ca54629b27833b78e365235fedd54c53

Sharing

Copy URL

Twitter E-mail

General

Target

ca54629b27833b78e365235fedd54c53
Size

1.4MB
MD5

ca54629b27833b78e365235fedd54c53
SHA1

e58f8ccc912099a4d8471ce35b5f70864fa2370d
SHA256

fed683f212b58345f6196f41ba17fb4663666ed6e8cb77ee99131764e0a4f668
SHA512

3855fbfa945dbe62181622dbbdcdf6b2e614e6be135e1596d1bc1adf0f8c253f2a5de160b0344c6b0bc98603445c540a9da7828f444c073f0c13b8992c272537
SSDEEP

24576:NRL0vjP5d4gErsuBFBG+kwKzD+xvrUYUqO7fGwe8CXKI3EwdG9fL:TITUhrsu5rktaxvrU9e8TZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Sasality.swin/Fatality.dll

Files

ca54629b27833b78e365235fedd54c53
.zip
Sasality.swin/Fatality.dll
.dll windows:6 windows x86 arch:x86

3a2954525d997b4bb48fda16d51d15c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
VirtualProtect
GetModuleHandleA
Sleep
LoadLibraryA
GetProcAddress
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
InitializeSListHead

msvcp140

?_Xlength_error@std@@YAXPBD@Z

vcruntime140

_CxxThrowException
__current_exception_context
__current_exception
__std_type_info_destroy_list
memmove
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
_except_handler4_common
memcpy
memset

api-ms-win-crt-runtime-l1-1-0

_cexit
_initterm
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_configure_narrow_argv
_seh_filter_dll
terminate
_crt_atexit
_initterm_e
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sasality.swin/slot1
Sasality.swin/slot2
Sasality.swin/slot3
Sasality.swin/slot4
Sasality.swin/slot6

Sharing

General

Malware Config

Signatures

Files

3a2954525d997b4bb48fda16d51d15c5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 38KB - Virtual size: 37KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 2.9MB - Virtual size: 2.9MB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 38KB - Virtual size: 37KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 2.9MB - Virtual size: 2.9MB

.reloc
Size: 3KB - Virtual size: 2KB