teardown[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

teardown.exe
Size

4.6MB
MD5

3857bcd112173d06726f576190a5b284
SHA1

650ec76ed55c304102b0b39e80b45d82e74bb2b5
SHA256

124541f7a8df76183a92d323038a9a61520a5b7225db2a7d222dc2f622b1fd7b
SHA512

7cfdc1901c7b68bfa61978ed5b368a56eb5cbbdd20dc0e41b634fe7a76070080a6e9b868543cbff3093772f811a4995e827ef4cef99eabb8fe07cf5442573cf0
SSDEEP

49152:rPw13LTJtN7AkwA5l/IGcTPDK4sz6/dbQtFT92pVbCNzPwVjyDsLfvn7xCwKRAvu:kkEfcTe6/daFMiPw5bx+Zbd+XCt9

Score

N/A

Malware Config

Signatures

Files

teardown.exe
.exe windows x64

fe00dfd870cdf26104c7d0ef124280ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wsock32

shutdown
send
select
recv
inet_ntoa
connect
socket
setsockopt
ntohs
listen
htonl
getsockname
closesocket
bind
accept
WSACleanup
WSAStartup
gethostbyname
ntohl
htons

ws2_32

getnameinfo

winmm

waveOutOpen
waveOutWrite
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutClose

opengl32

glFinish
glDrawArrays
glBindTexture
glLineWidth
glPixelStorei
glReadPixels
glDeleteTextures
glEnable
glGenTextures
glTexImage2D
glTexParameteri
glDrawBuffer
glDrawElements
glReadBuffer
glTexParameterf
glTexParameterfv
glBlendFunc
glDisable
glGetIntegerv
glIsEnabled
glPolygonMode
glScissor
glViewport
glGetString
wglCreateContext
wglDeleteContext
wglMakeCurrent
glDepthMask
wglGetProcAddress
glClear
glClearColor
glColorMask
glCullFace
wglGetCurrentDC

kernel32

IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetCurrentThread
HeapAlloc
HeapFree
HeapSize
WriteFile
GetStdHandle
GetModuleFileNameW
CreateProcessW
DuplicateHandle
GetTempPathW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
GetModuleHandleExW
TerminateProcess
ExitProcess
GetCurrentProcess
ReadFile
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
EncodePointer
SetLastError
InterlockedFlushSList
InterlockedPushEntrySList
RaiseException
RtlPcToFileHeader
RtlUnwindEx
LocalFree
CreateSymbolicLinkW
GetFileInformationByHandleEx
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
GlobalMemoryStatusEx
GetModuleHandleA
GetProcAddress
GetFileAttributesA
QueryPerformanceCounter
Sleep
GetCurrentProcessId
GetSystemInfo
GetVersionExA
GetModuleFileNameA
GetUserDefaultLCID
QueryPerformanceFrequency
GetCurrentDirectoryA
CreateDirectoryA
DeleteFileA
FindClose
FindFirstFileA
FindNextFileA
RemoveDirectoryA
MoveFileA
GetLastError
GetFileSizeEx
LoadLibraryA
FormatMessageA
CloseHandle
SetEvent
WaitForMultipleObjectsEx
CreateEventA
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
GetTickCount64
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
InitOnceExecuteOnce
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetFileInformationByHandle
GetNativeSystemInfo
GetExitCodeThread
SwitchToThread
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryEnterCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
HeapReAlloc
GetTimeZoneInformation
GetModuleHandleW
CreateEventW
MultiByteToWideChar
GetStringTypeW
OutputDebugStringW
GetProcessHeap
SetEnvironmentVariableW
ReadConsoleW
GetComputerNameA
SetFilePointerEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
WaitForSingleObjectEx
FindNextFileW
FindFirstFileExW
MoveFileExW
DeleteFileW
CreatePipe
GetExitCodeProcess
WaitForSingleObject
GetCPInfo
SetConsoleCtrlHandler
GetFileAttributesExW
SetEndOfFile
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
WideCharToMultiByte
FreeLibrary
WriteConsoleW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ResetEvent

user32

GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
EmptyClipboard
MapVirtualKeyA
GetSystemMetrics
TranslateMessage
DispatchMessageA
PeekMessageA
DefWindowProcA
PostQuitMessage
RegisterClassA
UnregisterClassA
CreateWindowExA
DestroyWindow
ShowWindow
SetFocus
GetActiveWindow
SetCapture
ReleaseCapture
SetForegroundWindow
GetDC
ReleaseDC
AdjustWindowRectEx
MessageBoxA
ShowCursor
SetCursorPos
ClientToScreen
SetClassLongPtrA
LoadCursorA
LoadIconA
ChangeDisplaySettingsA
ChangeDisplaySettingsExA
EnumDisplaySettingsA
GetRawInputData
RegisterRawInputDevices
GetForegroundWindow
GetDesktopWindow

gdi32

SetPixelFormat
SwapBuffers
ChoosePixelFormat

advapi32

GetUserNameA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

imm32

ImmGetContext
ImmSetCompositionWindow

hydra5-x64

hydra5_client_get_kernel_session_id_visual_alias
hydra5_init
hydra5_update
hydra5_disconnect_everything
hydra5_term
hydra5_is_executing_requests
hydra5_get_error_message
hydra5_client_create
hydra5_client_connect_steam
hydra5_client_connect_developer
hydra5_telemetry_typed_event

steam_api64

SteamAPI_RegisterCallback
SteamInternal_ContextInit
SteamAPI_RegisterCallResult
SteamAPI_UnregisterCallResult
SteamAPI_Init
SteamInternal_FindOrCreateUserInterface
SteamInternal_CreateInterface
SteamAPI_GetHSteamUser
SteamAPI_RunCallbacks
SteamAPI_UnregisterCallback
SteamAPI_Shutdown

dsound

ord1

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 799KB - Virtual size: 799KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 162KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bind
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe00dfd870cdf26104c7d0ef124280ff

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

ws2_32

winmm

opengl32

kernel32

user32

gdi32

advapi32

shell32

ole32

imm32

hydra5-x64

steam_api64

dsound

Exports

Exports

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 799KB - Virtual size: 799KB

.data Size: 162KB - Virtual size: 225KB

.pdata Size: 126KB - Virtual size: 125KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 34KB - Virtual size: 34KB

.reloc Size: 11KB - Virtual size: 10KB

.bind Size: 201KB - Virtual size: 201KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 799KB - Virtual size: 799KB

.data
Size: 162KB - Virtual size: 225KB

.pdata
Size: 126KB - Virtual size: 125KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 34KB - Virtual size: 34KB

.reloc
Size: 11KB - Virtual size: 10KB

.bind
Size: 201KB - Virtual size: 201KB