7b5972ffe7faef551e62516fe58f3fad

Sharing

Copy URL Twitter E-mail

General

Target

7b5972ffe7faef551e62516fe58f3fad
Size

501KB
MD5

7b5972ffe7faef551e62516fe58f3fad
SHA1

1fc03f47faf4a6198714aa2161a5ad6e3bba4144
SHA256

75146b9b865a368e4602142713232debefce29df8e84bfad6d3d9fccb9dce07a
SHA512

9b2ffc9686f80dc54932cac32dd3f5ee7b567f6083eaeb3028a345cc8ead228c9950fb111f79f46f115a753805d5cdefb89cdd51fba2155c18d488e91477b803
SSDEEP

12288:iMzAaYm1sx9vWn9lZEcw60CsP+MMnMMMMMVN/IuK7/:iMzt1sPvOKZ6jMMnMMMMM7/Iu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7b5972ffe7faef551e62516fe58f3fad

Files

7b5972ffe7faef551e62516fe58f3fad
.exe windows:4 windows x86 arch:x86

e68ce524a5857d31da82df0cdb304db7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueW
RegDeleteKeyA
RegQueryValueExA
RegDeleteKeyW
InitializeSecurityDescriptor
RegQueryValueA
RegSetValueExW
RegCreateKeyA
AdjustTokenPrivileges
RegQueryInfoKeyA
RegQueryValueExW
RegEnumKeyA
RegEnumKeyW
RegCloseKey
RegOpenKeyExA
RegCreateKeyW
ReportEventA
RegSetValueA
RegDeleteValueW
RegDeleteValueA
RegEnumValueA
LookupPrivilegeValueA
DeregisterEventSource
RegOpenKeyW
RegOpenKeyA
RegisterEventSourceA
OpenProcessToken
SetSecurityDescriptorDacl
RegSetValueExA

samlib

SamRemoveMultipleMembersFromAlias
SamConnectWithCreds

ddraw

DirectDrawEnumerateA

user32

DdeFreeStringHandle
GetWindowRgn
GetSubMenu
CallNextHookEx
GetWindowThreadProcessId
GetAsyncKeyState
DefFrameProcA
DestroyWindow
DdeNameService
IsClipboardFormatAvailable
GetMessagePos
GetWindowRect
GetDoubleClickTime
GetFocus
CharToOemA
GetClassInfoA
PeekMessageA
DdeUninitialize
LoadCursorA
IsChild
IsZoomed
GetLastActivePopup
GetDesktopWindow
ScreenToClient
GetActiveWindow
CharToOemBuffA
RegisterClipboardFormatA
DispatchMessageA
CharPrevA
LoadIconA
GetClassNameA
CharLowerA
DdeSetUserHandle
TabbedTextOutA
DeferWindowPos

ws2_32

setsockopt

kernel32

FindClose
GlobalHandle
_lread
ExitThread
FreeEnvironmentStringsA
GetACP
GetStringTypeA
FlushFileBuffers
CompareStringW
LCMapStringW
lstrlenA
FindResourceA
GetModuleFileNameA
CreateFileA
DeleteFileA
GetCurrentDirectoryA
_lwrite
MoveFileA
GetShortPathNameA
GetSystemDefaultLangID
GetFullPathNameA
LeaveCriticalSection
FreeLibrary
GetTempPathA
HeapAlloc
TlsGetValue
IsDBCSLeadByte
GlobalAddAtomA
SetCurrentDirectoryA
GetTempFileNameA
GlobalSize
RtlUnwind
GetModuleHandleA
VirtualAlloc
GetDateFormatA
GetFileTime
lstrcmpiA
SetFileTime
SetEnvironmentVariableA
GetCurrentProcessId
ResetEvent
SetErrorMode
GlobalLock
GetLocalTime
InterlockedDecrement
FlushInstructionCache
SetLocalTime
RemoveDirectoryA
EnterCriticalSection
SearchPathA
Sleep
GlobalReAlloc
GlobalAlloc
GetExitCodeProcess
lstrcpyA
SizeofResource
FreeResource
GetProcAddress
LCMapStringA
GetWindowsDirectoryA
lstrcpynA
CreateDirectoryA
MultiByteToWideChar
HeapFree
ReadFile
SetFileAttributesA
GetStringTypeExA
GetTimeZoneInformation
GlobalFree
GetFileType
FindFirstFileA
SetStdHandle
GetModuleFileNameW
LockResource
GetSystemDirectoryA
HeapCreate
SystemTimeToFileTime
IsBadReadPtr
GlobalUnlock
LoadLibraryExA
LoadLibraryA
GetStdHandle
LoadResource
MulDiv
WaitForSingleObject
FormatMessageA
GlobalDeleteAtom
WinExec
CloseHandle
GetTickCount
FileTimeToLocalFileTime
VirtualFree
SetEndOfFile
VirtualProtect
GetCPInfo
TlsFree
GetVersionExA
FindNextFileA
OpenProcess
GetSystemTime
HeapDestroy
GetProfileStringA
FreeEnvironmentStringsW
IsBadCodePtr
GetLastError
GetCurrentThreadId
DeleteCriticalSection
lstrcatA
TlsAlloc
GetFileAttributesA
GetEnvironmentStrings
TerminateProcess
GetUserDefaultLCID
CreateProcessW
_llseek
GetOEMCP
RaiseException
GetSystemDefaultLCID
CreateEventA
CompareStringA
GetDriveTypeA
lstrcmpiW
GetSystemInfo
WideCharToMultiByte
GetUserDefaultLangID
HeapSize
FormatMessageW
SetEvent
TlsSetValue
LockFile
GetVersion
CreateProcessA
GetVolumeInformationA
WriteFile
SetFilePointer
GetCommandLineA
GetEnvironmentStringsW
GetLocaleInfoA
GetStartupInfoA
lstrcmpA
HeapReAlloc
ExitProcess
InitializeCriticalSection
UnlockFile
_lclose
UnhandledExceptionFilter
ReleaseSemaphore
SetLastError
InterlockedIncrement
GetStringTypeW
GetCurrentProcess
SetHandleCount
CreateSemaphoreA
DuplicateHandle
VirtualQuery
FileTimeToSystemTime
CreateThread

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 155KB - Virtual size: 1024KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e68ce524a5857d31da82df0cdb304db7

Headers

File Characteristics

Imports

advapi32

samlib

ddraw

user32

ws2_32

kernel32

Sections

.text Size: 1KB - Virtual size: 1KB

.idata Size: 6KB - Virtual size: 5KB

.rdata Size: 206KB - Virtual size: 206KB

.data Size: 155KB - Virtual size: 1024KB

.rsrc Size: 131KB - Virtual size: 131KB

.text
Size: 1KB - Virtual size: 1KB

.idata
Size: 6KB - Virtual size: 5KB

.rdata
Size: 206KB - Virtual size: 206KB

.data
Size: 155KB - Virtual size: 1024KB

.rsrc
Size: 131KB - Virtual size: 131KB