call_to_arms[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

call_to_arms.exe
Size

21.6MB
MD5

4515b342006cf061cd8f6d730bf891d2
SHA1

a9c1e64d5300e8eccdd40c2bb1d5e91fe594a78f
SHA256

3f9ad5bcde7638731d673e285120f4239caac49bf285e6cb3180afbe34a781e4
SHA512

12493c4591ada9510295b78c70ebabf28eb178524a9502a8fa5a150d47742e2924cc326cf391d050d4a1dbb2edb4088471787572bd083271301f8bfec4473e54
SSDEEP

98304:knpkfAH5dHjRfF/n6xf7/Rfa9hwC9Pih2hrnELetS7JKyYuV8y1AdYjWcy1exrI2:o+0rH1F/6xf7ax9PIyg4RO8pSWcsRLu

Score

1^/10

Malware Config

Signatures

Files

call_to_arms.exe
.exe windows x64

d2262737ec522148188790af194b798e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dbghelp

SymInitialize
SymFromAddr
SymCleanup
ImageNtHeader
SymGetLineFromAddr64
SymSetOptions

iphlpapi

GetIfEntry
GetAdaptersAddresses
GetBestInterface

shell32

ShellExecuteW
SHGetFolderPathW

kernel32

DeleteFileW
GetCurrentProcessId
GetLocalTime
FreeLibrary
GetProcAddress
LoadLibraryW
GetPhysicallyInstalledSystemMemory
OutputDebugStringW
GetCommandLineW
GetCurrentDirectoryW
GetFileAttributesW
GetModuleFileNameW
ReadFile
WriteFile
GetOverlappedResult
GetModuleHandleW
FormatMessageW
SetDllDirectoryW
RtlCaptureStackBackTrace
OutputDebugStringA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalMemoryStatusEx
VirtualAlloc
VirtualFree
HeapSetInformation
SetNamedPipeHandleState
WaitNamedPipeW
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetProcessId
OpenProcess
CreateJobObjectW
AssignProcessToJobObject
TerminateJobObject
SetInformationJobObject
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
MultiByteToWideChar
GetCPInfoExW
GetLocaleInfoA
GetUserDefaultLCID
DosDateTimeToFileTime
CreateFileA
SetFilePointer
TerminateThread
CreateThread
DebugBreak
GetTempPathW
ReleaseSemaphore
CreateSemaphoreW
IsDebuggerPresent
ExitProcess
QueryPerformanceFrequency
FileTimeToLocalFileTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
GetTimeZoneInformation
GetFileSizeEx
GetFileTime
SetFileTime
GetFileAttributesExW
CreateDirectoryW
FindClose
FindFirstFileW
FindNextFileW
GetTempFileNameW
RemoveDirectoryW
CopyFileExW
MoveFileExW
CreateFileMappingW
QueryPerformanceCounter
UnmapViewOfFile
MapViewOfFile
GetModuleHandleExW
CompareFileTime
SetThreadAffinityMask
GetCommandLineA
FindNextFileA
FindFirstFileExW
FindFirstFileExA
WriteConsoleW
SetStdHandle
HeapQueryInformation
HeapSize
FlushFileBuffers
SetConsoleCtrlHandler
CreateFileW
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
CreateProcessA
WideCharToMultiByte
EncodePointer
DecodePointer
TryEnterCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
WaitForSingleObjectEx
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
SignalObjectAndWait
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualProtect
SetProcessAffinityMask
DuplicateHandle
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
WaitForMultipleObjectsEx
GetModuleFileNameA
LoadLibraryExA
FormatMessageA
InitOnceExecuteOnce
GetStdHandle
GetCurrentDirectoryA
GetFileSize
GetFullPathNameA
GetACP
GetVersionExA
IsValidCodePage
IsDBCSLeadByteEx
LoadLibraryA
RtlUnwindEx
GetTickCount
GetCurrentProcess
GetSystemInfo
SetPriorityClass
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
SetThreadPriority
GetCurrentThreadId
Sleep
CreateEventW
WaitForSingleObject
ResetEvent
SetEvent
GetLastError
RaiseException
CloseHandle
SwitchToThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetEnvironmentStringsW
RtlPcToFileHeader
ExitThread
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetPrivateProfileIntW
SetUnhandledExceptionFilter
GetOEMCP
GetFullPathNameW
SetEnvironmentVariableW
CreatePipe
MapViewOfFileEx
HeapReAlloc
HeapFree
HeapAlloc
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetEndOfFile
SetFilePointerEx
GetFileType
GetProcessHeap

