57ab704203849ad443945971dea28a91ce28e37fbef35d9f600bbe9b29c6bce0

Sharing

Copy URL

Twitter E-mail

General

Target

57ab704203849ad443945971dea28a91ce28e37fbef35d9f600bbe9b29c6bce0
Size

392KB
MD5

c8b1323d25f830e843d3016523d9e339
SHA1

0e1adba87f601360722c5a9ca2166ec274d1bf6f
SHA256

57ab704203849ad443945971dea28a91ce28e37fbef35d9f600bbe9b29c6bce0
SHA512

24bfbcd7a94dca2e11f41eafaf5f9279070388d16ddb83a81c5a3a2c0662e5ae6c4451dd656642b14dff9eafc006d783312fe833a88f1fe88e4bf6a217925c27
SSDEEP

12288:1Cce1t4O1NOtOPGfqfo5s6tUk/H+d5zmqU9wST:1Cl1tbMner696a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
57ab704203849ad443945971dea28a91ce28e37fbef35d9f600bbe9b29c6bce0

Files

57ab704203849ad443945971dea28a91ce28e37fbef35d9f600bbe9b29c6bce0
.dll windows:4 windows x86 arch:x86

9668480708dbc63b63913082d88aedcb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Drive1\temp\buildwar3x\Storm\bin\Storm.pdb

Imports

msvcr80

?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
memset
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
ferror
_strlwr
_snprintf
strchr
isdigit
vsprintf
fopen
fclose
fseek
ftell
_fileno
_fstat64i32
fread
memmove
_fullpath
toupper
_vsnprintf
strpbrk
wcstombs
setlocale
_stat64i32
_strupr
_purecall
strncmp
_strnicmp
strstr
strtol
strtoul
_stricmp
memcpy
__CxxFrameHandler3
qsort
strncpy
strrchr
sprintf
isprint
__clean_type_info_names_internal
calloc

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

UnhandledExceptionFilter
ResumeThread
GetThreadPriority
VirtualLock
VirtualUnlock
CreateProcessA
GetSystemTime
SystemTimeToFileTime
VirtualFree
VirtualAlloc
FlushFileBuffers
WaitForMultipleObjects
QueryPerformanceCounter
GetSystemTimeAsFileTime
IsDebuggerPresent
DeleteCriticalSection
LeaveCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryA
EnterCriticalSection
InitializeCriticalSection
IsBadReadPtr
GetModuleFileNameA
GetComputerNameA
GetLastError
GetCurrentProcess
GetModuleHandleA
VirtualQuery
lstrcpynA
GetCurrentThread
IsBadWritePtr
InterlockedDecrement
GetLocalTime
InterlockedIncrement
GetCurrentProcessId
CloseHandle
WaitForSingleObject
CreateThread
GetCurrentThreadId
WriteFile
CreateFileA
ReadFile
GetFileSize
GetCommandLineA
FindNextFileA
FindFirstFileA
FindClose
LockResource
LoadResource
FindResourceA
GetTickCount
MulDiv
FreeResource
SizeofResource
HeapAlloc
GetProcessHeap
GetFileAttributesA
CreateDirectoryA
FormatMessageA
ExitProcess
SetLastError
DeleteFileA
HeapFree
TerminateProcess
GetExitCodeProcess
GetVersion
SetFilePointer
OutputDebugStringA
SetUnhandledExceptionFilter
GetDiskFreeSpaceA
GetVolumeInformationA
GetDriveTypeA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SetEvent
SetThreadPriority
CreateEventA
InterlockedExchange
InterlockedCompareExchange
GetSystemInfo
Sleep
ResetEvent

user32

GetWindowTextLengthA
DrawEdge
BeginPaint
GetUpdateRgn
GetDlgCtrlID
DefDlgProcA
SetActiveWindow
GetActiveWindow
EnableWindow
IsWindowEnabled
SetCursor
LoadCursorA
GetClassInfoA
RegisterClassA
PostMessageA
GetDlgItem
DispatchMessageA
TranslateMessage
IsDialogMessageA
PostQuitMessage
PeekMessageA
CreateWindowExA
ShowWindow
AdjustWindowRectEx
DestroyWindow
GetSystemMetrics
DestroyCursor
GetForegroundWindow
MessageBoxA
LoadIconA
CreateCursor
GetMessageA
GetDlgItemTextA
SetDlgItemTextA
SendDlgItemMessageA
DrawTextA
DrawFocusRect
SetWindowLongA
GetFocus
SetFocus
RemovePropA
CallWindowProcA
DefWindowProcA
GetPropA
IsIconic
GetClientRect
ClientToScreen
GetParent
GetClassLongA
SetClassLongA
FindWindowExA
EndPaint
SetPropA
EndDialog
SendMessageA
IsWindow
GetClassNameA
IsWindowVisible
GetWindowLongA
ShowCursor
GetDC
ReleaseDC
GetCursorPos
GetDesktopWindow
GetWindowThreadProcessId
wsprintfA
LoadStringA
GetWindowRect
IntersectRect
ScreenToClient
InvalidateRect
GetTopWindow
GetWindow
GetWindowTextA

