FEAR[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

FEAR.exe
Size

9.5MB
MD5

88dbdc30184d9a6573b132c4f2182a7a
SHA1

d5ba198cb74a92439bd1dbedbf200e9cc157a03a
SHA256

3ffc42b521e8d188ec8c809c9b9fb04962324d8acb2c1a8881257dfa8fe7f1fe
SHA512

c9dd36436775eea53951ec821566477a793abe0b32acbb394b1b824f7d04486cbfa57cefa8ebd79768057834ea453d8580c55437ddd55b4b0b14a129a6873070
SSDEEP

196608:tPkLf6uZN7BSdnlZ+GXLlE1BjTHRedZOa:tPkLfpZ1BSdKCsTHRm

Score

1^/10

Malware Config

Signatures

Files

FEAR.exe
.exe windows x86

f312195ecaddf4cb1eb5b902c0b24dd5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

d3d9

Direct3DCreate9

dinput8

DirectInput8Create

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

kernel32

CreateEventA
CreateMutexA
Sleep
GetModuleHandleA
DebugBreak
FormatMessageW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
MulDiv
WaitForMultipleObjects
LockResource
SizeofResource
LoadResource
FindResourceA
GetSystemInfo
GlobalMemoryStatus
FreeLibrary
GetCurrentProcess
GetThreadContext
GetCurrentThread
GetLastError
ResetEvent
SetEvent
WaitForSingleObject
GetCurrentDirectoryA
GetModuleFileNameA
SetCurrentDirectoryA
FindFirstFileA
GetStartupInfoA
InterlockedIncrement
InterlockedDecrement
GetPrivateProfileStringW
ReadFile
GetFileAttributesA
RemoveDirectoryA
CreateDirectoryA
GetFileAttributesExA
DeleteFileA
SetErrorMode
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CloseHandle
FindClose
LoadLibraryA
GetProcAddress
WriteFile
OutputDebugStringA
GetTempPathA
GetTempFileNameA
CreateFileA
GetFileSizeEx
SetFilePointerEx
InitializeCriticalSection
CreateThread

user32

UpdateWindow
SetCursorPos
GetClientRect
GetKeyboardState
ToAscii
GetAsyncKeyState
ClientToScreen
AdjustWindowRect
SetWindowPos
SendMessageA
LoadImageA
CreateWindowExA
GetWindowRect
GetDesktopWindow
RegisterClassW
LoadCursorA
LoadIconA
SetForegroundWindow
IsWindow
SendMessageTimeoutA
TranslateMessage
DispatchMessageW
PeekMessageW
PeekMessageA
PostQuitMessage
MessageBoxW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
SystemParametersInfoA
DestroyCursor
ShowCursor
SetCursor
SetFocus
ShowWindow
MessageBoxA
DefWindowProcW
IsIconic
EndPaint
BeginPaint
DestroyWindow

gdi32

SetBkMode
GetTextMetricsA
CreateFontIndirectA
SetMapMode
DeleteDC
CreateDIBSection
SetBkColor
RemoveFontResourceA
GetStockObject
SelectObject
CreateCompatibleDC
GetCharWidth32W
GetGlyphOutlineW
AddFontResourceA
SetTextColor
GdiFlush
TextOutW
DeleteObject

ole32

CLSIDFromString
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

VariantClear
VariantInit

msvcp71

?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?_Nomemory@std@@YAXXZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?clear@ios_base@std@@QAEXH_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr71

__getmainargs
_initterm
__setusermatherr
_strnicmp
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
?terminate@@YAXXZ
_controlfp
_wcsicmp
_stat
_amsg_exit
??0exception@@QAE@ABV0@@Z
_CxxThrowException
__CxxFrameHandler
??3@YAXPAX@Z
memmove
??0exception@@QAE@XZ
??1exception@@UAE@XZ
strncpy
_purecall
_vsnprintf
??_V@YAXPAX@Z
isspace
_vsnwprintf
rand
sscanf
isdigit
strncat
isalpha
fclose
fprintf
fopen
atof
fgets
atoi
fflush
_splitpath
sprintf
floor
wcsncpy
wcslen
strncmp
_CIacos
_finite
clock
srand
atol
qsort
toupper
iswctype
_setjmp3
__p___argc
__p___argv
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
longjmp
wcscpy
strchr
_CIpow
wcsstr
swscanf
_aligned_malloc
_aligned_free
fread
fseek
ftell
fwrite
printf
time
vsprintf
strstr
strrchr
_snprintf
_errno
free
fputc
malloc
_fdopen
realloc
strcspn
_atoi64
rewind
_CIfmod
_ftol
strtok
_getcwd
_findfirst
_findnext
_findclose
_stricmp
tolower
_callnewh
??1type_info@@UAE@XZ
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
exit
_acmdln

wsock32

WSASetLastError
__WSAFDIsSet
inet_ntoa
WSACleanup
WSAStartup
send
recv
connect
shutdown
closesocket
inet_addr
sendto
recvfrom
ntohs
gethostname
socket
setsockopt
bind
getsockname
ioctlsocket
ntohl
gethostbyname
htonl
htons
WSAGetLastError
select

d3dx9_27

D3DXLoadSurfaceFromMemory
D3DXCreateEffectPool
D3DXCreateEffect
D3DXSaveTextureToFileA
D3DXSaveSurfaceToFileA
D3DXPlaneTransform

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

SHGetFolderPathA

Exports

Exports

SetMasterDatabase

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARED
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.init
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.securom
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f312195ecaddf4cb1eb5b902c0b24dd5

Headers

File Characteristics

Imports

d3d9

dinput8

winmm

kernel32

user32

gdi32

ole32

oleaut32

msvcp71

msvcr71

wsock32

d3dx9_27

advapi32

shell32

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 116KB - Virtual size: 116KB

.data Size: 24KB - Virtual size: 88KB

.SHARED Size: 4KB - Virtual size: 4KB

.rsrc Size: 32KB - Virtual size: 32KB

.text Size: 5.1MB - Virtual size: 5.1MB

.init Size: 52KB - Virtual size: 52KB

.data Size: 2.7MB - Virtual size: 2.7MB

.securom Size: 224KB - Virtual size: 224KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 116KB - Virtual size: 116KB

.data
Size: 24KB - Virtual size: 88KB

.SHARED
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 32KB - Virtual size: 32KB

.text
Size: 5.1MB - Virtual size: 5.1MB

.init
Size: 52KB - Virtual size: 52KB

.data
Size: 2.7MB - Virtual size: 2.7MB

.securom
Size: 224KB - Virtual size: 224KB