99a3345630c93aaf6b0131b6e27c85d1

Sharing

Copy URL Twitter E-mail

General

Target

99a3345630c93aaf6b0131b6e27c85d1
Size

468KB
MD5

99a3345630c93aaf6b0131b6e27c85d1
SHA1

f5ed4d629851778f37622e60544381f6124d7ad4
SHA256

e3f31d6de0875bda2165ad96b174d0502727a271be1998d33dfbcedc6fedac73
SHA512

cc38efe14b703ddfc53fe6ddc8e744aca97d2c53e7f463b590edd0636a14de9bbf35a3b23dc18fdd276d6dbbb71d516eec6bdddc600d5d16bc4a38a59152aa24
SSDEEP

12288:FFqcN7BINNE2pr76fkeW1hEDiNauC3UFDXQdE:fRB/fZUE/d3AryE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
99a3345630c93aaf6b0131b6e27c85d1

Files

99a3345630c93aaf6b0131b6e27c85d1
.exe windows:4 windows x86 arch:x86

8b661a40114c3be26580a21f76326b64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlAdjustPrivilege
RtlInitUnicodeString
NtUnlockVirtualMemory

rtutils

TraceDeregisterW
RouterLogDeregisterW
TracePrintfExW
TraceRegisterExW
RouterLogRegisterW

ddraw

DirectDrawCreate

msvcrt

wcschr
strlen
wcslen
memmove
memcmp
wcscmp
swprintf
memset
malloc
_except_handler3
wcscpy
_adjust_fdiv
_initterm
_wcsicmp
wcsncpy
free
memcpy
wcscat

kernel32

VirtualAlloc
HeapCreate
GetLastError
EnterCriticalSection
ReadFile
SetEvent
TerminateProcess
SetLastError
DeviceIoControl
DeleteTimerQueue
ReleaseMutex
GetCurrentProcess
LeaveCriticalSection
GetCurrentProcessId
HeapDestroy
UnhandledExceptionFilter
InterlockedExchange
HeapFree
HeapAlloc
DeleteTimerQueueTimer
UnregisterWaitEx
InterlockedIncrement
CreateEventW
GetComputerNameExW
WaitForSingleObject
HeapReAlloc
CreateMutexW
RegisterWaitForSingleObject
WideCharToMultiByte
InterlockedDecrement
CreateTimerQueueTimer
SetUnhandledExceptionFilter
InitializeCriticalSection
WriteFile
GetTickCount
UnregisterWait
DisableThreadLibraryCalls
QueryPerformanceCounter
CreateTimerQueue
MultiByteToWideChar
GetSystemTimeAsFileTime
CloseHandle
CreateFileW
ExpandEnvironmentStringsW
ChangeTimerQueueTimer
GetCurrentThreadId
LoadLibraryW
Sleep
FreeLibrary
GetProcAddress
QueueUserWorkItem
DeleteCriticalSection

ole32

CoUninitialize
CoTaskMemFree
CoCreateInstance
CoInitializeEx

iphlpapi

GetAdaptersInfo
NotifyRouteChange
NotifyAddrChange
GetAdaptersAddresses

dnsapi

DnsReplaceRecordSetW

mswsock

GetAcceptExSockaddrs
AcceptEx

wmi

WmiNotificationRegistrationW

advapi32

CryptAcquireContextW
RegisterServiceCtrlHandlerW
RegOpenKeyExW
CryptGenRandom
RegEnumValueW
SetServiceStatus
RegQueryValueExW
RegCloseKey
CryptReleaseContext
RegEnumKeyExW

ws2_32

WSALookupServiceBeginW
WSAAddressToStringW
WSAEventSelect
WSARecvFrom
WSALookupServiceEnd
WSAStringToAddressA
WSAAddressToStringA
getnameinfo
freeaddrinfo
WSASocketW
WSALookupServiceNextW
WSAIoctl
getaddrinfo
WSASendTo

Sections

.text
Size: 4KB - Virtual size: 892B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 272KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8b661a40114c3be26580a21f76326b64

Headers

File Characteristics

Imports

ntdll

rtutils

ddraw

msvcrt

kernel32

ole32

iphlpapi

dnsapi

mswsock

wmi

advapi32

ws2_32

Sections

.text Size: 4KB - Virtual size: 892B

.rsrc Size: 104KB - Virtual size: 101KB

.data Size: 76KB - Virtual size: 2.4MB

.reloc Size: 4KB - Virtual size: 64B

.rdata Size: 272KB - Virtual size: 268KB

.idata Size: 4KB - Virtual size: 3KB

.text
Size: 4KB - Virtual size: 892B

.rsrc
Size: 104KB - Virtual size: 101KB

.data
Size: 76KB - Virtual size: 2.4MB

.reloc
Size: 4KB - Virtual size: 64B

.rdata
Size: 272KB - Virtual size: 268KB

.idata
Size: 4KB - Virtual size: 3KB