1761e767157fa8cd3fac72904384d98a

Sharing

Copy URL Twitter E-mail

General

Target

1761e767157fa8cd3fac72904384d98a
Size

424KB
MD5

1761e767157fa8cd3fac72904384d98a
SHA1

0c08060c044fcdb554920349ea082fbb958add84
SHA256

d4062a297f6954875b7f929d5ecf0ba76b7fc7d51413a8893c86472cafb42c8c
SHA512

1615932497bd210a682dd12d51be445da073716941a026bd856726115a5711fceb00ad73387f27637a94a3fbb7c1147c0917ccfd3c33a891c22430734418f801
SSDEEP

12288:7MMnMMMMMQ1ztSrAd7l51k7xLC++5ERv1rcahjLX/o9S2Ja:7MMnMMMMM653r5K+ORlBp/oi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1761e767157fa8cd3fac72904384d98a

Files

1761e767157fa8cd3fac72904384d98a
.exe windows:4 windows x86 arch:x86

628016db0135e7206805e0bbee0c64c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ddraw

DirectDrawEnumerateA

kernel32

GetLocaleInfoA
GetCurrentDirectoryA
CreateThread
GlobalSize
GetFileType
GetModuleHandleA
GetShortPathNameA
CreateEventA
HeapAlloc
SetFilePointer
SetLastError
SetEvent
ResumeThread
_lwrite
FreeLibrary
IsBadCodePtr
ReleaseSemaphore
RemoveDirectoryA
GetExitCodeProcess
GetSystemDefaultLCID
lstrcpyA
DeleteFileA
GetLocalTime
HeapSize
MoveFileA
GetStringTypeA
GlobalHandle
FileTimeToSystemTime
IsBadReadPtr
ReadFile
GlobalDeleteAtom
FreeEnvironmentStringsA
HeapDestroy
SystemTimeToFileTime
DuplicateHandle
GetFileAttributesA
WideCharToMultiByte
InterlockedIncrement
_lclose
GetTempPathA
GlobalFree
lstrcmpiA
CreateFileA
FreeResource
LeaveCriticalSection
GetACP
GetSystemTime
CreateSemaphoreA
MultiByteToWideChar
WriteFile
lstrlenA
RaiseException
SearchPathA
GetStringTypeExA
GlobalAlloc
FindFirstFileA
GetCurrentProcess
HeapFree
SetLocalTime
GlobalUnlock
MulDiv
CompareStringW
_lread
LCMapStringA
GetLastError
UnlockFile
HeapReAlloc
GetVersionExA
GetEnvironmentStrings
VirtualProtect
InitializeCriticalSection
FreeEnvironmentStringsW
FindClose
GlobalLock
ResetEvent
lstrcmpiW
HeapCreate
TlsFree
GetDateFormatA
GetTimeZoneInformation
GetCurrentProcessId
GetStdHandle
SetFileTime
FormatMessageA
UnhandledExceptionFilter
GetStringTypeW
GetCommandLineA
VirtualAlloc
GetWindowsDirectoryA
SetFileAttributesA
TlsGetValue
CreateProcessA
lstrcmpA
SetErrorMode
GetEnvironmentStringsW
GetModuleFileNameW
LockResource
GetOEMCP
FormatMessageW
EnterCriticalSection
WaitForSingleObject
SetStdHandle
CompareStringA
ExitProcess
GetSystemDefaultLangID
lstrcatA
InterlockedDecrement

msi

MsiDatabaseCommit
MsiAdvertiseProductW
MsiConfigureFeatureW

samlib

SamTestPrivateFunctionsUser
SamRemoveMultipleMembersFromAlias
SamConnectWithCreds
SamiEncryptPasswords

user32

CallMsgFilterA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 872KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 315KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

628016db0135e7206805e0bbee0c64c3

Headers

DLL Characteristics

File Characteristics

Imports

ddraw

kernel32

msi

samlib

user32

Sections

.text Size: 1KB - Virtual size: 1KB

.rsrc Size: 39KB - Virtual size: 39KB

.data Size: 63KB - Virtual size: 872KB

.rdata Size: 315KB - Virtual size: 314KB

.reloc Size: 512B - Virtual size: 64B

.idata Size: 3KB - Virtual size: 3KB

.text
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 39KB - Virtual size: 39KB

.data
Size: 63KB - Virtual size: 872KB

.rdata
Size: 315KB - Virtual size: 314KB

.reloc
Size: 512B - Virtual size: 64B

.idata
Size: 3KB - Virtual size: 3KB