57a3dda7b70ca83cc8a55ebd74deda1a

Sharing

Copy URL Twitter E-mail

General

Target

57a3dda7b70ca83cc8a55ebd74deda1a
Size

429KB
MD5

57a3dda7b70ca83cc8a55ebd74deda1a
SHA1

34a05e861027746879b640230e1306afe7fa6b05
SHA256

436e2aa5662931928395635b5ae48f044d77a52f9cba0849453d49d24f04b89d
SHA512

88f048fd08d5d0ffd797382d98882a9e0ffb8f05a8014f8aa9bcac5c44da9136e9656781d4adaad710e138af1a9e83302c361b04a50878e0cf9e759f7482171d
SSDEEP

6144:6rul+G4YZ9bXfpaAGFMBSu54ISp+G0d29KOs42OsBv2v71MFnntYsi7wFh6QR+kK:gM/ZtRabXuyINd2QmDv1MZ+JwL6gLW1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
57a3dda7b70ca83cc8a55ebd74deda1a

Files

57a3dda7b70ca83cc8a55ebd74deda1a
.exe windows:4 windows x86 arch:x86

f014d485c29935a9b9f7b15befc8e47b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegisterEventSourceA
RegCreateKeyA
SetSecurityDescriptorDacl
AdjustTokenPrivileges
RegEnumValueA
RegEnumKeyA
RegEnumKeyW
RegDeleteValueW
RegSetValueExA
RegCloseKey
RegQueryInfoKeyA
RegDeleteValueA
LookupPrivilegeValueA
RegOpenKeyW
RegQueryValueExA
RegSetValueA
RegDeleteKeyA
RegQueryValueExW
RegSetValueExW
OpenProcessToken
RegQueryValueA
RegOpenKeyExA
DeregisterEventSource
RegOpenKeyA
ReportEventA
RegEnumValueW
RegCreateKeyW
InitializeSecurityDescriptor
RegDeleteKeyW

kernel32

GetModuleHandleA
IsBadCodePtr
SearchPathA
SetEvent
CreateDirectoryA
GetDateFormatA
GetEnvironmentStringsW
CreateEventA
SetCurrentDirectoryA
ResumeThread
FreeResource
GetFullPathNameA
GetLastError
GetCurrentDirectoryA
Sleep
HeapSize
CompareStringW
VirtualQuery
MoveFileA
GetOEMCP
lstrcpynA
lstrcmpiW
HeapFree
DeleteFileA
InitializeCriticalSection
SystemTimeToFileTime
DuplicateHandle
GetTimeZoneInformation
FreeEnvironmentStringsW
SetFilePointer
_lwrite
FindFirstFileA
FreeLibrary
GetExitCodeProcess
FileTimeToLocalFileTime
GetCurrentProcess
GlobalAlloc
FlushFileBuffers
GetUserDefaultLCID
GetDriveTypeA
GetFileAttributesA
GlobalReAlloc
SetLastError
GetStringTypeW
GetWindowsDirectoryA
lstrcpyA
ExitThread
FindResourceA
UnlockFile
MultiByteToWideChar
GetSystemDefaultLangID
GetVersionExA
ResetEvent
CreateThread
GlobalHandle
GetStdHandle
IsBadReadPtr
GetSystemDefaultLCID
FreeEnvironmentStringsA
TlsFree
SetFileAttributesA
GetModuleFileNameA
FileTimeToSystemTime
GlobalLock
lstrcmpiA
TlsAlloc
WideCharToMultiByte
UnhandledExceptionFilter
GetSystemTime
SetFileTime
ReadFile
ReleaseSemaphore
LoadLibraryA
GetTickCount
TlsSetValue
GetProfileStringA
WaitForSingleObject
GlobalFree
ExitProcess
GlobalAddAtomA
GetFileTime
_lread
SetStdHandle
RaiseException
GetCurrentThreadId
GetLocaleInfoA
GetStartupInfoA
GetSystemDirectoryA
GetVersion
SetEnvironmentVariableA
LCMapStringW
SetLocalTime
CreateSemaphoreA
GetSystemInfo
GetFileType
TerminateProcess
WinExec
GlobalUnlock
CreateProcessW
GetStringTypeExA
_lclose
SetEndOfFile
GetTempFileNameA
IsDBCSLeadByte
lstrcmpA
CloseHandle
InterlockedIncrement
GetStringTypeA
SizeofResource
RemoveDirectoryA
LockFile
InterlockedDecrement
HeapReAlloc
HeapDestroy
HeapAlloc
OpenProcess
FindNextFileA
LoadLibraryExA
GetCommandLineA
lstrcatA
LockResource
HeapCreate
CreateProcessA
FormatMessageW
TlsGetValue
GetTempPathA
GetProcAddress
SetErrorMode
FormatMessageA
SetHandleCount
CreateFileA
RtlUnwind
GetEnvironmentStrings
GetModuleFileNameW
MulDiv
FlushInstructionCache
EnterCriticalSection
GetCurrentProcessId
GetUserDefaultLangID
DeleteCriticalSection
_llseek
CompareStringA
VirtualProtect
LoadResource
lstrlenA
GlobalDeleteAtom
WriteFile
VirtualFree
VirtualAlloc
LeaveCriticalSection
GetLocalTime
GlobalSize
LCMapStringA
GetACP
GetCPInfo
FindClose
GetShortPathNameA

user32

SetDlgItemTextA
LoadIconA
PostMessageA
GetForegroundWindow
MsgWaitForMultipleObjects
IsWindowVisible
SetPropA
DdeAbandonTransaction
CreateMenu
SetWindowTextA
RegisterClassA
CreateCaret
WindowFromPoint
EmptyClipboard
GetDesktopWindow
EqualRect
DdeQueryConvInfo
DdeCreateDataHandle
DdeInitializeA
IsClipboardFormatAvailable
GetDC
ModifyMenuA
DrawTextA
DdeQueryStringA
GetUpdateRgn
SetCursorPos
IsWindow
DrawFrameControl
SetMenu
ClipCursor
PostThreadMessageA
SetCaretPos
DdeDisconnect
SetForegroundWindow
CallNextHookEx

ddraw

DirectDrawEnumerateA

ws2_32

setsockopt
WSAConnect

samlib

SamRemoveMultipleMembersFromAlias
SamConnectWithCreds

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 133KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f014d485c29935a9b9f7b15befc8e47b

Headers

File Characteristics

Imports

advapi32

kernel32

user32

ddraw

ws2_32

samlib

Sections

.text Size: 1KB - Virtual size: 1KB

.idata Size: 6KB - Virtual size: 5KB

.rdata Size: 177KB - Virtual size: 177KB

.data Size: 133KB - Virtual size: 1.6MB

.rsrc Size: 109KB - Virtual size: 109KB

.text
Size: 1KB - Virtual size: 1KB

.idata
Size: 6KB - Virtual size: 5KB

.rdata
Size: 177KB - Virtual size: 177KB

.data
Size: 133KB - Virtual size: 1.6MB

.rsrc
Size: 109KB - Virtual size: 109KB