1171715aeaba945c91c844bef7f5d84b

Sharing

Copy URL Twitter E-mail

General

Target

1171715aeaba945c91c844bef7f5d84b
Size

429KB
MD5

1171715aeaba945c91c844bef7f5d84b
SHA1

16b8f03535b929dda741c1921b5b4b37e1a1614f
SHA256

9c12a16ba3e3603dd55fc205111e05149dbc0a689135be2dcd7f0e04965ff5d8
SHA512

2d1346cf57da52fe4edad9fd720b3613305330794f634c274e0d499d1919f8a0343f24da711f78c4653d2abb7246d3479f7fa876123aca190bc28f7d51a0ca2a
SSDEEP

12288:4PqHAmk23eOW58FJoaDodv/uAQcCvFNZnVc:4v52/DF6aDodv/DE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1171715aeaba945c91c844bef7f5d84b

Files

1171715aeaba945c91c844bef7f5d84b
.exe windows:4 windows x86 arch:x86

91140cbac6a331cbc80410aa4d18a1d8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ddraw

DirectDrawEnumerateA

ws2_32

setsockopt
WSAConnect

samlib

SamConnect
SamConnectWithCreds
SamLookupNamesInDomain

user32

WindowFromPoint
DialogBoxParamA
DdeGetLastError
GetWindowThreadProcessId
SetCursor
SetForegroundWindow
GetUpdateRect
DdeSetUserHandle
SetTimer
DispatchMessageA
DdeGetData
CreateCursor
DdeFreeStringHandle
DrawMenuBar
InvalidateRect
OffsetRect
LoadBitmapA
UnhookWindowsHookEx
IsClipboardFormatAvailable
DdeQueryStringA
BeginDeferWindowPos
MapWindowPoints
DdeCmpStringHandles
MessageBeep
GetTabbedTextExtentA
SetScrollInfo
PtInRect
CopyAcceleratorTableA
GetFocus
GetWindowLongA
DestroyIcon
AdjustWindowRectEx
GetMenuItemCount
GetForegroundWindow
GetMenuItemInfoA

advapi32

LookupPrivilegeValueA
RegisterEventSourceA
RegQueryValueA
RegDeleteKeyW
RegOpenKeyW
RegCreateKeyA
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegSetValueA
RegDeleteKeyA
RegOpenKeyA
RegEnumValueW
OpenProcessToken
InitializeSecurityDescriptor
RegEnumValueA
RegSetValueExW
DeregisterEventSource
RegCloseKey
RegCreateKeyW
RegDeleteValueW
AdjustTokenPrivileges
RegSetValueExA
RegQueryInfoKeyA
SetSecurityDescriptorDacl
ReportEventA
RegEnumKeyW
RegEnumKeyA
RegDeleteValueA

kernel32

GetWindowsDirectoryA
CreateFileA
GetTempFileNameA
CreateThread
lstrcpyA
GetModuleHandleA
GetStartupInfoA
GetCPInfo
SetStdHandle
GetProcAddress
FindFirstFileA
SetLastError
_llseek
IsBadReadPtr
GetShortPathNameA
CompareStringW
VirtualFree
SystemTimeToFileTime
SetEndOfFile
VirtualAlloc
MulDiv
GetLocalTime
TlsGetValue
TlsSetValue
HeapFree
GlobalAddAtomA
WaitForSingleObject
FlushInstructionCache
GetStdHandle
GetFileTime
FindNextFileA
DuplicateHandle
HeapReAlloc
lstrlenA
GetACP
LockFile
ExitThread
_lread
GetVersionExA
CreateProcessA
GlobalFree
lstrcmpiW
GetSystemDirectoryA
CreateEventA
MultiByteToWideChar
FreeLibrary
_lclose
GetUserDefaultLangID
HeapCreate
SetEnvironmentVariableA
LCMapStringW
FormatMessageW
GetCurrentDirectoryA
GetCurrentProcess
GetEnvironmentStrings
GetFullPathNameA
InterlockedIncrement
SetErrorMode
IsBadCodePtr
WideCharToMultiByte
GetLastError
GlobalAlloc
CreateSemaphoreA
IsDBCSLeadByte
GetVolumeInformationA
GetUserDefaultLCID
ResetEvent
GetLocaleInfoA
GetTempPathA
HeapAlloc
SetEvent
SetHandleCount
GetExitCodeProcess
EnterCriticalSection
CreateProcessW
SizeofResource
RemoveDirectoryA
MoveFileA
LCMapStringA
GetStringTypeW
GetTimeZoneInformation
FlushFileBuffers
WinExec
lstrcatA
GetModuleFileNameA
HeapDestroy
InitializeCriticalSection
GetSystemDefaultLCID
GetOEMCP
DeleteCriticalSection
RtlUnwind
WriteFile
UnhandledExceptionFilter
GetEnvironmentStringsW
SetLocalTime
GetSystemDefaultLangID
lstrcmpiA
GetModuleFileNameW
ResumeThread
GlobalHandle
CloseHandle
RaiseException
LockResource
Sleep
GetCurrentProcessId
lstrcpynA
SetFilePointer
GetTickCount
GlobalSize
FindResourceA
GetFileType
UnlockFile
TlsAlloc
GlobalLock
GlobalDeleteAtom
_lwrite
SetFileTime
LoadLibraryExA
InterlockedDecrement
FormatMessageA
ReadFile
GetVersion
GetProfileStringA
GetCommandLineA
GetDriveTypeA
GetFileAttributesA
DeleteFileA
FileTimeToSystemTime
lstrcmpA
GlobalUnlock
TlsFree
FreeEnvironmentStringsW
SearchPathA
FindClose
HeapSize
ReleaseSemaphore
SetFileAttributesA
OpenProcess
FileTimeToLocalFileTime
VirtualQuery
CreateDirectoryA
TerminateProcess
VirtualProtect
GlobalReAlloc
LoadLibraryA
LoadResource
ExitProcess
GetStringTypeExA
GetSystemTime
GetStringTypeA
GetDateFormatA
CompareStringA
GetCurrentThreadId
GetSystemInfo
FreeEnvironmentStringsA
SetCurrentDirectoryA
FreeResource

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 133KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

91140cbac6a331cbc80410aa4d18a1d8

Headers

File Characteristics

Imports

ddraw

ws2_32

samlib

user32

advapi32

kernel32

Sections

.text Size: 1KB - Virtual size: 1KB

.idata Size: 6KB - Virtual size: 5KB

.rdata Size: 177KB - Virtual size: 177KB

.data Size: 133KB - Virtual size: 1.6MB

.rsrc Size: 109KB - Virtual size: 109KB

.text
Size: 1KB - Virtual size: 1KB

.idata
Size: 6KB - Virtual size: 5KB

.rdata
Size: 177KB - Virtual size: 177KB

.data
Size: 133KB - Virtual size: 1.6MB

.rsrc
Size: 109KB - Virtual size: 109KB