1feb70870a8600d395acad4676f64ad8

Sharing

Copy URL

Twitter E-mail

General

Target

1feb70870a8600d395acad4676f64ad8
Size

497KB
MD5

1feb70870a8600d395acad4676f64ad8
SHA1

576a94704ca4049eab4cc69f149353ac1f04c1bc
SHA256

e3ca9fa71fb61126799385707fd45e81b4535c8f6341d823730cfa731251a8d2
SHA512

aeced7a67da9de51df449d00073fb5d6ac8299d6eeecd7ebe139eb99e35fe8e268f26154f79b43556230da0636a4870955105a2b0ce85b577875039961a6d5f2
SSDEEP

12288:Grx/JJLDCoGmcfo4YFibqkjT5DxAkMMnMMMMMXvjCZ:G1LtGDf3YFiOEVXMMnMMMMMLCZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1feb70870a8600d395acad4676f64ad8

Files

1feb70870a8600d395acad4676f64ad8
.exe windows:4 windows x86 arch:x86

320bcd80225c2e258b8d2b005d1c0fa4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextFileA
Sleep
RtlUnwind
HeapAlloc
SetEnvironmentVariableA
IsBadCodePtr
SetStdHandle
DuplicateHandle
InterlockedDecrement
CreateSemaphoreA
lstrcpynA
WriteFile
RaiseException
GlobalUnlock
CreateThread
HeapFree
FreeEnvironmentStringsA
GlobalReAlloc
VirtualFree
GetOEMCP
GetProfileStringA
GetCurrentDirectoryA
GetEnvironmentStrings
EnterCriticalSection
GlobalAlloc
LoadLibraryExA
GlobalLock
GetUserDefaultLCID
GlobalHandle
FreeLibrary
FindClose
ResetEvent
CompareStringW
ReadFile
GlobalDeleteAtom
ReleaseSemaphore
UnlockFile
IsDBCSLeadByte
GetStdHandle
FindFirstFileA
GetTickCount
SetErrorMode
GetVersion
SetLastError
TlsGetValue
LCMapStringA
WaitForSingleObject
TlsSetValue
FlushFileBuffers
GetTimeZoneInformation
GlobalFree
VirtualProtect
GlobalAddAtomA
GetFileTime
CompareStringA
CreateEventA
WideCharToMultiByte
GetCPInfo
ExitProcess
InitializeCriticalSection
FormatMessageA
GetCurrentProcess
GetTempPathA
VirtualAlloc
MulDiv
GetModuleHandleA
GetSystemDefaultLangID
FreeResource
FileTimeToLocalFileTime
TerminateProcess
lstrlenA
SetEvent
GetProcAddress
MultiByteToWideChar
RemoveDirectoryA
HeapReAlloc
GetEnvironmentStringsW
GetTempFileNameA
FlushInstructionCache
TlsAlloc
_llseek
DeleteCriticalSection
GetModuleFileNameA
LCMapStringW
GetWindowsDirectoryA
CreateProcessA
GetCurrentThreadId
LoadLibraryA
UnhandledExceptionFilter
SizeofResource
SetHandleCount
lstrcmpiW
GetVersionExA
ExitThread
GlobalSize
DeleteFileA
FormatMessageW
GetSystemTime
VirtualQuery
GetCurrentProcessId
LockResource
lstrcmpA
GetACP
lstrcpyA
IsBadReadPtr
GetStringTypeA
CreateProcessW
SetFilePointer
HeapSize
GetVolumeInformationA
SetCurrentDirectoryA
GetSystemDirectoryA
SystemTimeToFileTime
GetLocalTime
_lwrite
LeaveCriticalSection
SetFileAttributesA
CloseHandle
TlsFree
GetFileType
GetStringTypeW
GetFileAttributesA
ResumeThread
GetSystemInfo
SetEndOfFile
GetLastError
LockFile
HeapCreate
GetFullPathNameA
WinExec
OpenProcess
GetLocaleInfoA
CreateDirectoryA
GetCommandLineA
MoveFileA
GetModuleFileNameW
GetExitCodeProcess
_lread
GetStringTypeExA
LoadResource
GetDateFormatA
CreateFileA
GetUserDefaultLangID
SetFileTime
GetShortPathNameA
GetStartupInfoA
GetSystemDefaultLCID
lstrcatA
SetLocalTime
FreeEnvironmentStringsW
FileTimeToSystemTime
lstrcmpiA
_lclose
InterlockedIncrement
SearchPathA
GetDriveTypeA
FindResourceA

ddraw

DirectDrawEnumerateA

ws2_32

setsockopt

samlib

SamRemoveMultipleMembersFromAlias
SamConnectWithCreds

advapi32

RegCreateKeyA
RegDeleteKeyW
SetSecurityDescriptorDacl
RegEnumKeyW
RegEnumValueW
RegSetValueExW
RegisterEventSourceA
RegDeleteKeyA
RegEnumValueA
DeregisterEventSource
RegDeleteValueW
RegOpenKeyA
RegEnumKeyA
AdjustTokenPrivileges
RegQueryInfoKeyA
RegQueryValueExW
RegSetValueExA
RegSetValueA
OpenProcessToken
ReportEventA
LookupPrivilegeValueA
RegCloseKey
RegOpenKeyW
InitializeSecurityDescriptor
RegOpenKeyExA
RegDeleteValueA
RegQueryValueA
RegQueryValueExA
RegCreateKeyW

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 154KB - Virtual size: 1016KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

320bcd80225c2e258b8d2b005d1c0fa4

Headers

File Characteristics

Imports

kernel32

ddraw

ws2_32

samlib

advapi32

Sections

.text Size: 1KB - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 4KB

.rdata Size: 205KB - Virtual size: 204KB

.data Size: 154KB - Virtual size: 1016KB

.rsrc Size: 130KB - Virtual size: 130KB

.text
Size: 1KB - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 4KB

.rdata
Size: 205KB - Virtual size: 204KB

.data
Size: 154KB - Virtual size: 1016KB

.rsrc
Size: 130KB - Virtual size: 130KB