af7dc7d5786c035a7e8041fd89c12f5820c174120ccb388e6ed6e54e15d1f356

Sharing

Copy URL Twitter E-mail

General

Target

af7dc7d5786c035a7e8041fd89c12f5820c174120ccb388e6ed6e54e15d1f356
Size

109KB
MD5

1005abdebb7bdd9e6b507a92319a1c83
SHA1

831deeafc6de9c8181970a82e90070724482d0c5
SHA256

af7dc7d5786c035a7e8041fd89c12f5820c174120ccb388e6ed6e54e15d1f356
SHA512

259e785d068324fac6ee25994cd9c9a9ce49e25a2bcd2e605da8a094e45b4e7fd7195b2f9a22db2971fb2c309a5b3587b8e92ba60f0cec59575ccaff7a6e405d
SSDEEP

768:YGdRbKfBfFD+G4xXbIsYi/nDT63hRdXMWRvCPNCw:YgdKJf5+vXbIsfvCxvcWRvCPNCw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af7dc7d5786c035a7e8041fd89c12f5820c174120ccb388e6ed6e54e15d1f356

Files

af7dc7d5786c035a7e8041fd89c12f5820c174120ccb388e6ed6e54e15d1f356
.dll windows:6 windows x64 arch:x64

fa9b9fd40864d948d61a09b1dec80636

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

samlib.pdb

Imports

msvcrt

_wcsicmp
__C_specific_handler
_initterm
free
_amsg_exit
_XcptFilter
fclose
_wfopen
fflush
fwprintf
wcsncmp
memcpy
wcspbrk
memmove
malloc
_wcsnicmp
memset

ntdll

RtlValidSid
RtlLengthSid
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlAllocateAndInitializeSid
RtlGetNtProductType
RtlUnicodeStringToInteger
RtlLeaveCriticalSection
RtlNtStatusToDosError
RtlFreeHeap
RtlEnterCriticalSection
RtlInitializeCriticalSection
RtlDeleteCriticalSection
RtlUpcaseUnicodeStringToOemString
RtlEqualComputerName
RtlMakeSelfRelativeSD
RtlSubAuthorityCountSid
NtSetInformationThread
RtlEqualUnicodeString
NtOpenThreadToken
RtlCopySid
RtlInitUnicodeString
RtlLengthRequiredSid
RtlSubAuthoritySid

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegDeleteKeyExA
RegQueryInfoKeyA
RegCreateKeyExA
RegQueryValueExW
RegSetValueExA
RegOpenKeyExA
RegOpenKeyExW

api-ms-win-core-errorhandling-l1-1-1

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-sysinfo-l1-2-1

GetLocalTime
GetTickCount
GetSystemTimeAsFileTime
GetComputerNameExW
GetWindowsDirectoryW

api-ms-win-core-string-l1-1-0

GetStringTypeW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-2

TlsSetValue
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsAlloc
GetCurrentProcessId
TlsGetValue
TlsFree

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
LocalAlloc

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

Exports

Exports

OnMachineUILanguageInit
SamAddMemberToAlias
SamAddMemberToGroup
SamAddMultipleMembersToAlias
SamChangePasswordUser
SamChangePasswordUser2
SamCloseHandle
SamConnect
SamConnectWithCreds
SamCreateAliasInDomain
SamCreateGroupInDomain
SamCreateUser2InDomain
SamCreateUserInDomain
SamDeleteAlias
SamDeleteGroup
SamDeleteUser
SamEnumerateAliasesInDomain
SamEnumerateDomainsInSamServer
SamEnumerateGroupsInDomain
SamEnumerateUsersInDomain
SamEnumerateUsersInDomain2
SamFreeMemory
SamGetAliasMembership
SamGetCompatibilityMode
SamGetDisplayEnumerationIndex
SamGetGroupsForUser
SamGetMembersInAlias
SamGetMembersInGroup
SamLookupDomainInSamServer
SamLookupIdsInDomain
SamLookupNamesInDomain
SamLookupNamesInDomain2
SamOpenAlias
SamOpenDomain
SamOpenGroup
SamOpenUser
SamPerformGenericOperation
SamQueryDisplayInformation
SamQueryInformationAlias
SamQueryInformationDomain
SamQueryInformationGroup
SamQueryInformationUser
SamQueryLocalizableAccountsInDomain
SamQuerySecurityObject
SamRegisterObjectChangeNotification
SamRemoveMemberFromAlias
SamRemoveMemberFromForeignDomain
SamRemoveMemberFromGroup
SamRemoveMultipleMembersFromAlias
SamRidToSid
SamSetInformationAlias
SamSetInformationDomain
SamSetInformationGroup
SamSetInformationUser
SamSetMemberAttributesOfGroup
SamSetSecurityObject
SamShutdownSamServer
SamTestPrivateFunctionsDomain
SamTestPrivateFunctionsUser
SamUnregisterObjectChangeNotification
SamValidatePassword
SamiChangeKeys
SamiChangePasswordUser
SamiChangePasswordUser2
SamiEncryptPasswords
SamiLmChangePasswordUser
SamiSetBootKeyInformation
SamiSetDSRMPassword
SamiSetDSRMPasswordOWF
SamiSyncDSRMPasswordFromAccount

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fa9b9fd40864d948d61a09b1dec80636

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-registry-l1-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-string-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 95KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 3KB - Virtual size: 3KB

.idata Size: 4KB - Virtual size: 3KB

.didat Size: 512B - Virtual size: 280B

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 96KB - Virtual size: 95KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 3KB - Virtual size: 3KB

.idata
Size: 4KB - Virtual size: 3KB

.didat
Size: 512B - Virtual size: 280B

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 2KB - Virtual size: 2KB