c9df75916649388935b33652663514cd

Sharing

Copy URL Twitter E-mail

General

Target

c9df75916649388935b33652663514cd
Size

428KB
MD5

c9df75916649388935b33652663514cd
SHA1

609fee71331f14e4e95ced73f3707e22e4df703c
SHA256

61e328f2327958476ed1e5da7789f0f7ae55c1dbaaab77b769ef117e6b0426a1
SHA512

e650893d6ebddc315b6ce6a4935167113489492c2e09d98bb462d7214b14029a1bad97b6f2001a7c3c86906aa7eb1666b580fbfecdcbc2daaa439b0693eaaf99
SSDEEP

12288:QqYDSJabE7vlp+Xu2p12UDlHqBe19Vdt91K:QqYDwpjv+Xu2GUDV9HVvK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c9df75916649388935b33652663514cd

Files

c9df75916649388935b33652663514cd
.exe windows:4 windows x86 arch:x86

3cf3fe823097bfd51c22df47d18964b4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ddraw

DirectDrawEnumerateA

ws2_32

setsockopt

samlib

SamConnectWithCreds
SamRemoveMultipleMembersFromAlias

kernel32

SizeofResource
GetOEMCP
GetCurrentProcessId
LoadLibraryExA
VirtualQuery
GlobalUnlock
GlobalLock
LoadResource
IsDBCSLeadByte
GetShortPathNameA
SearchPathA
InitializeCriticalSection
CreateDirectoryA
ExitThread
lstrcmpA
OpenProcess
WinExec
GlobalSize
GetModuleHandleA
GetLocalTime
GetModuleFileNameA
SetFileTime
EnterCriticalSection
MoveFileA
UnlockFile
RemoveDirectoryA
FindFirstFileA
lstrcmpiW
GetLastError
TlsAlloc
VirtualAlloc
LeaveCriticalSection
GetSystemInfo
LoadLibraryA
GetFullPathNameA
ResetEvent
DuplicateHandle
SetFileAttributesA
DeleteCriticalSection
FormatMessageA
GetSystemDefaultLangID
TlsFree
SystemTimeToFileTime
GetTempFileNameA
CreateFileA
FreeLibrary
FreeEnvironmentStringsW
GetStringTypeW
CreateProcessA
lstrcpynA
_lwrite
InterlockedIncrement
LockFile
GetEnvironmentStrings
SetErrorMode
GetStdHandle
GlobalHandle
UnhandledExceptionFilter
TlsSetValue
GetSystemTime
lstrcpyA
GlobalAddAtomA
IsBadReadPtr
FindClose
GetVersionExA
LockResource
FileTimeToSystemTime
Sleep
LCMapStringA
GetCurrentThreadId
GetACP
RaiseException
VirtualFree
WideCharToMultiByte
CreateProcessW
SetEndOfFile
GetExitCodeProcess
WaitForSingleObject
GetCurrentDirectoryA
GetProcAddress
TlsGetValue
CloseHandle
_lread
GetCurrentProcess
ReleaseSemaphore
GetDateFormatA
_llseek
GetDriveTypeA
FlushInstructionCache
GetEnvironmentStringsW
CreateThread
GlobalReAlloc
RtlUnwind
GetStringTypeExA
CompareStringW
GetCommandLineA
SetHandleCount
GetTickCount
SetEvent
GetFileAttributesA
GetModuleFileNameW
HeapFree
FormatMessageW
SetFilePointer
GetTimeZoneInformation
HeapSize
FlushFileBuffers
FreeEnvironmentStringsA
GlobalAlloc
GetCPInfo
HeapDestroy
CompareStringA
GetTempPathA
GetUserDefaultLCID
GetFileTime
IsBadCodePtr
MultiByteToWideChar
lstrcmpiA
GetVolumeInformationA
GlobalDeleteAtom
GetVersion
GetUserDefaultLangID
FileTimeToLocalFileTime
FreeResource
SetCurrentDirectoryA
HeapAlloc
GetStartupInfoA
MulDiv
VirtualProtect
GetStringTypeA
GetFileType
LCMapStringW
ExitProcess
HeapReAlloc
WriteFile
TerminateProcess
GetSystemDirectoryA
HeapCreate
FindResourceA
GetSystemDefaultLCID
SetLocalTime
SetLastError
GetWindowsDirectoryA
GetProfileStringA
SetStdHandle
GlobalFree
SetEnvironmentVariableA
lstrcatA
ResumeThread
lstrlenA
CreateEventA
DeleteFileA
GetLocaleInfoA
_lclose
InterlockedDecrement
ReadFile
CreateSemaphoreA

advapi32

RegSetValueA
LookupPrivilegeValueA
RegDeleteKeyW
RegSetValueExA
OpenProcessToken
SetSecurityDescriptorDacl
RegisterEventSourceA
RegCreateKeyW
AdjustTokenPrivileges
RegDeleteValueA
RegQueryValueA
RegSetValueExW
RegDeleteKeyA
RegEnumValueA
RegQueryValueExA
RegEnumKeyA
RegCloseKey
DeregisterEventSource
InitializeSecurityDescriptor
RegEnumKeyW
RegOpenKeyW
RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyA
RegOpenKeyA
RegCreateKeyA
RegQueryValueExW
ReportEventA
RegOpenKeyExA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 133KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3cf3fe823097bfd51c22df47d18964b4

Headers

File Characteristics

Imports

ddraw

ws2_32

samlib

kernel32

advapi32

Sections

.text Size: 1KB - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 4KB

.rdata Size: 177KB - Virtual size: 177KB

.data Size: 133KB - Virtual size: 1.6MB

.rsrc Size: 109KB - Virtual size: 109KB

.text
Size: 1KB - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 4KB

.rdata
Size: 177KB - Virtual size: 177KB

.data
Size: 133KB - Virtual size: 1.6MB

.rsrc
Size: 109KB - Virtual size: 109KB