998cdf16b6cabc2b464d2762f9fada76

Sharing

Copy URL Twitter E-mail

General

Target

998cdf16b6cabc2b464d2762f9fada76
Size

498KB
MD5

998cdf16b6cabc2b464d2762f9fada76
SHA1

ca184e36f5b0a9d06e79af3228d838bb35038df1
SHA256

92cf8b71df75244c55a912081ae40e060ab4e1ca2d87638978ee46a82b18e38b
SHA512

0d9043d26648098d4b4efb257a8d03b83029e8ec1cc34fe65aab9e65b46f82b06083e1ea705438ac2a237804324191941666013526e47ffe179d7df017ffa42a
SSDEEP

12288:N43/bbUNBfzJvMMnMMMMM64rXIRPYOw84D+U3AYHEQD:N43kTfzJvMMnMMMMMzzGPHwNHQYf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
998cdf16b6cabc2b464d2762f9fada76

Files

998cdf16b6cabc2b464d2762f9fada76
.exe windows:4 windows x86 arch:x86

ae7d1c09504412aba7fe428aba45d89e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

samlib

SamTestPrivateFunctionsUser
SamConnectWithCreds
SamiLmChangePasswordUser
SamRemoveMultipleMembersFromAlias

ddraw

DirectDrawEnumerateA

mswsock

sethostname

kernel32

FreeResource
FlushInstructionCache
UnhandledExceptionFilter
ReleaseSemaphore
GetFileAttributesA
LCMapStringW
GetCurrentProcess
GetCurrentThreadId
GetSystemDefaultLCID
CreateDirectoryA
GetStdHandle
_lread
GetCurrentProcessId
SetLastError
IsBadReadPtr
SetCurrentDirectoryA
RemoveDirectoryA
GetVersion
lstrcmpiW
GetModuleFileNameA
RaiseException
GetCommandLineA
FormatMessageW
GetCurrentDirectoryA
_llseek
SetHandleCount
FlushFileBuffers
CreateSemaphoreA
lstrcpyA
FreeLibrary
GlobalSize
HeapFree
GetTempPathA
GetDriveTypeA
_lclose
WinExec
GetSystemDirectoryA
GetCPInfo
SetFileAttributesA
GetUserDefaultLangID
lstrcpynA
InterlockedIncrement
WriteFile
IsBadCodePtr
GetStartupInfoA
CompareStringW
GetShortPathNameA
FreeEnvironmentStringsA
SearchPathA
GetWindowsDirectoryA
FindClose
GetFullPathNameA
GetStringTypeA
lstrlenA
LoadLibraryExA
SystemTimeToFileTime
GetModuleHandleA
LoadLibraryA
MultiByteToWideChar
SetFileTime
GlobalHandle
RtlUnwind
IsDBCSLeadByte
GlobalDeleteAtom
Sleep
lstrcatA
GetEnvironmentStringsW
FileTimeToLocalFileTime
lstrcmpA
GetModuleFileNameW
HeapReAlloc
GetTickCount
ExitProcess
CreateEventA
TlsSetValue
GetTimeZoneInformation
GetFileTime
SetEndOfFile
GetSystemDefaultLangID
SetEvent
VirtualFree
HeapAlloc
VirtualAlloc
SetEnvironmentVariableA
CompareStringA
SetLocalTime
CreateProcessW
FindFirstFileA
InterlockedDecrement
WideCharToMultiByte
FindNextFileA
DeleteCriticalSection
GetVersionExA
SetStdHandle
MulDiv
SetFilePointer
GlobalAlloc
_lwrite
GetFileType
GetProfileStringA
FindResourceA
GetExitCodeProcess
GetStringTypeExA
CreateProcessA
GlobalFree
HeapDestroy
LoadResource
ResumeThread
TlsGetValue
TerminateProcess
TlsAlloc
GetLastError
TlsFree
EnterCriticalSection
GlobalAddAtomA
UnlockFile
ExitThread
VirtualQuery
HeapCreate
LCMapStringA
ReadFile
GetUserDefaultLCID
GetVolumeInformationA
LockResource
MoveFileA
InitializeCriticalSection
GlobalUnlock
FormatMessageA
LeaveCriticalSection
FileTimeToSystemTime
DeleteFileA
CloseHandle
CreateThread
VirtualProtect
GetStringTypeW
SizeofResource
GetEnvironmentStrings
SetErrorMode
WaitForSingleObject
GetOEMCP
GetSystemTime
GetSystemInfo
GetLocalTime
HeapSize
GetDateFormatA
GetACP
FreeEnvironmentStringsW
GetProcAddress
GetLocaleInfoA
GlobalReAlloc
DuplicateHandle
LockFile
GetTempFileNameA
CreateFileA
ResetEvent
CreateMailslotA
GlobalLock

advapi32

SetSecurityDescriptorDacl
RegEnumKeyA
RegCreateKeyA
OpenProcessToken
RegQueryValueExW
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
InitializeSecurityDescriptor
RegDeleteKeyW
RegCreateKeyW
ReportEventA
RegOpenKeyW
RegEnumKeyW
RegisterEventSourceA
LookupPrivilegeValueA
RegEnumValueW
RegEnumValueA
RegDeleteKeyA
RegCloseKey
RegQueryValueA
RegSetValueA
DeregisterEventSource
AdjustTokenPrivileges
RegSetValueExA
RegDeleteValueW
RegSetValueExW
RegDeleteValueA
RegQueryInfoKeyA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 154KB - Virtual size: 1024KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae7d1c09504412aba7fe428aba45d89e

Headers

DLL Characteristics

File Characteristics

Imports

samlib

ddraw

mswsock

kernel32

advapi32

Sections

.text Size: 1KB - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 5KB

.data Size: 154KB - Virtual size: 1024KB

.rsrc Size: 131KB - Virtual size: 130KB

.reloc Size: 512B - Virtual size: 64B

.rdata Size: 205KB - Virtual size: 204KB

.text
Size: 1KB - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 5KB

.data
Size: 154KB - Virtual size: 1024KB

.rsrc
Size: 131KB - Virtual size: 130KB

.reloc
Size: 512B - Virtual size: 64B

.rdata
Size: 205KB - Virtual size: 204KB