c5ea72eef0844b7ebbc0610eacf086689671f8e18a400663c0150d46d6ad45a6

Sharing

Copy URL Twitter E-mail

General

Target

c5ea72eef0844b7ebbc0610eacf086689671f8e18a400663c0150d46d6ad45a6
Size

4.1MB
MD5

435bbe0d5207a97795621fe46bee8482
SHA1

79d8c1790ad94a44d9c269d3639f9299373ca186
SHA256

c5ea72eef0844b7ebbc0610eacf086689671f8e18a400663c0150d46d6ad45a6
SHA512

7746cffc647825214c39a3a585b4533d9e35ca06a00d10e5dd7bc05d98ac21a9f1de8619d5ff4760b15f3c579e4683242aba9e65fd6ba2d5415e5b6807f72065
SSDEEP

98304:T5rYP3WtHSNYCsu+ljAXsJojDDDpb48t+t3ViAhQBUnnsFnRc9mKaCt+E:tMP3WtHSNYCsu+ljAXsJojDDDpbEt3c4

Score

N/A

Malware Config

Signatures

Files

c5ea72eef0844b7ebbc0610eacf086689671f8e18a400663c0150d46d6ad45a6
.exe windows x86

d23f2d76a31e5b805bfdf4fe930fc1f5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueA
RegDeleteKeyA
CryptGetHashParam
CryptDeriveKey
CryptDecrypt
CryptImportKey
CryptCreateHash
CryptHashData
CryptVerifySignatureA
CryptDestroyHash
CryptDestroyKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameA
RegDeleteValueA
CryptReleaseContext
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CryptAcquireContextA

dinput8

DirectInput8Create

dsound

DirectSoundCreate
DirectSoundEnumerateA

gdi32

GetTextExtentPointA
SelectObject
SetBkColor
SetPixelFormat
ChoosePixelFormat
CreateFontA
GetTextExtentPoint32A
SwapBuffers
SetTextAlign
GetTextExtentExPointA
CreateFontIndirectA
CreateCompatibleDC
BitBlt
TextOutA
SetTextColor
CreateDIBSection
SetBkMode
DeleteDC
DeleteObject
GetStockObject

glu32

gluOrtho2D
gluPerspective

imm32

ImmGetDefaultIMEWnd
ImmReleaseContext
ImmGetCompositionStringA
ImmGetCompositionWindow
ImmSetCompositionWindow
ImmGetProperty
ImmSetOpenStatus
ImmGetConversionStatus
ImmSetConversionStatus
ImmGetContext
ImmGetDescriptionA
ImmGetIMEFileNameA
ImmNotifyIME
ImmGetOpenStatus

kernel32

CreateThread
OpenMutexA
EnterCriticalSection
LeaveCriticalSection
lstrcatA
OpenEventA
TerminateThread
CreateMutexA
ReleaseMutex
WaitForSingleObject
GetComputerNameA
lstrcmpA
ExitProcess
VirtualAlloc
VirtualFree
VirtualProtect
LoadLibraryExA
GetTempFileNameA
GetTempPathA
HeapFree
GetCurrentThreadId
GetTickCount
Sleep
lstrlenA
CloseHandle
WriteFile
SetFilePointer
CreateFileA
DeleteFileA
ReadFile
GetLocalTime
GetSystemDirectoryA
lstrcmpiA
GetVersionExA
QueryPerformanceCounter
SetProcessAffinityMask
SetThreadPriority
SetPriorityClass
GetProcessAffinityMask
GetThreadPriority
GetPriorityClass
GetCurrentThread
GetCurrentProcess
GetProcessHeap
OutputDebugStringA
FreeLibrary
GetProcAddress
LoadLibraryA
GlobalMemoryStatus
GlobalUnlock
GlobalLock
GetCommandLineA
GetFileSize
GetLastError
GetPrivateProfileStringA
GetCurrentDirectoryA
CopyFileA
SetFileAttributesA
Process32Next
TerminateProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
WinExec
FindClose
FindFirstFileA
GetModuleFileNameA
IsBadReadPtr
GetModuleHandleA
GetNumberFormatA
CreateEventA
CreateProcessA
WaitForMultipleObjects
GetExitCodeProcess
ResetEvent
ResumeThread
SetEndOfFile
DeleteCriticalSection
InitializeCriticalSection
SetEvent
WideCharToMultiByte
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
FindNextFileA
RemoveDirectoryA
GetFileAttributesA
CreateDirectoryA
GetThreadContext
lstrcpynA
GetCurrentProcessId
Module32First
Module32Next
SetUnhandledExceptionFilter
GetOEMCP
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetHandleCount
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
GetACP
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetEnvironmentVariableA
SetConsoleCtrlHandler
GetLocaleInfoW
HeapAlloc
GetFileInformationByHandle
DuplicateHandle
SetStdHandle
CreatePipe
GetStdHandle
PeekNamedPipe
FlushFileBuffers
lstrcpyA
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
RtlUnwind
GetTimeZoneInformation
GetSystemTime
RaiseException
GetStartupInfoA
GetVersion
GetSystemTimeAsFileTime
HeapReAlloc
FatalAppExitA
LCMapStringA
LCMapStringW
GetCPInfo
CompareStringA
CompareStringW
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
HeapSize
QueryPerformanceFrequency