user32

DestroyIcon
PtInRect
MapWindowPoints
ShowCursor
ReleaseDC
GetDC
GetCapture
mouse_event
EnableWindow
GetDlgItem
EndDialog
KillTimer
SetTimer
MessageBoxW
GetForegroundWindow
IsWindow
LoadImageW
FillRect
SetCursor
CreateIconIndirect
InvalidateRect
EndPaint
BeginPaint
GetSystemMetrics
IsIconic
PostMessageW
SetWindowTextW
IsCharAlphaW
FlashWindowEx
DestroyWindow
SetRect
ClipCursor
GetCursorPos
SetCursorPos
MapVirtualKeyW
GetDoubleClickTime
SendMessageW
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
IsCharAlphaNumericW
RegisterRawInputDevices
GetRawInputData
GetMonitorInfoW
MonitorFromWindow
MonitorFromRect
SystemParametersInfoW
EnumDisplaySettingsW
LoadIconW
SetWindowLongPtrW
GetWindowLongPtrW
ScreenToClient
ClientToScreen
AdjustWindowRect
GetWindowRect
UpdateWindow
GetKeyboardLayoutNameA
GetKeyboardLayout
GetMessageW
TranslateMessage
DispatchMessageW
RegisterHotKey
UnregisterHotKey
DefWindowProcW
WindowFromPoint
PostQuitMessage
RegisterClassExW
CreateWindowExW
ShowWindow
SetWindowPos
SetFocus
SetForegroundWindow
GetClientRect

gdi32

GetDIBits
CreateDIBSection
TextOutW
GetObjectW
SetTextColor
SetStretchBltMode
StretchBlt
SetBkMode
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
BitBlt
CreateBitmap
CreateSolidBrush
GetCurrentObject

advapi32

RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
GetUserNameW
RegEnumKeyExA
RegCloseKey
RegQueryValueExA

ole32

PropVariantClear
CoCreateGuid
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
CoInitializeEx

psapi

GetProcessMemoryInfo

bugsplat64

?sendAdditionalFile@MiniDmpSender@@QEAAXPEB_W@Z
?setMiniDumpType@MiniDmpSender@@QEAAXW4_BS_MINIDUMP_TYPE@1@@Z
?enableExceptionFilter@MiniDmpSender@@QEAA_N_N@Z
??1MiniDmpSender@@UEAA@XZ
??0MiniDmpSender@@QEAA@PEB_W000K@Z
?createReport@MiniDmpSender@@QEAAXPEAU_EXCEPTION_POINTERS@@@Z
?setCallback@MiniDmpSender@@QEAAXP6A_NIPEAX0@Z@Z
?setFlags@MiniDmpSender@@QEAA_NK@Z

mss64

AIL_set_sample_address
AIL_mem_free_lock
AIL_mem_alloc_lock_info
RIB_find_file_provider
AIL_load_sample_buffer
AIL_sample_buffer_available
AIL_set_sample_buffer_count
AIL_minimum_sample_buffer_size
AIL_stop_sample
AIL_init_sample
AIL_set_listener_3D_orientation
AIL_set_listener_3D_position
AIL_set_3D_distance_factor
AIL_set_3D_rolloff_factor
AIL_set_file_callbacks
AIL_close_digital_driver
AIL_open_digital_driver
AIL_last_error
AIL_shutdown
AIL_startup
AIL_set_sample_3D_position
AIL_set_sample_3D_distances
AIL_WAV_info
AIL_sample_ms_position
AIL_sample_position
AIL_sample_status
AIL_set_sample_loop_count
AIL_set_sample_low_pass_cut_off
AIL_set_sample_playback_rate_factor
AIL_set_sample_playback_rate
AIL_end_sample
AIL_start_sample
AIL_set_sample_info
AIL_release_sample_handle
AIL_allocate_sample_handle
AIL_get_preference
AIL_stream_position
AIL_set_stream_position
AIL_stream_status
AIL_set_stream_loop_count
AIL_pause_stream
AIL_start_stream
AIL_stream_sample_handle
AIL_close_stream
AIL_open_stream
AIL_set_sample_volume_levels
AIL_sample_stage_property
AIL_find_filter
AIL_set_sample_processor
AIL_set_redist_directory

