c320df8969b0cb7625de1eabf85e1f14

Sharing

Copy URL Twitter E-mail

General

Target

c320df8969b0cb7625de1eabf85e1f14
Size

429KB
MD5

c320df8969b0cb7625de1eabf85e1f14
SHA1

6439d4abc85150d1a099d100ab34490b426801e0
SHA256

8c085975e3dc4f0b9f350582fa2e20ec17d4c220642bbb8632748e1dc60cf13d
SHA512

b412de71b3f45dbe9f2bf1d7fa01ff39cac4ef781493b9367f046a4baa82310cc48d4ba7f92158b05016467a89ea9f2f13fc5ff9452d44de2bd8509a81e9c738
SSDEEP

6144:EgqsU/xCOfjkgNqI41kMsa+SCpddQbrMO48Ima3Dr+WqF8OsCwufqyz2SjZWaAcG:jrYjvs3ea+VDdQfqmkr7n5RuiSjUr7H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c320df8969b0cb7625de1eabf85e1f14

Files

c320df8969b0cb7625de1eabf85e1f14
.exe windows:4 windows x86 arch:x86

49d343480994d64628a236ac1fd09153

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DefFrameProcA
LoadBitmapA
SetTimer
SubtractRect
SetWindowsHookExA
EnableMenuItem
GetForegroundWindow
SetScrollRange
SetScrollPos
AdjustWindowRectEx
GetKeyState
ToAscii
MapWindowPoints
RemovePropA
DdeNameService
TabbedTextOutA
DrawMenuBar
IsZoomed
CreateCursor
CharNextA
DdeConnect
GetUpdateRect
EqualRect
IsRectEmpty
GetMessagePos
EnumClipboardFormats
VkKeyScanW
FillRect
PtInRect
SetWindowContextHelpId
MoveWindow
GetSystemMetrics
GetMenuStringA
GetKeyboardState
SetFocus

advapi32

RegCloseKey
AdjustTokenPrivileges
RegSetValueA
LookupPrivilegeValueA
RegDeleteKeyA
RegEnumKeyA
RegEnumValueW
RegQueryInfoKeyA
RegDeleteKeyW
RegQueryValueExA
RegOpenKeyExA
RegisterEventSourceA
RegQueryValueA
DeregisterEventSource
SetSecurityDescriptorDacl
RegQueryValueExW
RegOpenKeyA
OpenProcessToken
InitializeSecurityDescriptor
RegEnumKeyW
RegEnumValueA
RegCreateKeyA
RegDeleteValueW
RegSetValueExA
RegOpenKeyW
RegSetValueExW
ReportEventA
RegDeleteValueA
RegCreateKeyW

samlib

SamRemoveMultipleMembersFromAlias
SamConnectWithCreds

ws2_32

setsockopt

ddraw

DirectDrawEnumerateA

kernel32

DeleteFileA
GetCurrentThreadId
CreateEventA
GetModuleHandleA
LCMapStringA
InitializeCriticalSection
TlsAlloc
LCMapStringW
SystemTimeToFileTime
_lread
GlobalSize
ReadFile
GetTempPathA
ExitThread
GetCommandLineA
FileTimeToSystemTime
IsBadReadPtr
CreateThread
SetCurrentDirectoryA
GetFullPathNameA
WaitForSingleObject
GetCurrentProcess
VirtualProtect
GetCurrentProcessId
GetDriveTypeA
GetFileTime
SetFileTime
HeapDestroy
WriteFile
ExitProcess
LockFile
GetProfileStringA
SizeofResource
TlsFree
GlobalAddAtomA
GetSystemDefaultLangID
GlobalUnlock
EnterCriticalSection
CompareStringW
UnlockFile
FindFirstFileA
RaiseException
_lclose
CreateSemaphoreA
LoadLibraryA
GetDateFormatA
HeapAlloc
TlsSetValue
SetEndOfFile
GetTempFileNameA
Sleep
SetHandleCount
CloseHandle
GlobalFree
GlobalDeleteAtom
GetSystemDirectoryA
FreeResource
LoadLibraryExA
GetLocalTime
HeapSize
WideCharToMultiByte
RemoveDirectoryA
GetLocaleInfoA
LockResource
GetStringTypeExA
IsDBCSLeadByte
InterlockedDecrement
GetStartupInfoA
GetStringTypeA
MulDiv
GetExitCodeProcess
UnhandledExceptionFilter
FormatMessageW
FileTimeToLocalFileTime
FreeLibrary
WinExec
GetSystemTime
OpenProcess
CreateDirectoryA
LoadResource
ReleaseSemaphore
DuplicateHandle
SetFilePointer
lstrlenA
GetFileType
GetVersion
GetSystemDefaultLCID
SetLastError
MultiByteToWideChar
FreeEnvironmentStringsA
GetVolumeInformationA
CompareStringA
FormatMessageA
GlobalAlloc
SetEvent
TlsGetValue
FindResourceA
FindClose
GetOEMCP
GetWindowsDirectoryA
GetCurrentDirectoryA
MoveFileA
GetShortPathNameA
lstrcatA
SetStdHandle
GlobalReAlloc
lstrcpynA
CreateProcessA
GetStdHandle
HeapReAlloc
DeleteCriticalSection
FindNextFileA
RtlUnwind
GlobalHandle
_llseek
GetUserDefaultLangID
GetProcAddress
SetLocalTime
LeaveCriticalSection
FlushFileBuffers
VirtualAlloc
GetSystemInfo
lstrcmpA
GetLastError
GetModuleFileNameA
InterlockedIncrement
GetACP
CreateFileA
FlushInstructionCache
GetStringTypeW
GetEnvironmentStrings
GetUserDefaultLCID
GetFileAttributesA
VirtualQuery
SetFileAttributesA
ResetEvent
GetModuleFileNameW
GetTimeZoneInformation
SetErrorMode
GetEnvironmentStringsW
GetCPInfo
lstrcmpiA
SearchPathA
GlobalLock
GetVersionExA
_lwrite
ResumeThread
TerminateProcess
CreateProcessW
IsBadCodePtr
SetEnvironmentVariableA
VirtualFree
FreeEnvironmentStringsW
HeapCreate
lstrcpyA
HeapFree
GetTickCount

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 133KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49d343480994d64628a236ac1fd09153

Headers

File Characteristics

Imports

user32

advapi32

samlib

ws2_32

ddraw

kernel32

Sections

.text Size: 1KB - Virtual size: 1KB

.idata Size: 6KB - Virtual size: 5KB

.rdata Size: 177KB - Virtual size: 177KB

.data Size: 133KB - Virtual size: 1.6MB

.rsrc Size: 109KB - Virtual size: 109KB

.text
Size: 1KB - Virtual size: 1KB

.idata
Size: 6KB - Virtual size: 5KB

.rdata
Size: 177KB - Virtual size: 177KB

.data
Size: 133KB - Virtual size: 1.6MB

.rsrc
Size: 109KB - Virtual size: 109KB