17283431b4ecc274cacd717c2a4b12fe2bf6d5a925b039701a927a52f75e325f

Sharing

Copy URL Twitter E-mail

General

Target

17283431b4ecc274cacd717c2a4b12fe2bf6d5a925b039701a927a52f75e325f
Size

498KB
MD5

050a33e7a5725bef69067ec976c76570
SHA1

1ea2c00d2b99303d3c2b8b73ba1c39754aa3be7a
SHA256

17283431b4ecc274cacd717c2a4b12fe2bf6d5a925b039701a927a52f75e325f
SHA512

338c0f529b67fb82bd1015e343cb5d3bdb4d566f26214e412c96cd5457813e668f24e66192830493f5be364c7c68f0dc6a1dec0e028f2ada72e0cff6bbf79ab6
SSDEEP

12288:sMMnMMMMMufni4YpTqTqG5pBr4BkDP/TJcmLDNwtjJ2Zv:sMMnMMMMMufi4YpTqOG5p5/L/tcmLDNJ

Score

N/A

Malware Config

Signatures

Files

17283431b4ecc274cacd717c2a4b12fe2bf6d5a925b039701a927a52f75e325f
.exe windows x86

40cb2e19c109bcde41318a9c7be34fe1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ddraw

DirectDrawEnumerateA

mswsock

sethostname

advapi32

RegDeleteKeyA
RegEnumValueW
OpenProcessToken
RegOpenKeyA
RegOpenKeyExA
RegEnumKeyW
DeregisterEventSource
RegQueryValueA
AdjustTokenPrivileges
RegCloseKey
RegSetValueExW
RegisterEventSourceA
ReportEventA
LookupPrivilegeValueA
RegSetValueExA
RegQueryInfoKeyA
RegQueryValueExW
InitializeSecurityDescriptor
RegDeleteValueA
RegCreateKeyW
SetSecurityDescriptorDacl
RegDeleteKeyW
RegOpenKeyW
RegQueryValueExA
RegCreateKeyA
RegEnumKeyA
RegDeleteValueW
RegSetValueA
RegEnumValueA

kernel32

LeaveCriticalSection
InitializeCriticalSection
ReleaseSemaphore
ReadFile
GetModuleFileNameW
CreateMailslotA
HeapFree
GetSystemDefaultLangID
lstrcmpiW
CreateFileA
WaitForSingleObject
GetOEMCP
FlushInstructionCache
GetCommandLineA
FreeEnvironmentStringsA
SetFileAttributesA
SetCurrentDirectoryA
SizeofResource
CreateProcessW
SearchPathA
GetTempFileNameA
GetDateFormatA
LockResource
lstrcpyA
CreateEventA
CompareStringW
GetEnvironmentStringsW
LoadLibraryExA
GetCurrentProcess
TlsFree
DuplicateHandle
DeleteCriticalSection
FreeEnvironmentStringsW
GlobalSize
GetLocalTime
ResumeThread
IsBadReadPtr
SetFilePointer
GlobalReAlloc
lstrcpynA
TlsGetValue
lstrcatA
FreeLibrary
MulDiv
GetLastError
GetLocaleInfoA
GetCPInfo
LCMapStringW
TlsSetValue
MoveFileA
FindNextFileA
HeapSize
LockFile
GlobalHandle
RtlUnwind
TlsAlloc
GlobalLock
GlobalDeleteAtom
CreateDirectoryA
FindResourceA
FindClose
GetSystemInfo
GetTimeZoneInformation
_llseek
GetCurrentProcessId
ResetEvent
WriteFile
LoadLibraryA
EnterCriticalSection
GlobalAddAtomA
GetSystemDirectoryA
VirtualProtect
GlobalFree
DeleteFileA
VirtualFree
GetShortPathNameA
InterlockedIncrement
_lread
GlobalAlloc
InterlockedDecrement
SetEnvironmentVariableA
SetEndOfFile
FindFirstFileA
MultiByteToWideChar
GetStdHandle
GetProcAddress
SetErrorMode
SetFileTime
GetACP
GetStringTypeA
SetEvent
IsDBCSLeadByte
GetEnvironmentStrings
lstrcmpiA
UnlockFile
HeapCreate
RemoveDirectoryA
lstrlenA
GetCurrentThreadId
IsBadCodePtr
CompareStringA
GetFileAttributesA
TerminateProcess
FreeResource
GetSystemTime
VirtualQuery
GetFileTime
GetUserDefaultLCID
GetVersion
GetSystemDefaultLCID
FlushFileBuffers
GetFullPathNameA
CloseHandle
GetStringTypeExA
SetHandleCount
GetModuleFileNameA
LCMapStringA
CreateProcessA
GetProfileStringA
ExitThread
GetStringTypeW
GlobalUnlock
ExitProcess
SetStdHandle
WinExec
Sleep
LoadResource
SetLastError
GetFileType
RaiseException
CreateSemaphoreA
GetModuleHandleA
FileTimeToSystemTime
GetCurrentDirectoryA
HeapAlloc
GetVersionExA
_lwrite
SystemTimeToFileTime
VirtualAlloc
WideCharToMultiByte
GetTickCount
HeapReAlloc
SetLocalTime
UnhandledExceptionFilter
GetDriveTypeA
FileTimeToLocalFileTime
GetWindowsDirectoryA
HeapDestroy
FormatMessageW
GetStartupInfoA
_lclose
CreateThread
lstrcmpA
GetUserDefaultLangID
GetExitCodeProcess
GetTempPathA
FormatMessageA

samlib

SamRemoveMultipleMembersFromAlias
SamConnectWithCreds
SamTestPrivateFunctionsUser
SamTestPrivateFunctionsDomain
SamiSetDSRMPassword

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 154KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40cb2e19c109bcde41318a9c7be34fe1

Headers

DLL Characteristics

File Characteristics

Imports

ddraw

mswsock

advapi32

kernel32

samlib

Sections

.text Size: 1KB - Virtual size: 1KB

.rsrc Size: 130KB - Virtual size: 130KB

.rdata Size: 205KB - Virtual size: 204KB

.data Size: 154KB - Virtual size: 1.0MB

.idata Size: 5KB - Virtual size: 5KB

.reloc Size: 512B - Virtual size: 72B

.text
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 130KB - Virtual size: 130KB

.rdata
Size: 205KB - Virtual size: 204KB

.data
Size: 154KB - Virtual size: 1.0MB

.idata
Size: 5KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 72B