icuuc56

u_isalnum_56
u_isdigit_56
??1StringCharacterIterator@icu_56@@UEAA@XZ
??0StringCharacterIterator@icu_56@@QEAA@AEBVUnicodeString@1@@Z
?getIndex@CharacterIterator@icu_56@@QEBAHXZ
?endIndex@CharacterIterator@icu_56@@QEBAHXZ
?setToEnd@CharacterIterator@icu_56@@QEAAHXZ
u_toupper_56
u_tolower_56
??0UnicodeString@icu_56@@QEAA@PEB_W@Z
??0UnicodeString@icu_56@@QEAA@HHH@Z
?toLower@UnicodeString@icu_56@@QEAAAEAV12@XZ
?toUpper@UnicodeString@icu_56@@QEAAAEAV12@XZ
?reverse@UnicodeString@icu_56@@QEAAAEAV12@XZ
?trim@UnicodeString@icu_56@@QEAAAEAV12@XZ
?truncate@UnicodeString@icu_56@@QEAACH@Z
?findAndReplace@UnicodeString@icu_56@@QEAAAEAV12@AEBV12@0@Z
?insert@UnicodeString@icu_56@@QEAAAEAV12@HH@Z
?insert@UnicodeString@icu_56@@QEAAAEAV12@H_W@Z
?insert@UnicodeString@icu_56@@QEAAAEAV12@HPEB_WH@Z
?append@UnicodeString@icu_56@@QEAAAEAV12@H@Z
?append@UnicodeString@icu_56@@QEAAAEAV12@_W@Z
?append@UnicodeString@icu_56@@QEAAAEAV12@PEB_WH@Z
?append@UnicodeString@icu_56@@QEAAAEAV12@AEBV12@@Z
?setTo@UnicodeString@icu_56@@QEAAAEAV12@PEB_WH@Z
?fastCopyFrom@UnicodeString@icu_56@@QEAAAEAV12@AEBV12@@Z
??4UnicodeString@icu_56@@QEAAAEAV01@AEBV01@@Z
?tempSubStringBetween@UnicodeString@icu_56@@QEBA?AV12@HH@Z
?tempSubString@UnicodeString@icu_56@@QEBA?AV12@HH@Z
?charAt@UnicodeString@icu_56@@QEBA_WH@Z
?lastIndexOf@UnicodeString@icu_56@@QEBAHAEBV12@@Z
?indexOf@UnicodeString@icu_56@@QEBAH_WH@Z
?indexOf@UnicodeString@icu_56@@QEBAHH@Z
?indexOf@UnicodeString@icu_56@@QEBAH_W@Z
?indexOf@UnicodeString@icu_56@@QEBAHPEB_WHHH@Z
?indexOf@UnicodeString@icu_56@@QEBAHPEB_WHH@Z
?indexOf@UnicodeString@icu_56@@QEBAHAEBV12@HHHH@Z
?indexOf@UnicodeString@icu_56@@QEBAHAEBV12@HH@Z
?indexOf@UnicodeString@icu_56@@QEBAHAEBV12@H@Z
?indexOf@UnicodeString@icu_56@@QEBAHAEBV12@@Z
?endsWith@UnicodeString@icu_56@@QEBACAEBV12@@Z
?startsWith@UnicodeString@icu_56@@QEBACAEBV12@@Z
u_strlen_56
u_errorName_56
