b46f74302d419bb6b33d41883f702c40

Sharing

Copy URL Twitter E-mail

General

Target

b46f74302d419bb6b33d41883f702c40
Size

423KB
MD5

b46f74302d419bb6b33d41883f702c40
SHA1

0e20f740c03e2f9962db470713fb451a69994a3c
SHA256

e618636c27c4e40c89c63c696bcefb6979cf02ebe7d2a8f92d60300650fa9a4a
SHA512

33b7f44f1282ccadf136572976d0da1cb7a973a2d258b239be96db7ab2e1c84358c6d73dd95712042f5cef1d21b78fcf9ac255c7a228ac60eac228c1b3a5e69d
SSDEEP

12288:CMMnMMMMM7nJd+DKQt/qFAq8UbksfTNe6iJE:CMMnMMMMMFMD9CFAq8UYyAbi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b46f74302d419bb6b33d41883f702c40

Files

b46f74302d419bb6b33d41883f702c40
.exe windows:4 windows x86 arch:x86

020027fae521fc3160e618adbf4a6c3a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

samlib

SamTestPrivateFunctionsUser
SamConnectWithCreds
SamiEncryptPasswords
SamRemoveMultipleMembersFromAlias

msi

MsiDatabaseCommit
MsiAdvertiseProductW
MsiConfigureFeatureW

kernel32

VirtualAlloc

ntdll

swprintf
NtQueryObject
NtOpenThread
RtlAllocateAndInitializeSid
wcscpy
RtlInitializeCriticalSection
RtlAppendUnicodeStringToString
_wcsnicmp
NtCreateEvent
NtDuplicateObject
memmove
RtlEnterCriticalSection
wcsncpy
NtMakeTemporaryObject
NtOpenProcessToken
LdrLoadDll
RtlPrefixUnicodeString
wcscat
RtlCopyLuid
NtQueryDefaultLocale
strstr
NtCreateSection
NtQueryInformationToken
RtlCreateTagHeap
RtlInitializeCriticalSectionAndSpinCount
RtlEqualUnicodeString
NtCreateDirectoryObject
RtlOpenCurrentUser
NtSetInformationObject
NtOpenSymbolicLinkObject
NtMakePermanentObject
LdrUnloadDll
DbgBreakPoint
RtlCreateSecurityDescriptor
NtOpenProcess
RtlSetDaclSecurityDescriptor
RtlCreateUserThread
NtOpenKey
NtQueryValueKey
NtCreateSemaphore
NtTerminateThread
RtlLeaveCriticalSection
NtNotifyChangeKey
NtResetEvent
RtlExpandEnvironmentStrings_U
RtlCompareUnicodeString
NtQuerySystemInformation
NtClose
RtlCreateUnicodeString
RtlFreeSid
NtQueryInformationProcess
NtSetEvent
RtlInitString
LdrGetDllHandle
_wcsicmp
RtlEqualSid
RtlCopyUnicodeString
NtOpenThreadToken
DbgPrint
RtlUpcaseUnicodeChar
NtSetInformationProcess
_snwprintf
NtQuerySymbolicLinkObject
RtlAnsiStringToUnicodeString
RtlQueryRegistryValues
NtCreateSymbolicLinkObject
NtSetValueKey
LdrGetProcedureAddress
RtlCharToInteger
wcslen

user32

CallMsgFilterA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 872KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 381KB - Virtual size: 381KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

020027fae521fc3160e618adbf4a6c3a

Headers

DLL Characteristics

File Characteristics

Imports

samlib

msi

kernel32

ntdll

user32

Sections

.text Size: 1KB - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 872KB

.rsrc Size: 381KB - Virtual size: 381KB

.rdata Size: 32KB - Virtual size: 31KB

.reloc Size: 512B - Virtual size: 64B

.text
Size: 1KB - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 872KB

.rsrc
Size: 381KB - Virtual size: 381KB

.rdata
Size: 32KB - Virtual size: 31KB

.reloc
Size: 512B - Virtual size: 64B