iw3mp[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

iw3mp.exe
Size

3.2MB
MD5

d40c958f78a41e59925d8e544a329d4f
SHA1

2228ec6e36707d6e99bfe136c6afc98f30ef322d
SHA256

c7a5f9b296f23efa9055868c58afde986b0bd0d45533de667b11fe01d800b3e4
SHA512

3487cc64b0f9fe23b278140c3fcd6520fec4c9b04de2fb4e2195a7096fbbea2a18d4d086a505f6d1aee705e0886e6d42838a5de2eace9ac128d7409657bf7698
SSDEEP

98304:SMNZ15nskzOD5cCbgft6PLJquxczGcRp6m1XkaHzL14KSkn0O6:SMNZXnskzOD5c2gEPLJquxczGMpXX9zE

Score

1^/10

Malware Config

Signatures

Files

iw3mp.exe
.exe windows x86

Password: infected

e261236b7803df62fd72d00367f05cae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeBeginPeriod
mixerOpen
mixerSetControlDetails
mixerGetControlDetailsA
mixerGetNumDevs
mixerClose
timeEndPeriod
timeGetTime
waveInGetNumDevs
mixerGetLineControlsA
mixerGetLineInfoA

wsock32

getsockopt
listen
accept
recv
WSACleanup
sendto
setsockopt
htons
WSAGetLastError
ioctlsocket
ntohl
recvfrom
WSAStartup
WSAAsyncSelect
connect
gethostname
inet_ntoa
send
gethostbyname
closesocket
socket
bind
getsockname

mss32

_AIL_speaker_configuration@20
_AIL_stream_sample_handle@4
_AIL_open_stream@12
_AIL_digital_CPU_percent@4
_AIL_sample_3D_position@16
_AIL_startup@0
_AIL_set_stream_ms_position@8
_AIL_open_digital_driver@16
_AIL_stream_status@4
_AIL_sample_playback_rate@4
_AIL_set_speaker_configuration@16
_AIL_set_sample_processor@12
_AIL_stop_sample@4
_AIL_set_sample_3D_distances@16
_AIL_find_filter@8
_AIL_sample_status@4
_AIL_set_sample_3D_position@16
_AIL_sample_volume_pan@12
_AIL_sample_stage_property@24
_AIL_set_sample_channel_levels@12
_AIL_sample_ms_position@12
_AIL_set_DirectSound_HWND@8
_AIL_process_digital_audio@24
_AIL_size_processed_digital_audio@16
_AIL_open_filter@8
_AIL_init_sample@12
_AIL_end_sample@4
_AIL_set_sample_ms_position@8
_AIL_set_preference@8
_AIL_set_stream_loop_count@8
_AIL_WAV_info@8
_AIL_set_sample_loop_count@8
_AIL_set_sample_volume_levels@12
_AIL_stream_ms_position@12
_AIL_stream_info@20
_AIL_sample_volume_levels@12
_AIL_sample_channel_levels@8
_AIL_pause_stream@8
_AIL_set_3D_distance_factor@8
_AIL_allocate_sample_handle@4
_AIL_last_error@0
_AIL_set_sample_info@8
_AIL_set_file_callbacks@16
_AIL_resume_sample@4
_AIL_set_3D_rolloff_factor@8
_AIL_set_room_type@8
_AIL_set_sample_reverb_levels@12
_AIL_shutdown@0
_AIL_set_redist_directory@4
_AIL_set_digital_master_reverb_levels@12
_AIL_close_stream@4
_AIL_set_sample_playback_rate@8

binkw32

_BinkGetFrameBuffersInfo@8
_BinkPause@8
_BinkClose@4
_BinkGetError@0
_BinkOpen@8
_BinkSetSoundTrack@8
_BinkOpenMiles@4
_BinkControlBackgroundIO@8
_BinkSetMixBinVolumes@20
_BinkDoFrame@4
_BinkSetIOSize@4
_BinkSetMemory@8
_BinkRegisterFrameBuffers@8
_BinkWait@4
_BinkGetRealtime@12
_BinkNextFrame@4
_BinkGetRects@8
_BinkSetSoundSystem@8

d3d9

Direct3DCreate9

d3dx9_34

D3DXCompileShader
D3DXGetShaderInputSemantics
D3DXCreateBuffer
D3DXGetShaderConstantTable
D3DXGetShaderOutputSemantics

