sniffcraft-windows-1[.]21[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

sniffcraft-windows-1.21.exe
Size

4.5MB
MD5

83d5c8716bb66f99a6623edeeba1b4ec
SHA1

f1ed2fbbce22f7a9dca346a85aee342856df6896
SHA256

b7c63e530c96f636076d5483d296e68104024b606ab82d3ab5f42f2f266395d0
SHA512

a80937eeea1c07296139f3806491db1949f1c1b88465a5979daf8179bdeef8af5b9773524cbfedca0e519f9d70e4c79135aa04e934e6b99aa4f5e87f93fe40a5
SSDEEP

49152:/fsB6Rwd/4O9Vgtvfabl/4+5GMNZxMV7emR7Qz3c89wx5zmh8dsFG0SG5EsxTwrf:/+66dpVaFWMtmh8KG1GOnk0PlJn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
sniffcraft-windows-1.21.exe

Files

sniffcraft-windows-1.21.exe
.exe windows:6 windows x64 arch:x64

b83495e0e07c9ac47c3f33e9a66b10e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LocalFree
FormatMessageA
VerifyVersionInfoA
CreateWaitableTimerA
MultiByteToWideChar
GetSystemTime
SystemTimeToFileTime
GetCurrentThreadId
SwitchToFiber
DeleteFiber
CreateFiber
FindClose
FindFirstFileA
FindNextFileA
GetModuleHandleExA
GetStdHandle
GetFileType
WriteFile
GetModuleHandleA
GetProcAddress
ConvertFiberToThread
ConvertThreadToFiber
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeLibrary
LoadLibraryA
GetEnvironmentVariableW
WideCharToMultiByte
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
QueryPerformanceFrequency
InitializeCriticalSection
GetModuleHandleExW
FormatMessageW
Sleep
GetStartupInfoW
GetModuleHandleW
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
SetThreadExecutionState
SetEndOfFile
WriteConsoleW
HeapSize
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
GetTimeZoneInformation
DeleteFileW
SetStdHandle
SetFilePointerEx
GetFileSizeEx
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapFree
HeapAlloc
GetCommandLineW
GetCommandLineA
GetModuleFileNameW
ExitProcess
ReadFile
TlsSetValue
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
SetConsoleCtrlHandler
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
RtlUnwindEx
RaiseException
RtlPcToFileHeader
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetStringTypeW
LCMapStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
AcquireSRWLockShared
ReleaseSRWLockShared
TlsGetValue
TlsAlloc
TerminateThread
QueueUserAPC
WaitForMultipleObjects
SetWaitableTimer
CreateEventW
SleepEx
WaitForSingleObject
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetFileInformationByHandleEx
RtlUnwind
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
SetLastError
AreFileApisANSI
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
CreateFileW
GetCurrentDirectoryW
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetExitCodeThread
SwitchToThread
WaitForSingleObjectEx
GetLocaleInfoEx
TlsFree
GetLastError
CloseHandle
FileTimeToSystemTime
VerSetConditionMask

user32

DispatchMessageW
PeekMessageW
RegisterDeviceNotificationW
UnregisterDeviceNotification
DefWindowProcW
UnregisterClassW
RegisterClassExW
CreateWindowExW
DestroyWindow
ShowWindow
ToUnicode
MessageBoxA
DestroyIcon
GetDC
ReleaseDC
ChangeDisplaySettingsExW
EnumDisplaySettingsW
EnumDisplaySettingsExW
EnumDisplayDevicesW
GetMonitorInfoW
EnumDisplayMonitors
TrackMouseEvent
GetMessageTime
SendMessageW
PostMessageW
WaitMessage
GetLayeredWindowAttributes
SetLayeredWindowAttributes
TranslateMessage
GetUserObjectInformationW
GetProcessWindowStation
MapVirtualKeyW
FlashWindow
SetWindowLongPtrW
GetWindowLongPtrW
CallWindowProcW
GetMessageExtraInfo
GetRawInputDeviceList
GetRawInputDeviceInfoA
RegisterRawInputDevices
GetRawInputData
MonitorFromWindow
SystemParametersInfoW
CreateIconIndirect
LoadImageW
LoadCursorW
GetClassLongPtrW
SetWindowLongW
GetWindowLongW
PtInRect
OffsetRect
SetRect
ClipCursor
WindowFromPoint
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
AdjustWindowRectEx
GetWindowRect
GetClientRect
SetWindowTextW
RemovePropW
GetPropW
SetPropW
SetForegroundWindow
GetSystemMetrics
MsgWaitForMultipleObjects
ReleaseCapture
SetCapture
GetKeyState
GetActiveWindow
SetFocus
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
IsZoomed
BringWindowToTop
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow

gdi32

GetDeviceCaps
DeleteDC
DescribePixelFormat
GetDeviceGammaRamp
SwapBuffers
SetPixelFormat
CreateDCW
ChoosePixelFormat
CreateDIBSection
DeleteObject
CreateRectRgn
CreateBitmap
SetDeviceGammaRamp

shell32

DragFinish
DragQueryPoint
DragAcceptFiles
DragQueryFileW

advapi32

RegisterEventSourceA
ReportEventA
DeregisterEventSource

ws2_32

closesocket
connect
ioctlsocket
getsockopt
select
setsockopt
WSAStartup
WSACleanup
WSASetLastError
WSAGetLastError
WSASend
WSASocketW
getaddrinfo
freeaddrinfo
WSARecv
bind
htonl
htons
listen
ntohl
WSARecvFrom
WSASendTo
WSAStringToAddressW
recv
send

mswsock

GetAcceptExSockaddrs
AcceptEx

bcrypt

BCryptGenRandom

imm32

ImmSetCompositionWindow
ImmGetContext
ImmSetCandidateWindow
ImmReleaseContext

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 152KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b83495e0e07c9ac47c3f33e9a66b10e9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

ws2_32

mswsock

bcrypt

imm32

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 152KB - Virtual size: 191KB

.pdata Size: 143KB - Virtual size: 142KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 44KB - Virtual size: 44KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 152KB - Virtual size: 191KB

.pdata
Size: 143KB - Virtual size: 142KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 44KB - Virtual size: 44KB