gdi32

SetBkColor
SetBkMode
SetTextColor
SetTextAlign
GetCurrentObject
GetCharABCWidthsA
CreateFontA
GetDeviceCaps
RealizePalette
SelectPalette
SetPaletteEntries
CreatePalette
GetSystemPaletteEntries
GetDIBits
ExtTextOutA
Rectangle
CreateDIBitmap
GetStockObject
RectInRegion
CreateRectRgn
CombineRgn
DeleteObject
GetRegionData
GdiFlush
CreateCompatibleDC
GetTextMetricsA
GetTextExtentPoint32A
SelectObject
DeleteDC

comdlg32

GetSaveFileNameA

advapi32

RegCloseKey
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegFlushKey
RegQueryValueExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
GetUserNameA

Exports

Exports

??0CDebugSCritSect@@QAE@XZ
??0CDebugSRWLock@@QAE@XZ
??0CSRWLock@@QAE@XZ
??0SCritSect@@QAE@XZ
??0SEvent@@QAE@HH@Z
??0SSyncObject@@QAE@XZ
??1CDebugSCritSect@@QAE@XZ
??1CDebugSRWLock@@QAE@XZ
??1CSRWLock@@QAE@XZ
??1SCritSect@@QAE@XZ
??1SSyncObject@@QAE@XZ
?Close@SFile@@SGKPAV1@@Z
?Create@SThread@@SIHP6GIPAX@Z0AAV1@PAD@Z
?CreateOverlapped@SFile@@SGXPAUSOVERLAPPED@@@Z
?DestroyOverlapped@SFile@@SGXPAUSOVERLAPPED@@@Z
?EnableHash@SFile@@SGX_N@Z
?Enter@CDebugSCritSect@@QAEXPBDK@Z
?Enter@CDebugSRWLock@@QAEXHPBDK@Z
?Enter@CSRWLock@@QAEXH@Z
?Enter@SCritSect@@QAEXXZ
?FileExists@SFile@@SGHPBD@Z
?GetActualFileName@SFile@@SGHPAV1@PADK@Z
?GetBasePath@SFile@@SGHPADK@Z
?GetFileSize@SFile@@SGKPAV1@PAK@Z
?Leave@CDebugSCritSect@@QAEXPBDK@Z
?Leave@CDebugSRWLock@@QAEXHPBDK@Z
?Leave@CSRWLock@@QAEXH@Z
?Leave@SCritSect@@QAEXXZ
?Load@SFile@@SGKPAVSArchive@@PBDPAPAXPAKKKPAUSOVERLAPPED@@@Z
?LoadFile@SFile@@SGKPBDPAPAXPAKKPAUSOVERLAPPED@@@Z
?Open@SFile@@SGKPBDPAPAV1@@Z
?PollOverlapped@SFile@@SGHPAUSOVERLAPPED@@@Z
?Read@SFile@@SGKPAV1@PAXKPAKPAUSOVERLAPPED@@PAU_TASYNCPARAMBLOCK@@@Z
?Reset@SEvent@@QAEHXZ
?ResetOverlapped@SFile@@SGXPAUSOVERLAPPED@@@Z
?SCreateThread@@YIPAXP6GIPAX@Z0PAI0PAD@Z
?SGetCurrentThreadId@@YIKXZ
?SGetCurrentThreadPriority@@YIHXZ
?SInterlockedCompareExchange@@YI_JPA_JAB_J1@Z
?SInterlockedCompareExchangePointer@@YIPAXPAPAXPAX1@Z
?SInterlockedDecrement@@YIJPAJ@Z
?SInterlockedExchange@@YIJPAJJ@Z
?SInterlockedExchange@@YI_JPA_JAB_J@Z
?SInterlockedIncrement@@YIJPAJ@Z
?SInterlockedRead@@YI_JPB_J@Z
?SSetCurrentThreadPriority@@YIXH@Z
?Set@SEvent@@QAEHXZ
?SetBasePath@SFile@@SGHPBD@Z
?SetFilePointer@SFile@@SGKPAV1@JPAJK@Z
?Unload@SFile@@SGHPAX@Z
?Wait@SSyncObject@@QAEKK@Z
?WaitMultiplePtr@@YIKIQAPAVSSyncObject@@HK@Z
?WaitOverlapped@SFile@@SGXPAUSOVERLAPPED@@@Z

Sections

.text
Size: 256KB - Virtual size: 254KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9668480708dbc63b63913082d88aedcb

Headers

File Characteristics

PDB Paths

Imports

msvcr80

version

kernel32

user32

gdi32

comdlg32

advapi32

Exports

Exports

Sections

.text Size: 256KB - Virtual size: 254KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 12KB - Virtual size: 64KB

.rsrc Size: 12KB - Virtual size: 9KB

.reloc Size: 16KB - Virtual size: 14KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 256KB - Virtual size: 254KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 12KB - Virtual size: 64KB

.rsrc
Size: 12KB - Virtual size: 9KB

.reloc
Size: 16KB - Virtual size: 14KB

.rmnet
Size: 60KB - Virtual size: 60KB