d7a65574461992dc39f92063814bf29d

Sharing

Copy URL Twitter E-mail

General

Target

d7a65574461992dc39f92063814bf29d
Size

501KB
MD5

d7a65574461992dc39f92063814bf29d
SHA1

cfd123726fd70d08a391e364c3cf088908fe725f
SHA256

c68337ccd397636a38a01d5687c98883558766ad0a6cd31c608397a01dbbc454
SHA512

14ef88283ba80fdce87acb0d48786d2c9ce3146b2c24abdedbeb24ff80cf82007b143a2d7813f15b25f70b4aeee99dfbe09565ad20b06d00dc5bf2b8fb006f67
SSDEEP

12288:sfIoZRNpoWBVNLoXT3QmTmliJSHGV+Ed6QYMMnMMMMMFbIrV1:sbToUWT3QmThSmuQYMMnMMMMMFbIr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d7a65574461992dc39f92063814bf29d

Files

d7a65574461992dc39f92063814bf29d
.exe windows:4 windows x86 arch:x86

49d6881d9c99009a41c8fb5d687b5f94

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyW
RegSetValueExW
RegSetValueExA
OpenProcessToken
RegisterEventSourceA
RegQueryValueExA
RegDeleteValueA
RegQueryValueExW
RegEnumValueW
RegOpenKeyA
RegSetValueA
InitializeSecurityDescriptor
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyW
RegDeleteKeyA
LookupPrivilegeValueA
RegQueryValueA
RegCloseKey
ReportEventA
DeregisterEventSource
RegCreateKeyA
RegQueryInfoKeyA
RegOpenKeyW
RegEnumKeyW
RegDeleteValueW
RegEnumKeyA
SetSecurityDescriptorDacl
AdjustTokenPrivileges

ws2_32

setsockopt
WSAConnect

user32

GetSystemMetrics
IsWindowEnabled
BringWindowToTop
FrameRect
SetCursor
DestroyWindow
GetClientRect
BeginPaint
VkKeyScanA
SetDlgItemTextA
GetMenuStringA
GetWindowRect
PeekMessageA
IsRectEmpty
DrawMenuBar
SetScrollInfo
GetWindowTextLengthA
CreateDialogParamA
AdjustWindowRect
WindowFromPoint
RemoveMenu
MsgWaitForMultipleObjects
DefWindowProcA
ShowScrollBar
GetScrollInfo
AttachThreadInput
GetDoubleClickTime
SetClipboardData
CreateWindowExA
KillTimer
MessageBoxA
GetClassInfoExA
DdeClientTransaction
IsZoomed
ToAscii

ddraw

DirectDrawEnumerateA

samlib

SamConnectWithCreds
SamRemoveMultipleMembersFromAlias

kernel32

GetSystemDefaultLCID
IsDBCSLeadByte
GetLocalTime
FileTimeToSystemTime
IsBadCodePtr
TlsAlloc
CloseHandle
SetErrorMode
GetStringTypeExA
GetUserDefaultLangID
VirtualProtect
lstrcpynA
UnlockFile
LeaveCriticalSection
LCMapStringA
GetCPInfo
RemoveDirectoryA
GetVersion
ResumeThread
SetEndOfFile
RtlUnwind
TlsSetValue
FreeEnvironmentStringsA
GetCurrentDirectoryA
SetFilePointer
FileTimeToLocalFileTime
FlushFileBuffers
GetVersionExA
ReleaseSemaphore
FreeLibrary
CreateSemaphoreA
FormatMessageW
GetACP
WriteFile
GlobalAddAtomA
InterlockedDecrement
FindResourceA
FlushInstructionCache
GetSystemTime
SetEnvironmentVariableA
EnterCriticalSection
IsBadReadPtr
GlobalDeleteAtom
GetFileAttributesA
SetFileAttributesA
WinExec
lstrlenA
GlobalUnlock
SetLocalTime
GlobalAlloc
SizeofResource
LockFile
GetSystemInfo
SearchPathA
GetTempFileNameA
TlsGetValue
SetCurrentDirectoryA
HeapFree
GlobalSize
GetStringTypeW
GetCurrentProcessId
LoadLibraryA
VirtualFree
ExitProcess
FindClose
GlobalLock
SetLastError
GetProfileStringA
FormatMessageA
GetSystemDirectoryA
lstrcpyA
GetOEMCP
TerminateProcess
GetSystemDefaultLangID
GetWindowsDirectoryA
GetLocaleInfoA
SetEvent
MoveFileA
GetModuleHandleA
GlobalFree
GetProcAddress
GetCurrentProcess
GetStartupInfoA
FindNextFileA
GetCurrentThreadId
Sleep
GetEnvironmentStringsW
ResetEvent
LCMapStringW
DuplicateHandle
ExitThread
HeapDestroy
GetTempPathA
MultiByteToWideChar
CreateFileA
GetShortPathNameA
GetCommandLineA
_lwrite
GlobalHandle
GetTickCount
SetFileTime
lstrcmpiW
GetExitCodeProcess
TlsFree
WaitForSingleObject
HeapAlloc
RaiseException
FindFirstFileA
_lread
GetModuleFileNameA
DeleteFileA
MulDiv
FreeResource
CompareStringA
_lclose
GetStringTypeA
GetVolumeInformationA
ReadFile
HeapCreate
GetDriveTypeA
CreateDirectoryA
WideCharToMultiByte
lstrcmpA
DeleteCriticalSection
OpenProcess
CreateProcessA
InterlockedIncrement
UnhandledExceptionFilter
GetLastError
GlobalReAlloc
SetStdHandle
GetFullPathNameA
InitializeCriticalSection
GetFileTime
lstrcmpiA
CreateEventA
SetHandleCount
GetUserDefaultLCID
CreateProcessW
LoadResource
VirtualAlloc
HeapSize
GetStdHandle
GetModuleFileNameW
GetDateFormatA
HeapReAlloc
VirtualQuery
GetEnvironmentStrings
CreateThread
FreeEnvironmentStringsW
LoadLibraryExA
GetFileType
_llseek
GetTimeZoneInformation
lstrcatA
LockResource
CompareStringW

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 155KB - Virtual size: 1024KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49d6881d9c99009a41c8fb5d687b5f94

Headers

File Characteristics

Imports

advapi32

ws2_32

user32

ddraw

samlib

kernel32

Sections

.text Size: 1KB - Virtual size: 1KB

.idata Size: 6KB - Virtual size: 5KB

.rdata Size: 206KB - Virtual size: 206KB

.data Size: 155KB - Virtual size: 1024KB

.rsrc Size: 131KB - Virtual size: 131KB

.text
Size: 1KB - Virtual size: 1KB

.idata
Size: 6KB - Virtual size: 5KB

.rdata
Size: 206KB - Virtual size: 206KB

.data
Size: 155KB - Virtual size: 1024KB

.rsrc
Size: 131KB - Virtual size: 131KB