Static task
static1
General
-
Target
PES6.exe
-
Size
14.6MB
-
MD5
14045df9e86b88a8634cb6b871c2df52
-
SHA1
8d6323bb38431e18d91b445ccd05a12c7f501f42
-
SHA256
9d147ab95397cdc4152fe22eeefb8d71b379578686fe8579cc8c913483a75689
-
SHA512
3eda6ff61b1bb4d8f0829d133a78552dc05a8f92a847d15622ff52399c7bc6bce27f1dd08fda3cf9e3d8c2f6850fee09b627a04c67569d4b93ba975631ccfcd1
-
SSDEEP
196608:edlE4oyp0t6iQrOQf6miwpHu9GSEUyJRfkuWUQINRLWbX7iE47FUcaHvsmVt/U:eoOriGO8i1GdUyJRfkxGSIUcaHzVh
Malware Config
Signatures
Files
-
PES6.exe.exe windows x86
bf452d542c8f9357e2c36b3aca99b50b
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
d3d8
Direct3DCreate8
dinput8
DirectInput8Create
winmm
timeKillEvent
timeSetEvent
timeBeginPeriod
timeEndPeriod
timeGetTime
ws2_32
WSACleanup
gethostname
gethostbyname
recv
WSAGetLastError
connect
select
__WSAFDIsSet
send
inet_ntoa
getsockname
WSAAsyncGetHostByName
WSAStartup
ntohs
closesocket
htons
setsockopt
inet_addr
recvfrom
htonl
sendto
ioctlsocket
socket
bind
kernel32
SetPriorityClass
GetCurrentProcess
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
ReleaseMutex
WaitForSingleObject
GetLastError
SetLastError
CreateMutexA
CloseHandle
FindClose
FindFirstFileA
FindNextFileA
FileTimeToSystemTime
DeleteFileA
RemoveDirectoryA
GetFileAttributesA
GetDriveTypeA
GetModuleFileNameA
WideCharToMultiByte
GetFullPathNameA
SetCurrentDirectoryA
CreateDirectoryA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
RtlUnwind
HeapFree
HeapAlloc
GetProcAddress
ExitProcess
TerminateProcess
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
GetCurrentThreadId
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
VirtualQuery
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
VirtualAlloc
HeapReAlloc
IsBadWritePtr
HeapSize
SetUnhandledExceptionFilter
GetOEMCP
GetCPInfo
DeleteCriticalSection
LoadLibraryA
IsBadReadPtr
IsBadCodePtr
SetFilePointer
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
CreateFileA
VirtualProtect
GetSystemInfo
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetEndOfFile
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
IsProcessorFeaturePresent
GetFileSize
lstrcatA
GetProcessHeap
InterlockedDecrement
InterlockedIncrement
ResumeThread
SetThreadPriorityBoost
SetThreadPriority
CreateThread
OutputDebugStringA
GetOverlappedResult
CreateEventA
lstrlenA
GetThreadPriority
SuspendThread
PulseEvent
SetThreadAffinityMask
ResetEvent
GetLocalTime
SetEvent
WaitForMultipleObjects
CreateSemaphoreA
ReleaseSemaphore
GetProfileIntA
ExitThread
InitializeCriticalSection
RaiseException
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange
FreeLibrary
MulDiv
lstrcpyA
DebugBreak
SetConsoleTitleA
AllocConsole
lstrcmpiA
ReadFile
LoadLibraryW
GetWindowsDirectoryA
GetTempPathA
GetSystemDirectoryA
CopyFileA
GetTempFileNameA
MoveFileExA
OpenEventA
DuplicateHandle
FormatMessageA
GetLogicalDrives
DeviceIoControl
GetVolumeInformationA
GetCurrentDirectoryA
CreateFileMappingA
SetErrorMode
lstrcmpA
FileTimeToLocalFileTime
GetConsoleMode
ReadConsoleInputA
GetFileTime
SetFileAttributesA
LocalFree
WaitNamedPipeA
SetNamedPipeHandleState
GetShortPathNameA
GetPriorityClass
QueryDosDeviceA
GetUserDefaultLangID
LockResource
LoadResource
FindResourceA
lstrlenW
OpenProcess
FlushInstructionCache
CreateProcessA
GetComputerNameA
SetConsoleCtrlHandler
GetVersion
GlobalMemoryStatus
FlushConsoleInputBuffer
CompareFileTime
OpenMutexA
UnmapViewOfFile
MapViewOfFile
SetConsoleMode
user32
BeginPaint
RegisterClassExA
LoadIconA
UpdateWindow
LoadCursorA
DispatchMessageA
TranslateMessage
PeekMessageA
ReleaseDC
GetDC
EnumDisplaySettingsA
ScreenToClient
GetKeyState
WindowFromPoint
GetCursorPos
GetActiveWindow
EndPaint
FindWindowA
PostMessageA
MessageBoxA
CreateWindowExA
UnregisterHotKey
RegisterHotKey
RegisterDeviceNotificationA
ShowCursor
UnregisterDeviceNotification
AdjustWindowRectEx
IsIconic
ShowWindow
SetWindowPos
SetWindowLongA
RedrawWindow
GetSystemMetrics
SetCursor
SetFocus
PostQuitMessage
InvalidateRect
MsgWaitForMultipleObjects
GetAsyncKeyState
GetKeyboardLayout
GetWindowRect
GetWindowLongA
GetClassLongA
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SystemParametersInfoA
SetForegroundWindow
SetRect
wsprintfA
PostThreadMessageA
RegisterWindowMessageA
GetQueueStatus
DefWindowProcA
CallWindowProcA
SendMessageA
LoadCursorFromFileA
SetSystemCursor
LoadImageA
CopyImage
GetProcessWindowStation
GetUserObjectInformationW
LoadStringA
GetSysColorBrush
SendDlgItemMessageA
DialogBoxIndirectParamA
DestroyWindow
UnregisterClassA
GetDlgItem
EnumWindows
GetSubMenu
GetMenuState
GetMenu
EnableMenuItem
CheckMenuItem
FindWindowExA
SetDlgItemTextW
GetSysColor
SetWindowTextA
SetDlgItemTextA
SetWindowTextW
EnableWindow
GetDesktopWindow
GetClientRect
FlashWindow
EndDialog
CharLowerA
GetWindowTextA
GetParent
GetClassNameA
LoadStringW
gdi32
GetDeviceCaps
advapi32
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyA
RegSetValueExA
RegCreateKeyExA
QueryServiceStatus
ControlService
CloseServiceHandle
OpenServiceA
OpenSCManagerA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegEnumKeyExA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
OpenProcessToken
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenThreadToken
RevertToSelf
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthority
GetSidSubAuthorityCount
RegDeleteValueA
GetUserNameA
RegQueryInfoKeyA
CreateServiceA
StartServiceA
DeleteService
shell32
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
ole32
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoFreeUnusedLibraries
CoInitialize
CoTaskMemFree
iphlpapi
GetBestRoute
GetNetworkParams
GetAdaptersInfo
GetIpForwardTable
SetIpForwardEntry
GetIpAddrTable
version
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA
wsock32
closesocket
recv
WSASetLastError
send
shutdown
WSAGetLastError
Sections
.text Size: 7.5MB - Virtual size: 7.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 284KB - Virtual size: 280KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2.9MB - Virtual size: 49.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data1 Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 12KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
age Size: 2.5MB - Virtual size: 4.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
agis Size: 48KB - Virtual size: 46KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
quod Size: 528KB - Virtual size: 2.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.securom Size: 896KB - Virtual size: 893KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE