SaDisticBlooD[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SaDisticBlooD.exe
Size

1.7MB
MD5

7191c0c0824b53d6dfe36048dcfa8f85
SHA1

9380448b21fba8803539cd5299945a03d12a89a5
SHA256

483ac94cfcb943126cd85012948c097535303843411fffd2975a7ef5df51d278
SHA512

e19e5d3cca41e07a23dcc0935033820c34f01077f52728811966ab9f0b4b5a4f3dcb0cfd78ce580b6aabfe1d468525d185add206d72ec02f5d5fb6f52b4ca53b
SSDEEP

49152:I+xD1BhvDCEJ4vOkpOHYlN1XvgQ3wN9osdVCzyHncZ1rTQSc:DSMMOkpO4lNxvgssdVOyHyT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SaDisticBlooD.exe

Files

SaDisticBlooD.exe
.exe windows:5 windows x86 arch:x86

babf9c5b3963cbdd6c331d6e7813aad3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

ShowWindow
DestroyIcon
RegisterClassA
CreateWindowExA
TranslateMessage
PeekMessageA
PostQuitMessage
GetDesktopWindow
UpdateWindow
GetSystemMenu
AdjustWindowRectEx
GetDC
SetWindowPos
DispatchMessageA
LoadImageA
GetMessageA
PostMessageA
FillRect
ScreenToClient
ClientToScreen
GetActiveWindow
SetMenuItemInfoA
GetWindowInfo
SetWindowLongA
ChangeDisplaySettingsA
GetWindowLongA
MessageBoxA
EnumDisplaySettingsA
MoveWindow
DefWindowProcA
IntersectRect
SetFocus
GetUpdateRect
DrawMenuBar
UnionRect
EqualRect
GetClientRect
GetWindowRect
RegisterWindowMessageA
SetCursor
IsZoomed
SetRect
SetForegroundWindow
ReleaseDC
GetCursorPos
BeginPaint
SetCursorPos
GetAsyncKeyState
GetSystemMetrics
wsprintfA
EndPaint
LoadIconA

kernel32

ReleaseMutex
GetLastError
CreateDirectoryA
lstrcatA
RtlUnwind
RaiseException
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
CreateThread
ExitThread
FreeLibraryAndExitThread
HeapFree
HeapAlloc
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
OutputDebugStringA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateEventA
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
GetConsoleCP
GetConsoleMode
ReadFile
ReadConsoleW
FlushFileBuffers
CreateFileW
HeapSize
HeapReAlloc
SetFilePointerEx
WriteConsoleW
SetEndOfFile
DecodePointer
SetCurrentDirectoryA
GetSystemTime
GetCurrentDirectoryA
GetModuleFileNameA
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
IsBadReadPtr
InterlockedIncrement
lstrcpynA
InterlockedDecrement
IsBadWritePtr
GetFileSize
CreateFileA
WaitForMultipleObjects
CopyFileA
GetVersion
FindFirstFileA
GetVersionExA
lstrlenA
SetFileAttributesA
GetFileAttributesA
CreateMutexA
GetLocalTime
ResetEvent
CloseHandle
SetEvent
Sleep
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
WaitForSingleObject
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCommandLineA

gdi32

DeleteObject
CreateSolidBrush
GetDeviceCaps
SetBkColor
DeleteDC
CreateCompatibleDC
CreateDIBSection
SelectObject
CreateFontA
GetBkMode
TextOutA
SetBkMode
SetTextColor

ole32

CoCreateInstance
CoUninitialize
CoInitialize

winmm

mixerGetNumDevs
mixerSetControlDetails
mixerGetDevCapsA
mixerGetControlDetailsA
mixerGetLineControlsA
mixerGetLineInfoA
mixerOpen
mixerClose
timeGetTime
timeBeginPeriod
timeEndPeriod
timeGetDevCaps

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetOpenStatus
ImmSetOpenStatus
ImmDisableIME
ImmGetCompositionWindow
ImmGetContext

rpcrt4

UuidCreateSequential
UuidCreate

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

oleaut32

SysFreeString

ddraw

DirectDrawCreateEx

dsound

ord11

d2d1

ord1

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 258KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

babf9c5b3963cbdd6c331d6e7813aad3

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

gdi32

ole32

winmm

imm32

rpcrt4

shell32

oleaut32

ddraw

dsound

d2d1

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 258KB - Virtual size: 258KB

.data Size: 37KB - Virtual size: 138KB

_RDATA Size: 1KB - Virtual size: 1KB

.rsrc Size: 101KB - Virtual size: 100KB

.reloc Size: 49KB - Virtual size: 49KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 258KB - Virtual size: 258KB

.data
Size: 37KB - Virtual size: 138KB

_RDATA
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 101KB - Virtual size: 100KB

.reloc
Size: 49KB - Virtual size: 49KB