u_isprint_56
?compare@UnicodeString@icu_56@@QEBACHHAEBV12@@Z
?GetAppendBuffer@ByteSink@icu_56@@UEAAPEADHHPEADHPEAH@Z
?Flush@ByteSink@icu_56@@UEAAXXZ
ucnv_convert_56
ucnv_getNextUChar_56
ucnv_fromUChars_56
ucnv_getMaxCharSize_56
ucnv_reset_56
ucnv_close_56
ucnv_open_56
u_init_56
?getName@Locale@icu_56@@QEBAPEBDXZ
?setDefault@Locale@icu_56@@SAXAEBV12@AEAW4UErrorCode@@@Z
?getEnglish@Locale@icu_56@@SAAEBV12@XZ
??1UnicodeString@icu_56@@UEAA@XZ
??0UnicodeString@icu_56@@QEAA@PEBDHPEAUUConverter@@AEAW4UErrorCode@@@Z
??0UnicodeString@icu_56@@QEAA@XZ
?getTerminatedBuffer@UnicodeString@icu_56@@QEAAPEB_WXZ
?getBuffer@UnicodeString@icu_56@@QEBAPEB_WXZ
?releaseBuffer@UnicodeString@icu_56@@QEAAXH@Z
?getBuffer@UnicodeString@icu_56@@QEAAPEA_WH@Z
?remove@UnicodeString@icu_56@@QEAAAEAV12@XZ
?setToBogus@UnicodeString@icu_56@@QEAAXXZ
?setTo@UnicodeString@icu_56@@QEAAAEAV12@AEBV12@@Z
?isBogus@UnicodeString@icu_56@@QEBACXZ
?getCapacity@UnicodeString@icu_56@@QEBAHXZ
?isEmpty@UnicodeString@icu_56@@QEBACXZ
?length@UnicodeString@icu_56@@QEBAHXZ
?toUTF32@UnicodeString@icu_56@@QEBAHPEAHHAEAW4UErrorCode@@@Z
?toUTF8@UnicodeString@icu_56@@QEBAXAEAVByteSink@2@@Z
ucasemap_utf8ToUpper_56
ucasemap_utf8ToLower_56
ucasemap_close_56
ucasemap_open_56
u_strFromUTF32WithSub_56
u_strToUTF32WithSub_56
u_strFromUTF8WithSub_56
u_strToUTF8WithSub_56
u_strFromWCS_56
u_strToWCS_56
??1ByteSink@icu_56@@UEAA@XZ
??0ByteSink@icu_56@@QEAA@XZ
??3UMemory@icu_56@@SAXPEAX@Z
utf8_nextCharSafeBody_56
?createLineInstance@BreakIterator@icu_56@@SAPEAV12@AEBVLocale@2@AEAW4UErrorCode@@@Z
?createWordInstance@BreakIterator@icu_56@@SAPEAV12@AEBVLocale@2@AEAW4UErrorCode@@@Z
?getDefault@Locale@icu_56@@SAAEBV12@XZ
??1Locale@icu_56@@UEAA@XZ
??0Locale@icu_56@@QEAA@AEBV01@@Z
?remove@UnicodeString@icu_56@@QEAAAEAV12@HH@Z
?compare@UnicodeString@icu_56@@QEBACAEBV12@@Z
??8UnicodeString@icu_56@@QEBACAEBV01@@Z