opengl32

glColor3f
glEnd
glVertex3fv
glTexCoord2f
glBegin
glColor3fv
glGetIntegerv
glGetString
glAlphaFunc
glFogf
glFogfv
glEnable
glDisable
glClearColor
glTexImage2D
glBindTexture
glVertex3f
glDepthMask
glPolygonMode
glFrontFace
glStencilFunc
glColorMask
glVertex2f
glDepthFunc
glStencilOp
glTexParameteri
glTexEnvf
glPixelStorei
glDeleteTextures
glIsTexture
glColor4ub
glLoadIdentity
glMatrixMode
glPopMatrix
glClear
glTranslatef
glRotatef
glPushMatrix
wglDeleteContext
wglMakeCurrent
wglCreateContext
glScalef
glGenTextures
glTexEnvi
glReadPixels
glGetFloatv
glBlendFunc
glViewport
glFogi
glFlush
glTexSubImage2D
glColor4f

shell32

ShellExecuteA
ShellExecuteExA

user32

GetFocus
UnregisterHotKey
RegisterHotKey
GetAsyncKeyState
GetKeyboardLayout
GetKeyboardLayoutNameA
OpenClipboard
SendMessageA
wsprintfA
GetWindowRect
SetWindowPos
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetDesktopWindow
MessageBoxA
SetWindowLongA
CallWindowProcA
GetWindowLongA
GetCaretPos
GetWindowTextA
SetWindowTextA
ShowWindow
ReleaseDC
CloseClipboard
CreateWindowExA
PostMessageA
SetFocus
IsWindowVisible
GetScrollPos
SetScrollPos
SetTimer
ShowCursor
ChangeDisplaySettingsA
SystemParametersInfoA
ReleaseCapture
SetCapture
DefWindowProcA
PostQuitMessage
EndPaint
BeginPaint
DestroyWindow
RegisterClassA
LoadCursorA
LoadIconA
SetForegroundWindow
GetSystemMetrics
AdjustWindowRect
IsIconic
DispatchMessageA
TranslateMessage
GetDC
GetClipboardData
GetMessageA
PeekMessageA
UpdateWindow
EnumDisplaySettingsA
SetCursorPos
SetRect
OffsetRect
PtInRect
GetDoubleClickTime
ScreenToClient
GetCursorPos
GetActiveWindow
IntersectRect
ClientToScreen
KillTimer
wvsprintfA
FindWindowA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

winmm

mmioAscend
mmioOpenA
mmioClose
timeGetTime
mmioDescend
mmioRead
timeGetDevCaps
timeBeginPeriod
mmioWrite
timeEndPeriod

ws2_32

gethostbyname
WSAAsyncSelect
setsockopt
socket
shutdown
recv
WSASend
WSAStartup
WSACleanup
send
WSAGetLastError
inet_addr
htons
connect
closesocket

ole32

CoUninitialize
CoCreateInstance
CoInitialize

wzaudio

wzAudioStop
wzAudioPlay
wzAudioGetStreamOffsetRange
wzAudioDestroy
wzAudioOption
wzAudioCreate

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 110KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 143KB - Virtual size: 119.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zero
Size: - Virtual size: 18.2MB

.as_0001
Size: 114KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zero
Size: - Virtual size: 264KB

.as_0002
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.LibHook
Size: 573B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.LibHook
Size: 573B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.LibHook
Size: 573B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.LibHook
Size: 573B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.LibHook
Size: 573B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.LibHook
Size: 573B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d23f2d76a31e5b805bfdf4fe930fc1f5

Headers

File Characteristics

Imports

advapi32

dinput8

dsound

gdi32

glu32

imm32

kernel32

opengl32

shell32

user32

version

winmm

ws2_32

ole32

wzaudio

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.data Size: 110KB - Virtual size: 112KB

Size: 143KB - Virtual size: 119.1MB

.rsrc Size: 8KB - Virtual size: 12KB

.idata Size: 8KB - Virtual size: 12KB

.zero Size: - Virtual size: 18.2MB

.as_0001 Size: 114KB - Virtual size: 120KB

.zero Size: - Virtual size: 264KB

.as_0002 Size: 48KB - Virtual size: 48KB

.LibHook Size: 573B - Virtual size: 4KB

.LibHook Size: 573B - Virtual size: 4KB

.LibHook Size: 573B - Virtual size: 4KB

.LibHook Size: 573B - Virtual size: 4KB

.LibHook Size: 573B - Virtual size: 4KB

.LibHook Size: 573B - Virtual size: 4KB

.text
Size: 3.7MB - Virtual size: 3.7MB

.data
Size: 110KB - Virtual size: 112KB

.rsrc
Size: 8KB - Virtual size: 12KB

.idata
Size: 8KB - Virtual size: 12KB

.zero
Size: - Virtual size: 18.2MB

.as_0001
Size: 114KB - Virtual size: 120KB

.zero
Size: - Virtual size: 264KB

.as_0002
Size: 48KB - Virtual size: 48KB

.LibHook
Size: 573B - Virtual size: 4KB

.LibHook
Size: 573B - Virtual size: 4KB

.LibHook
Size: 573B - Virtual size: 4KB

.LibHook
Size: 573B - Virtual size: 4KB

.LibHook
Size: 573B - Virtual size: 4KB

.LibHook
Size: 573B - Virtual size: 4KB