dsound

ord6
ord11

kernel32

SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
HeapSize
GetTimeZoneInformation
SetFilePointer
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
GetStdHandle
DeleteCriticalSection
HeapCreate
HeapDestroy
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetDateFormatA
GetTimeFormatA
GetStartupInfoA
GetProcessHeap
GetCommandLineA
GetFullPathNameA
CreateDirectoryA
FileTimeToLocalFileTime
FileTimeToSystemTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
ExitProcess
HeapReAlloc
RtlUnwind
HeapAlloc
MoveFileA
HeapFree
GetSystemTimeAsFileTime
GetSystemTime
FindClose
SetStdHandle
RemoveDirectoryA
SystemTimeToFileTime
FindFirstFileA
FindNextFileA
GetTickCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
InterlockedCompareExchange
InterlockedExchangeAdd
SleepEx
GetLastError
ReadFileEx
GetFileSize
InterlockedIncrement
CloseHandle
CreateFileA
InterlockedDecrement
InterlockedExchange
SetEvent
SuspendThread
ResumeThread
GetCurrentThread
CreateThread
Sleep
CreateEventA
SetThreadPriority
RaiseException
ResetEvent
GetProcessAffinityMask
GetCurrentProcess
GetCurrentThreadId
SetThreadAffinityMask
WaitForSingleObject
DuplicateHandle
GetFileAttributesA
SetFileAttributesA
VirtualFree
VirtualAlloc
QueryPerformanceCounter
QueryPerformanceFrequency
GetModuleHandleA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameA
SetProcessAffinityMask
GlobalMemoryStatus
GetProcAddress
GetThreadPriority
GetCurrentDirectoryA
CreateToolhelp32Snapshot
Module32Next
GetVersionExA
GetCurrentProcessId
DeleteFileA
CreateProcessA
SetErrorMode
ReadFile
GlobalSize
GlobalUnlock
GlobalLock
Module32First
FormatMessageA
WriteFile
GetDriveTypeA
OpenProcess
MulDiv
SetPriorityClass
SetThreadExecutionState
FreeLibrary
LoadLibraryA
SetEnvironmentVariableW
CompareFileTime
VirtualQuery

user32

GetDC
GetActiveWindow
MessageBoxA
ClientToScreen
PostMessageA
GetCursorPos
SetCursorPos
GetForegroundWindow
ShowCursor
SetFocus
GetWindowRect
ScreenToClient
PeekMessageA
GetClipboardData
CloseClipboard
GetMessageA
LoadCursorA
OpenClipboard
TranslateMessage
DispatchMessageA
ShowWindow
LoadIconA
RegisterClassExA
DestroyWindow
RegisterClassA
GetWindowTextA
UpdateWindow
LoadImageA
GetSystemMetrics
SetWindowPos
DefWindowProcA
CreateWindowExA
SendMessageA
PostQuitMessage
CallWindowProcA
CloseWindow
SetWindowTextA
GetMonitorInfoA
RegisterWindowMessageA
MoveWindow
MonitorFromWindow
MapVirtualKeyA
ReleaseDC
GetDesktopWindow
ChangeDisplaySettingsA
EnumThreadWindows
UnregisterClassA
KillTimer
SetTimer
AdjustWindowRectEx
MonitorFromPoint
IsWindow
EnumDisplayMonitors
SetWindowLongA
AdjustWindowRect
GetWindowLongA

gdi32

CreateFontA
CreateSolidBrush
GetDeviceCaps
SetDeviceGammaRamp

advapi32

RegSetValueExA
GetUserNameA
RegCreateKeyA
RegQueryValueExA
RegCloseKey
RegOpenKeyA

shell32

ShellExecuteA

ddraw

DirectDrawCreateEx
DirectDrawEnumerateExA

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 552KB - Virtual size: 549KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 209.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 33B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

e261236b7803df62fd72d00367f05cae

Headers

File Characteristics

Imports

winmm

wsock32

mss32

binkw32

d3d9

d3dx9_34

dsound

kernel32

user32

gdi32

advapi32

shell32

ddraw

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 552KB - Virtual size: 549KB

.data Size: 64KB - Virtual size: 209.9MB

.tls Size: 4KB - Virtual size: 33B

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 552KB - Virtual size: 549KB

.data
Size: 64KB - Virtual size: 209.9MB

.tls
Size: 4KB - Virtual size: 33B

.rsrc
Size: 4KB - Virtual size: 3KB