icuin56

?createInstance@Collator@icu_56@@SAPEAV12@AEBVLocale@2@AEAW4UErrorCode@@@Z

d3d11

D3D11CreateDeviceAndSwapChain

dxgi

CreateDXGIFactory

gfsdk_ssao_d3d11.win64

GFSDK_SSAO_CreateContext_D3D11

waveworks.win64

GFSDK_WaveWorks_Simulation_GetConservativeMaxDisplacementEstimate
GFSDK_WaveWorks_Simulation_CreateD3D11
GFSDK_WaveWorks_InitD3D11
GFSDK_WaveWorks_Savestate_CreateD3D11
GFSDK_WaveWorks_Savestate_RestoreD3D11
GFSDK_WaveWorks_Quadtree_SetFrustumCullMargin
GFSDK_WaveWorks_Quadtree_DrawD3D11
GFSDK_WaveWorks_Quadtree_GetShaderInputDescD3D11
GFSDK_WaveWorks_Quadtree_GetShaderInputCountD3D11
GFSDK_WaveWorks_Quadtree_UpdateParams
GFSDK_WaveWorks_Quadtree_Destroy
GFSDK_WaveWorks_Quadtree_CreateD3D11
GFSDK_WaveWorks_Simulation_GetStagingCursor
GFSDK_WaveWorks_Simulation_KickD3D11
GFSDK_WaveWorks_Simulation_Destroy
GFSDK_WaveWorks_Simulation_SetRenderStateD3D11
GFSDK_WaveWorks_Simulation_GetShaderInputDescD3D11
GFSDK_WaveWorks_Simulation_GetShaderInputCountD3D11
GFSDK_WaveWorks_Simulation_SetTime
GFSDK_WaveWorks_Simulation_UpdateProperties
GFSDK_WaveWorks_Savestate_Destroy

d3dcompiler_47

D3DCompile
D3DReflect

xvidcore

xvid_decore
xvid_global

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

steam_api64

SteamGameServer_GetHSteamUser
SteamGameServer_GetHSteamPipe
SteamAPI_UnregisterCallback
SteamAPI_RegisterCallback
SteamAPI_IsSteamRunning
SteamGameServer_Shutdown
SteamAPI_UnregisterCallResult
SteamInternal_CreateInterface
SteamInternal_ContextInit
SteamAPI_GetHSteamUser
SteamAPI_GetHSteamPipe
SteamGameServer_RunCallbacks
SteamInternal_GameServer_Init
SteamAPI_Init
SteamAPI_Shutdown
SteamAPI_RunCallbacks
SteamAPI_RegisterCallResult

ws2_32

WSACloseEvent
WSAStartup
WSACleanup
WSAGetLastError
inet_ntop
bind
closesocket
WSACreateEvent
recvfrom
sendto
setsockopt
socket
getaddrinfo
inet_pton
WSAEventSelect
WSAResetEvent
WSASetEvent
WSAWaitForMultipleEvents
htonl
htons
ioctlsocket
ntohs
select

vcomp140

_vcomp_for_static_simple_init
_vcomp_fork
_vcomp_for_static_end

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 15.1MB - Virtual size: 15.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 659KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 970KB - Virtual size: 969KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gem
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 276KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bind
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2262737ec522148188790af194b798e

Headers

DLL Characteristics

File Characteristics

Imports

dbghelp

iphlpapi

shell32

kernel32

user32

gdi32

advapi32

ole32

psapi

bugsplat64

mss64

icuuc56

icuin56

d3d11

dxgi

gfsdk_ssao_d3d11.win64

waveworks.win64

d3dcompiler_47

xvidcore

version

steam_api64

ws2_32

vcomp140

Exports

Exports

Sections

.text Size: 15.1MB - Virtual size: 15.1MB

.rdata Size: 4.3MB - Virtual size: 4.3MB

.data Size: 659KB - Virtual size: 1.2MB

.pdata Size: 970KB - Virtual size: 969KB

.gem Size: 512B - Virtual size: 80B

.tls Size: 17KB - Virtual size: 17KB

.gfids Size: 5KB - Virtual size: 5KB

.rsrc Size: 276KB - Virtual size: 276KB

.reloc Size: 235KB - Virtual size: 234KB

.bind Size: 178KB - Virtual size: 178KB

.text
Size: 15.1MB - Virtual size: 15.1MB

.rdata
Size: 4.3MB - Virtual size: 4.3MB

.data
Size: 659KB - Virtual size: 1.2MB

.pdata
Size: 970KB - Virtual size: 969KB

.gem
Size: 512B - Virtual size: 80B

.tls
Size: 17KB - Virtual size: 17KB

.gfids
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 276KB - Virtual size: 276KB

.reloc
Size: 235KB - Virtual size: 234KB

.bind
Size: 178KB - Virtual size: 178KB