37e4c678a21c3c8573e7e60b096a29cf

Sharing

Copy URL Twitter E-mail

General

Target

37e4c678a21c3c8573e7e60b096a29cf
Size

373KB
MD5

37e4c678a21c3c8573e7e60b096a29cf
SHA1

4484eb80de503c0aa13de0a5b77b938519ae484c
SHA256

4fb1b369da4a035c0df5051fca48c32e0cfffbb4051629b5a30a3d1251805527
SHA512

53c1f78e9ee5a76eb3cb303eb6fc5c19359606ff2b3f766f55e4120d2b8836396cc6e59a261a04b5e2e40f2ec60be7a8a161590c12585e001d1b81ab38455bb9
SSDEEP

6144:K2W0mDGVAIYRntXCCaReO6wth6QAy7nfXdstUpBv5BmvK6OVb2HwCu6skuYC5bgd:/W0IGWltyC4HtLnfuKpBBBmyTCu6Bwdk

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/DLL Injector.exe
unpack001/SanktumLoader.exe
unpack001/sanktum.dll

Files

37e4c678a21c3c8573e7e60b096a29cf
.rar
DLL Injector.exe
.exe windows:6 windows x86 arch:x86

8d75d84c7c041e413150ec97126558b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32First
WriteProcessMemory
SetConsoleTextAttribute
SetConsoleTitleA
GetStdHandle
GetFullPathNameA
GetModuleHandleA
OpenProcess
CreateToolhelp32Snapshot
Sleep
Process32Next
CloseHandle
GetProcAddress
VirtualAllocEx
CreateRemoteThread
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
UnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW

msvcp140

?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z

vcruntime140

_except_handler4_common
memset
__std_terminate
__CxxFrameHandler3

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfscanf
__acrt_iob_func
__p__commode
_set_fmode
__stdio_common_vfprintf

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_initialize_onexit_table
__p___argv
_crt_atexit
_controlfp_s
terminate
_seh_filter_exe
__p___argc
_set_app_type
system
_exit
_register_onexit_function
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
exit

api-ms-win-crt-filesystem-l1-1-0

_access

api-ms-win-crt-string-l1-1-0

_stricmp

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SanktumLoader.exe
.exe windows:6 windows x86 arch:x86

d8d5ac8f99fa72008b2b979115e10797

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcess
SetUnhandledExceptionFilter
CreateDirectoryA
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
UnhandledExceptionFilter

user32

FindWindowA
IsWindow

advapi32

RegOpenKeyA
RegQueryValueExA

shell32

ShellExecuteA
SHGetFolderPathA
ShellExecuteExA

msvcp140

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Xlength_error@std@@YAXPBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ

urlmon

URLDownloadToFileA

vcruntime140

memmove
__std_terminate
_CxxThrowException
_except_handler4_common
memset
__CxxFrameHandler3
__std_exception_copy
__std_exception_destroy
memcpy

api-ms-win-crt-heap-l1-1-0

_callnewh
free
_set_new_mode
malloc

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-filesystem-l1-1-0

rename

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-runtime-l1-1-0

_c_exit
_cexit
__p___argv
__p___argc
_register_onexit_function
_crt_atexit
_controlfp_s
terminate
_exit
_invalid_parameter_noinfo_noreturn
exit
_initterm_e
_initterm
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_get_initial_narrow_environment
_configure_narrow_argv
_initialize_onexit_table
_set_app_type
_initialize_narrow_environment

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sanktum.dll
.dll windows:6 windows x86 arch:x86

b6533521cb9c850c1da83b5edd3686c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteConsoleA
GetModuleHandleA
Sleep
GetCurrentProcessId
GetModuleHandleW
VirtualProtect
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
QueryPerformanceFrequency
QueryPerformanceCounter
DisableThreadLibraryCalls
CreateThread
FindFirstFileA
FindNextFileA
FindClose
WritePrivateProfileStringA
CreateDirectoryA
GetPrivateProfileStringA
GetProcAddress
CreateFileW
FindFirstFileExW
DeleteCriticalSection
GetFileAttributesExW
GetFileInformationByHandle
AreFileApisANSI
CloseHandle
GetLastError
SetLastError
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
InitializeCriticalSection
GetTickCount
TerminateProcess

user32

FlashWindowEx
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
MessageBoxA
SetCursorPos
ReleaseCapture
GetClientRect
SetCursor
SetCapture
LoadCursorW
GetForegroundWindow
CallWindowProcW
SetWindowLongW
GetCursorPos
IsChild
GetKeyState
ScreenToClient
GetCapture
ClientToScreen

shell32

SHGetFolderPathA
ShellExecuteW

msvcp140

?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Throw_C_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?_Winerror_message@std@@YAKKPADK@Z
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPBDH@Z
_Mtx_trylock
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Mtx_unlock
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Xlength_error@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Xinvalid_argument@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Throw_Cpp_error@std@@YAXH@Z

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx
D3DXCreateTextureFromFileA

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

xinput1_3

ord4
ord2

vcruntime140

memmove
memcpy
memchr
memset
_CxxThrowException
_except_handler4_common
__std_type_info_destroy_list
__CxxFrameHandler3
__std_terminate
_purecall
strstr
__std_exception_destroy
__std_exception_copy

api-ms-win-crt-runtime-l1-1-0

terminate
_cexit
_initterm
_seh_filter_dll
_configure_narrow_argv
_initterm_e
_errno
_initialize_narrow_environment
_crt_atexit
_initialize_onexit_table
_register_onexit_function
_beginthreadex
exit
_invalid_parameter_noinfo_noreturn
_execute_onexit_table

api-ms-win-crt-math-l1-1-0

remainderf
ceil
_libm_sse2_sqrt_precise
_CIatan2
_CIfmod
_libm_sse2_atan_precise
_libm_sse2_cos_precise
_libm_sse2_pow_precise
floor
fmaxf
_libm_sse2_sin_precise

api-ms-win-crt-stdio-l1-1-0

fopen_s
ftell
__stdio_common_vsnprintf_s
_fseeki64
fread
fsetpos
ungetc
setvbuf
fgetpos
fseek
__acrt_iob_func
fwrite
__stdio_common_vfprintf
_wfopen
fgetc
fclose
__stdio_common_vsprintf
fflush
fputc
__stdio_common_vsprintf_s
__stdio_common_vsscanf
_get_stream_buffer_pointers

api-ms-win-crt-convert-l1-1-0

atoi
strtod
strtol
atof
strtoul

api-ms-win-crt-filesystem-l1-1-0

_lock_file
remove
_unlock_file

api-ms-win-crt-string-l1-1-0

isprint
towlower
strncmp
strncpy
isdigit

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

Sections

.text
Size: 458KB - Virtual size: 458KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 238KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d75d84c7c041e413150ec97126558b0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 904B

.gfids Size: 512B - Virtual size: 32B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 488B

d8d5ac8f99fa72008b2b979115e10797

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcp140

urlmon

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1020B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1024B - Virtual size: 728B

b6533521cb9c850c1da83b5edd3686c0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

msvcp140

d3dx9_43

wininet

imm32

xinput1_3

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 458KB - Virtual size: 458KB

.rdata Size: 238KB - Virtual size: 237KB

.data Size: 7KB - Virtual size: 11KB

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 904B

.gfids
Size: 512B - Virtual size: 32B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 488B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1020B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 728B

.text
Size: 458KB - Virtual size: 458KB

.rdata
Size: 238KB - Virtual size: 237KB

.data
Size: 7KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 22KB - Virtual size: 21KB