a202e277ffbac94b0a383093607d417cfe61d6e0149241ba4301da8ed7ffb152

Sharing

Copy URL Twitter E-mail

General

Target

a202e277ffbac94b0a383093607d417cfe61d6e0149241ba4301da8ed7ffb152
Size

499KB
MD5

379efe3323534bf9142fed8685de7b4d
SHA1

e21d677ade8faf19b9003de8c0451b8041be0f28
SHA256

a202e277ffbac94b0a383093607d417cfe61d6e0149241ba4301da8ed7ffb152
SHA512

b9af9e399d7d5053392ea9538ea6d5d6fd708e880856fd59457ddf95c8f92e312b4614c1b12f36c98a33e7f62b06890d11455eaafcb49ca039f4f4be83b5b10a
SSDEEP

12288:HP4MMnMMMMMKW42cjAWrTgjFsgS6p1xaR9lcyYbU8ergaHCrMzcUJu:v4MMnMMMMMKNwQ0jFsgS6fA9KyYRe+w3

Score

N/A

Malware Config

Signatures

Files

a202e277ffbac94b0a383093607d417cfe61d6e0149241ba4301da8ed7ffb152
.exe windows x86

85916f3e80531c5e454cc4db389838b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ddraw

DirectDrawEnumerateA

mswsock

sethostname

kernel32

CreateFileA
GetSystemInfo
HeapDestroy
GlobalFree
GlobalDeleteAtom
SetCurrentDirectoryA
HeapAlloc
FormatMessageW
VirtualFree
ExitThread
FreeEnvironmentStringsA
_llseek
SearchPathA
InterlockedIncrement
GlobalLock
VirtualAlloc
WideCharToMultiByte
ReadFile
SetEndOfFile
LoadResource
CreateDirectoryA
GetProfileStringA
GetCurrentDirectoryA
SetFileTime
UnlockFile
_lread
GetFileType
FileTimeToSystemTime
GetCurrentThreadId
GetStdHandle
CreateProcessW
SetLastError
SetEvent
VirtualProtect
SetFileAttributesA
MulDiv
HeapSize
GetSystemTime
GetModuleFileNameA
FreeLibrary
TerminateProcess
_lclose
GetDriveTypeA
lstrcmpA
GetCurrentProcess
MultiByteToWideChar
GetTempFileNameA
ExitProcess
DeleteFileA
GetACP
FormatMessageA
GetTickCount
DeleteCriticalSection
SetLocalTime
GetProcAddress
MoveFileA
LeaveCriticalSection
GetModuleFileNameW
GetWindowsDirectoryA
GetStartupInfoA
GetLastError
TlsGetValue
GlobalAlloc
FreeEnvironmentStringsW
Sleep
TlsSetValue
_lwrite
FlushFileBuffers
GetFileAttributesA
GetSystemDefaultLangID
GetCommandLineA
GetLocalTime
SetStdHandle
GetLocaleInfoA
WaitForSingleObject
SetFilePointer
ReleaseSemaphore
TlsFree
GetUserDefaultLangID
GlobalHandle
FlushInstructionCache
lstrcpynA
LockResource
lstrcatA
ResumeThread
GetDateFormatA
GetCPInfo
InitializeCriticalSection
LockFile
GetStringTypeA
SizeofResource
LoadLibraryA
SystemTimeToFileTime
CompareStringW
InterlockedDecrement
RaiseException
GetModuleHandleA
GlobalUnlock
lstrcmpiW
CloseHandle
CompareStringA
LCMapStringA
GetOEMCP
IsDBCSLeadByte
FindFirstFileA
CreateMailslotA
GetFileTime
lstrcmpiA
VirtualQuery
LoadLibraryExA
RemoveDirectoryA
FindResourceA
GetCurrentProcessId
LCMapStringW
TlsAlloc
HeapCreate
GlobalAddAtomA
CreateProcessA
SetEnvironmentVariableA
DuplicateHandle
WriteFile
GetShortPathNameA
HeapFree
GetVolumeInformationA
EnterCriticalSection
GetEnvironmentStringsW
ResetEvent
FileTimeToLocalFileTime
GetStringTypeW
GetStringTypeExA
HeapReAlloc
GetUserDefaultLCID
IsBadCodePtr
CreateEventA
GetSystemDirectoryA
GlobalReAlloc
GetVersionExA
CreateSemaphoreA
UnhandledExceptionFilter
CreateThread
GlobalSize
GetFullPathNameA
GetExitCodeProcess
GetVersion
FreeResource
RtlUnwind
SetHandleCount
lstrcpyA
IsBadReadPtr
FindClose
GetEnvironmentStrings
WinExec
GetTimeZoneInformation
GetSystemDefaultLCID
FindNextFileA
GetTempPathA
lstrlenA

samlib

SamConnectWithCreds
SamRemoveMultipleMembersFromAlias
SamTestPrivateFunctionsUser
SamiSetDSRMPassword

advapi32

RegQueryValueExW
RegCreateKeyA
RegCreateKeyW
RegEnumKeyW
SetSecurityDescriptorDacl
OpenProcessToken
ReportEventA
RegSetValueExW
RegCloseKey
RegEnumValueA
RegDeleteKeyA
RegEnumKeyA
DeregisterEventSource
RegEnumValueW
InitializeSecurityDescriptor
RegSetValueA
RegDeleteValueW
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyA
RegOpenKeyW
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegQueryInfoKeyA
RegDeleteValueA
RegDeleteKeyW
RegQueryValueA
RegisterEventSourceA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 154KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85916f3e80531c5e454cc4db389838b4

Headers

DLL Characteristics

File Characteristics

Imports

ddraw

mswsock

kernel32

samlib

advapi32

Sections

.text Size: 1KB - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 131KB - Virtual size: 130KB

.data Size: 154KB - Virtual size: 1.0MB

.rdata Size: 205KB - Virtual size: 205KB

.reloc Size: 512B - Virtual size: 64B

.text
Size: 1KB - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 131KB - Virtual size: 130KB

.data
Size: 154KB - Virtual size: 1.0MB

.rdata
Size: 205KB - Virtual size: 205KB

.reloc
Size: 512B - Virtual size: 64B