29ea3ef90209d5aff51e314d8f77e10a

Sharing

Copy URL Twitter E-mail

General

Target

29ea3ef90209d5aff51e314d8f77e10a
Size

501KB
MD5

29ea3ef90209d5aff51e314d8f77e10a
SHA1

15601792461ac393228921f624e78f51d830d8b0
SHA256

fa96ee36fef4b2033a10fa5f1ffebf993df574af836bb67126677757dee581de
SHA512

1fb9a9784634bc7feb040bab10621635e0d93d29ff2bc3fa7e61b5d943a20b313594848a8e1189e878b85d1b2c83dcd9ecde396d71912fd76c5f9fd501fc5040
SSDEEP

12288:2uHayVoxQwzR9aQMSP2SiD/KARMMnMMMMMnnPr842j:2uHNo2uR8mPPARMMnMMMMMnPr84

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29ea3ef90209d5aff51e314d8f77e10a

Files

29ea3ef90209d5aff51e314d8f77e10a
.exe windows:4 windows x86 arch:x86

34a58d2c3384b0cf6c74222b67e1c69b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

samlib

SamConnect
SamLookupNamesInDomain
SamConnectWithCreds

advapi32

RegDeleteValueA
SetSecurityDescriptorDacl
RegQueryInfoKeyA
OpenProcessToken
RegSetValueExA
DeregisterEventSource
RegCreateKeyA
RegDeleteKeyA
RegEnumKeyW
InitializeSecurityDescriptor
ReportEventA
RegEnumValueW
LookupPrivilegeValueA
RegOpenKeyA
RegSetValueA
RegisterEventSourceA
AdjustTokenPrivileges
RegCloseKey
RegQueryValueExA
RegSetValueExW
RegQueryValueExW
RegQueryValueA
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExA
RegCreateKeyW
RegEnumValueA
RegEnumKeyA
RegOpenKeyW

kernel32

OpenProcess
GetModuleFileNameW
CreateSemaphoreA
GlobalAddAtomA
GetVolumeInformationA
_lwrite
lstrcpynA
MulDiv
LoadLibraryExA
IsBadCodePtr
SizeofResource
TlsGetValue
GetStringTypeA
DeleteCriticalSection
GetCurrentDirectoryA
GlobalReAlloc
CreateProcessW
RtlUnwind
ResetEvent
SetFileTime
GetTimeZoneInformation
TlsAlloc
HeapAlloc
FindClose
GetUserDefaultLangID
lstrcmpiW
CreateThread
WriteFile
GetModuleFileNameA
VirtualFree
GetStringTypeW
GetModuleHandleA
GetTickCount
CloseHandle
WinExec
HeapSize
GetProfileStringA
GetSystemDirectoryA
SetFilePointer
_lread
lstrcmpiA
MultiByteToWideChar
lstrcmpA
GetStartupInfoA
_llseek
GetTempPathA
FindNextFileA
InitializeCriticalSection
Sleep
IsBadReadPtr
GetShortPathNameA
GetLastError
GetCurrentProcess
GetStdHandle
TlsSetValue
LoadResource
GlobalDeleteAtom
CompareStringW
GetFileAttributesA
FreeResource
ReleaseSemaphore
GetOEMCP
GetCurrentThreadId
GetExitCodeProcess
SetLocalTime
GetFullPathNameA
LockResource
FlushFileBuffers
CreateEventA
TlsFree
lstrlenA
UnlockFile
FlushInstructionCache
GetCurrentProcessId
GlobalSize
LeaveCriticalSection
SetFileAttributesA
SetEndOfFile
GetSystemInfo
GetProcAddress
EnterCriticalSection
HeapCreate
GetSystemTime
FreeLibrary
VirtualProtect
GetCommandLineA
GetLocalTime
LCMapStringW
GetStringTypeExA
ExitThread
FormatMessageA
GetSystemDefaultLangID
ReadFile
GetWindowsDirectoryA
LockFile
GlobalLock
FileTimeToSystemTime
FormatMessageW
SearchPathA
FreeEnvironmentStringsW
GetVersion
GetDateFormatA
FindResourceA
IsDBCSLeadByte
GlobalAlloc
RemoveDirectoryA
GetLocaleInfoA
SetEnvironmentVariableA
CreateFileA
HeapReAlloc
FileTimeToLocalFileTime
WaitForSingleObject
TerminateProcess
SetLastError
DuplicateHandle
ExitProcess
CreateDirectoryA
GetFileType
SetHandleCount
GetEnvironmentStrings
WideCharToMultiByte
InterlockedIncrement
LCMapStringA
UnhandledExceptionFilter
DeleteFileA
RaiseException
SetStdHandle
SetCurrentDirectoryA
InterlockedDecrement
GetCPInfo
GetEnvironmentStringsW
SetEvent
GetACP
FindFirstFileA
GetTempFileNameA
SystemTimeToFileTime
GetSystemDefaultLCID
HeapDestroy
GetDriveTypeA
GlobalFree
CompareStringA
GetVersionExA
GetFileTime
ResumeThread
SetErrorMode
MoveFileA
GlobalUnlock
FreeEnvironmentStringsA
LoadLibraryA
lstrcatA
HeapFree
GlobalHandle
CreateProcessA
GetUserDefaultLCID
VirtualQuery
VirtualAlloc
_lclose

ddraw

DirectDrawEnumerateA

ws2_32

setsockopt
WSAConnect

user32

PostThreadMessageA
GetClientRect
DdeClientTransaction
GetWindowLongA
SetFocus
SetCapture
MessageBoxIndirectA
LoadCursorA
WaitForInputIdle
GetCursor
GetDCEx
DialogBoxParamA
TrackPopupMenu
EnableWindow
SetScrollInfo
MessageBoxA
IsWindowEnabled
TranslateMDISysAccel
InvalidateRgn
GetSystemMenu
EndPaint
GetWindowRect
SetWindowsHookExW
SetKeyboardState
GetCaretPos
SetCursorPos
IsZoomed
IsRectEmpty
SendMessageA
SetMenu
DefFrameProcA
DdeGetData
CharUpperBuffA
InflateRect
DestroyMenu

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 155KB - Virtual size: 1024KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34a58d2c3384b0cf6c74222b67e1c69b

Headers

File Characteristics

Imports

samlib

advapi32

kernel32

ddraw

ws2_32

user32

Sections

.text Size: 1KB - Virtual size: 1KB

.idata Size: 6KB - Virtual size: 5KB

.rdata Size: 206KB - Virtual size: 206KB

.data Size: 155KB - Virtual size: 1024KB

.rsrc Size: 131KB - Virtual size: 131KB

.text
Size: 1KB - Virtual size: 1KB

.idata
Size: 6KB - Virtual size: 5KB

.rdata
Size: 206KB - Virtual size: 206KB

.data
Size: 155KB - Virtual size: 1024KB

.rsrc
Size: 131KB - Virtual size: 131KB