledExceptionFilter
_lwrite
FileTimeToSystemTime
FileTimeToLocalFileTime
FlushFileBuffers
FreeEnvironmentStringsW
LCMapStringA
IsDBCSLeadByte
TlsGetValue
GetLocalTime
GetSystemTime
GetEnvironmentStrings
WideCharToMultiByte
CreateEventA
SetCurrentDirectoryA
WriteFile
GetFullPathNameA
GetEnvironmentStringsW
VirtualAlloc
LoadResource
RemoveDirectoryA
FindResourceA
GetUserDefaultLCID
LockFile
SetFileTime
GetWindowsDirectoryA
GetLocaleInfoA
GetTempFileNameA
VirtualProtect
FormatMessageA
lstrcpynA
HeapAlloc
GlobalReAlloc
GetStringTypeW
CloseHandle
lstrcmpA
CreateDirectoryA
lstrlenA
CreateProcessW
InterlockedDecrement
CreateSemaphoreA
GetStringTypeA
InterlockedIncrement
GetSystemDirectoryA
WaitForSingleObject
RaiseException
SetFilePointer
GetFileTime
FindNextFileA
SetStdHandle
GlobalDeleteAtom
LeaveCriticalSection
FindClose
SetEndOfFile
GetFileAttributesA
FormatMessageW
GetDriveTypeA
CompareStringA
GetACP
_llseek
WinExec
GetStartupInfoA
TlsSetValue
lstrcatA
GetSystemInfo
SetLocalTime
GetModuleFileNameW
ReleaseSemaphore
LoadLibraryA
LCMapStringW
GetExitCodeProcess
HeapFree
GlobalAddAtomA
GetProcAddress
RtlUnwind
HeapReAlloc
_lread
InitializeCriticalSection
GetCurrentProcess
GetVersionExA
SearchPathA
GetVolumeInformationA
GetLastError
SetEvent
FreeEnvironmentStringsA
GetSystemDefaultLCID
HeapCreate
GetTimeZoneInformation
GetSystemDefaultLangID
GetCommandLineA
GetCurrentThreadId
ExitProcess
SetFileAttributesA
GetShortPathNameA
CreateThread
TerminateProcess
GetCPInfo
LockResource
FlushInstructionCache
IsBadReadPtr
HeapSize
ResumeThread
CreateFileA
GetModuleFileNameA
ResetEvent
GlobalUnlock
ReadFile
DeleteCriticalSection
GetDateFormatA
MulDiv
CreateProcessA
FreeLibrary
GlobalFree
lstrcmpiW
TlsFree
FindFirstFileA
Sleep
GlobalSize
SetErrorMode
GlobalHandle
DeleteFileA
GetUserDefaultLangID
SetHandleCount
SystemTimeToFileTime
FreeResource
GetOEMCP
CreateMailslotA
VirtualQuery
ExitThread
lstrcmpiA
HeapDestroy
GetFileType
GetCurrentDirectoryA
CompareStringW
SetEnvironmentVariableA
GetStringTypeExA
VirtualFree
SetLastError
GetVersion
MoveFileA
_lclose
GlobalAlloc
GetCurrentProcessId
TlsAlloc
GetTickCount
GetModuleHandleA
GlobalLock
EnterCriticalSection
lstrcpyA
GetStdHandle
GetTempPathA
GetProfileStringA
SizeofResource

samlib

SamTestPrivateFunctionsDomain
SamRemoveMultipleMembersFromAlias
SamConnectWithCreds

ws2_32

setsockopt

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 154KB - Virtual size: 1016KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

077c6bc7c8abf3fa6601130fb6631ba2

Headers

DLL Characteristics

File Characteristics

Imports

ddraw

advapi32

kernel32

samlib

ws2_32

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 205KB - Virtual size: 205KB

.idata Size: 5KB - Virtual size: 5KB

.data Size: 154KB - Virtual size: 1016KB

.rsrc Size: 131KB - Virtual size: 130KB

.reloc Size: 512B - Virtual size: 64B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 205KB - Virtual size: 205KB

.idata
Size: 5KB - Virtual size: 5KB

.data
Size: 154KB - Virtual size: 1016KB

.rsrc
Size: 131KB - Virtual size: 130KB

.reloc
Size: 512B - Virtual size: 64B