737f15193ba8f0c6eef5419172e3b07f5847ea953d910c832772590c93542715

Sharing

Copy URL Twitter E-mail

General

Target

737f15193ba8f0c6eef5419172e3b07f5847ea953d910c832772590c93542715
Size

643KB
MD5

3862a1b0a734d4f5c5b5987a4735eee2
SHA1

922746541a92a33ee5fcd5ab1b770c8a3d818381
SHA256

737f15193ba8f0c6eef5419172e3b07f5847ea953d910c832772590c93542715
SHA512

39bae102a3f38db3be74906add0ad1ffa1f875242354a4564f07c9134fc5bd806fc7b8406f7fbb7412e928c36001f0d55deb8147798e73f75e10bbd67fc95553
SSDEEP

12288:Qwf41Ew39qtx+gfAEhSVFlTJNWp5sEPNh5/DsDf41MrJpB7lxQT6n+x/qNb:n41EHx+6S/llop7Nh57sDZrlIe+i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
737f15193ba8f0c6eef5419172e3b07f5847ea953d910c832772590c93542715

Files

737f15193ba8f0c6eef5419172e3b07f5847ea953d910c832772590c93542715
.dll windows:5 windows x86 arch:x86

1ee5ee270fb7e61356c013ad6951fe85

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\WinSnare\bin\wadsm.pdb

Imports

kernel32

GetModuleFileNameW
GetProcAddress
LocalFree
GetProcessWorkingSetSize
SetProcessWorkingSetSize
GetCurrentProcess
GetCurrentThreadId
GetLastError
SetEvent
ResetEvent
ReleaseMutex
WaitForSingleObject
WaitForMultipleObjects
Sleep
GetFileSize
FindClose
CloseHandle
GetLocalTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTickCount
CreateMutexA
CreateEventA
CreateEventW
LoadLibraryA
ExpandEnvironmentStringsA
CreateDirectoryA
FindFirstFileA
WideCharToMultiByte
GetTimeFormatA
GetDateFormatA
HeapAlloc
HeapFree
GetProcessHeap
SetLastError
lstrlenA
GetFileAttributesA
InterlockedDecrement
LocalAlloc
GetModuleHandleA
TerminateProcess
GetStdHandle
GetModuleFileNameA
OutputDebugStringA
GetConsoleMode
DecodePointer
LockResource
HeapDestroy
HeapReAlloc
HeapSize
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadResource
SizeofResource
FindResourceW
FindResourceExW
GetTempPathW
GetTempFileNameW
DeleteFileW
MultiByteToWideChar
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
CreateTimerQueue
DuplicateHandle
GetFileAttributesExW
SetEnvironmentVariableA
SetEndOfFile
CreateProcessA
GetExitCodeProcess
CreateFileW
OutputDebugStringW
GetStringTypeW
LoadLibraryW
WriteConsoleW
SetFilePointerEx
FreeLibrary
LoadLibraryExA
EncodePointer
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
CreateThread
ExitThread
ResumeThread
LoadLibraryExW
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetCurrentThread
ReadFile
ReadConsoleW
FlushFileBuffers
WriteFile
GetConsoleCP
GetFileType
GetStartupInfoW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetTimeZoneInformation
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
CreateSemaphoreW
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringW
LCMapStringW
SetStdHandle

ole32

CoInitialize
CoUninitialize

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString
SafeArrayAccessData
SafeArrayUnaccessData

ws2_32

bind
accept
send
WSACancelBlockingCall
WSAGetLastError
WSACleanup
WSAStartup
gethostname
gethostbyname
socket
sendto
inet_addr
htons
closesocket
listen
recv
select
setsockopt
shutdown
inet_ntoa

netapi32

NetLocalGroupGetMembers
NetUserModalsGet
NetGroupGetUsers
DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation
NetApiBufferFree
NetGetDCName
NetQueryDisplayInformation
NetUserGetInfo
NetLocalGroupEnum

shlwapi

PathFindFileNameW
SHSetValueA
PathFileExistsW

Exports

Exports

ServiceMain

Sections

.text
Size: 294KB - Virtual size: 294KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ee5ee270fb7e61356c013ad6951fe85

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

oleaut32

ws2_32

netapi32

shlwapi

Exports

Exports

Sections

.text Size: 294KB - Virtual size: 294KB

.rdata Size: 120KB - Virtual size: 120KB

.data Size: 10KB - Virtual size: 42KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 294KB - Virtual size: 294KB

.rdata
Size: 120KB - Virtual size: 120KB

.data
Size: 10KB - Virtual size: 42KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 18KB - Virtual size: 17KB