cb912131a57a7ce8b288c88f09de4549

Sharing

Copy URL

Twitter E-mail

General

Target

cb912131a57a7ce8b288c88f09de4549
Size

498KB
MD5

cb912131a57a7ce8b288c88f09de4549
SHA1

fe6dc647bb54e496a2eed1d72c5bc3dbf4ec5e34
SHA256

9c376d5ff73ffb18679bfa26396ac303159b3539802515b5b596fd194a75d186
SHA512

37b58588c04dac102c746e780e6bb8f83327d67d94db7273062c8ae52b1a1e5bc77e14611e7335851f575b06131b571c54b47c1c3b2562e354bf3d172af0bef9
SSDEEP

12288:xMMnMMMMMKFs7doj144F69MMhWzVNOQMHemqlzkWj9Wnhy:xMMnMMMMMKFs7doj148wMMhWzVXVmAw+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cb912131a57a7ce8b288c88f09de4549

Files

cb912131a57a7ce8b288c88f09de4549
.exe windows:4 windows x86 arch:x86

b0828e767953081eee6391035c5ea9a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

samlib

SamiSetDSRMPassword
SamTestPrivateFunctionsDomain
SamConnectWithCreds
SamRemoveMultipleMembersFromAlias
SamTestPrivateFunctionsUser

mswsock

sethostname

kernel32

GetStdHandle
FreeResource
TlsSetValue
GetCommandLineA
FileTimeToSystemTime
lstrcpyA
FindClose
IsDBCSLeadByte
_lclose
LoadResource
WriteFile
GetStartupInfoA
GetFileType
FindResourceA
SetFileAttributesA
RemoveDirectoryA
EnterCriticalSection
WaitForSingleObject
UnlockFile
GlobalAlloc
GetTempFileNameA
FreeEnvironmentStringsW
GetSystemInfo
HeapCreate
IsBadReadPtr
SetEndOfFile
FreeLibrary
DeleteCriticalSection
LeaveCriticalSection
VirtualProtect
CreateEventA
GetSystemDirectoryA
GetEnvironmentStringsW
FreeEnvironmentStringsA
MultiByteToWideChar
GlobalFree
HeapFree
GetModuleHandleA
ExitProcess
FlushFileBuffers
GetCPInfo
GlobalAddAtomA
CreateProcessA
MulDiv
GetShortPathNameA
GetEnvironmentStrings
FileTimeToLocalFileTime
GetSystemDefaultLCID
GetDateFormatA
WideCharToMultiByte
FlushInstructionCache
GetWindowsDirectoryA
LCMapStringA
MoveFileA
GetLocaleInfoA
_lwrite
SetCurrentDirectoryA
SystemTimeToFileTime
SetStdHandle
ExitThread
_lread
GlobalUnlock
CreateFileA
HeapDestroy
GetStringTypeW
LCMapStringW
GetACP
Sleep
VirtualFree
lstrcmpA
GlobalSize
TerminateProcess
RtlUnwind
GetFileAttributesA
lstrcatA
SetFileTime
GetFullPathNameA
GetVersionExA
LockResource
DuplicateHandle
CreateMailslotA
SetHandleCount
LockFile
lstrlenA
SetEnvironmentVariableA
GetCurrentThreadId
GetLastError
FormatMessageA
GetCurrentProcess
GetStringTypeA
GetTimeZoneInformation
GetTempPathA
LoadLibraryExA
CreateProcessW
GetSystemDefaultLangID
CreateDirectoryA
CreateThread
GlobalHandle
ReleaseSemaphore
CompareStringA
GetDriveTypeA
GetModuleFileNameW
CreateSemaphoreA
lstrcmpiA
GetOEMCP
GetProfileStringA
FindFirstFileA
IsBadCodePtr
InterlockedIncrement
GetModuleFileNameA
VirtualQuery
SetLastError
GetUserDefaultLCID
SetFilePointer
GetSystemTime
GetUserDefaultLangID
GetStringTypeExA
HeapAlloc
DeleteFileA
VirtualAlloc
lstrcmpiW
GetVersion
SetErrorMode
ResetEvent
GlobalDeleteAtom
SearchPathA
LoadLibraryA
SetLocalTime
GetProcAddress
FindNextFileA
ReadFile
GetExitCodeProcess
TlsAlloc
GetFileTime
GetCurrentProcessId
CloseHandle
InterlockedDecrement
WinExec
CompareStringW
GetTickCount
GlobalLock
HeapReAlloc
GetVolumeInformationA
RaiseException
TlsGetValue
lstrcpynA
HeapSize
InitializeCriticalSection
SizeofResource
ResumeThread
GetCurrentDirectoryA
TlsFree
_llseek
UnhandledExceptionFilter
GetLocalTime
SetEvent
FormatMessageW

ddraw

DirectDrawEnumerateA

advapi32

RegEnumValueA
RegCreateKeyW
RegOpenKeyExA
RegEnumKeyW
RegisterEventSourceA
SetSecurityDescriptorDacl
RegOpenKeyW
RegEnumKeyA
ReportEventA
RegCloseKey
RegEnumValueW
RegDeleteKeyW
RegSetValueA
RegQueryValueA
RegQueryValueExA
RegDeleteValueA
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
RegSetValueExA
LookupPrivilegeValueA
InitializeSecurityDescriptor
RegOpenKeyA
AdjustTokenPrivileges
OpenProcessToken
RegDeleteKeyA
RegCreateKeyA
RegQueryInfoKeyA
DeregisterEventSource

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 154KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0828e767953081eee6391035c5ea9a8

Headers

DLL Characteristics

File Characteristics

Imports

samlib

mswsock

kernel32

ddraw

advapi32

Sections

.text Size: 1KB - Virtual size: 1KB

.rsrc Size: 131KB - Virtual size: 130KB

.rdata Size: 205KB - Virtual size: 205KB

.data Size: 154KB - Virtual size: 1.0MB

.idata Size: 5KB - Virtual size: 5KB

.reloc Size: 512B - Virtual size: 72B

.text
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 131KB - Virtual size: 130KB

.rdata
Size: 205KB - Virtual size: 205KB

.data
Size: 154KB - Virtual size: 1.0MB

.idata
Size: 5KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 72B