PublicPlayerLauncher[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

PublicPlayerLauncher.exe
Size

3.1MB
MD5

20430d5d084f872ed6ee36ab34417a45
SHA1

7ed1b5759bbbc02ec46a65ad9c35e8e0eade4b26
SHA256

1d65378d9965a3e2fd4e8fa5235d6bee7a0d7dc82e0756885b89aef70aa3573c
SHA512

bd176ca5a5b6a037a21a69270312fd8723f9c29ee46c81ac952b319b692f5f72a37ac7b03d252e6763d31fc76eaf635b4ee9d7f02e1b32b177325bf185fac333
SSDEEP

24576:ONp26bhn4whw/pnCsEXCIWNOm8+FpVzfVALCnE6A7HF1vLjjSpv4Qcw1+TwyTLBY:0uWmVALCn4vWd+8yT2Q8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PublicPlayerLauncher.exe

Files

PublicPlayerLauncher.exe
.exe windows x86

de982436dbe4dac43f4d67784bceb4ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
FormatMessageA
GetModuleHandleW
lstrlenA
MultiByteToWideChar
GetTempPathW
CreateEventA
DeleteFileW
ReleaseMutex
CreateMutexW
SetEvent
ResetEvent
OpenEventW
CreateEventW
CloseHandle
GetLastError
WaitForSingleObject
GetModuleFileNameW
WideCharToMultiByte
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetTimeZoneInformation
CreateFileA
GetLocaleInfoW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetDateFormatA
GetTimeFormatA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
QueryPerformanceCounter
VirtualQuery
IsValidCodePage
GetOEMCP
GetACP
VirtualFree
HeapCreate
FlushFileBuffers
SetFilePointer
ReadFile
GetStartupInfoA
SetHandleCount
GetConsoleMode
GetConsoleCP
FatalAppExitA
GetCPInfo
LCMapStringW
LCMapStringA
GetModuleFileNameA
lstrlenW
GetVersionExW
InterlockedDecrement
ExitThread
CreateThread
SetConsoleCtrlHandler
GetSystemTime
lstrcmpW
CreateProcessW
GetCurrentThreadId
DeleteCriticalSection
RaiseException
GetCurrentProcess
GetCurrentThread
GetTickCount
GetGeoInfoW
GetUserGeoID
FindClose
FindNextFileW
FindFirstFileW
CompareFileTime
Sleep
GetProcAddress
GetModuleHandleA
FreeLibrary
LoadLibraryW
GetLocalTime
TerminateProcess
OpenProcess
CreateDirectoryW
VerifyVersionInfoW
VerSetConditionMask
GetDiskFreeSpaceExW
ReleaseSemaphore
RemoveDirectoryW
SetFileAttributesW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
FindResourceW
SizeofResource
LockResource
LoadResource
GetSystemTimeAsFileTime
FindResourceExW
HeapFree
GetProcessHeap
CreateSemaphoreA
DuplicateHandle
HeapAlloc
InitializeCriticalSection
InterlockedIncrement
GetShortPathNameW
FormatMessageW
CreateFileW
GetFileAttributesW
InterlockedExchange
PostQueuedCompletionStatus
InterlockedExchangeAdd
EnterCriticalSection
LeaveCriticalSection
InterlockedCompareExchange
CreateIoCompletionPort
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
SetWaitableTimer
QueueUserAPC
TerminateThread
WaitForMultipleObjects
SleepEx
SetLastError
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
MulDiv
GetCurrentProcessId
OpenEventA
ResumeThread
GetSystemInfo
GetLogicalProcessorInformation
SystemTimeToFileTime
CreateWaitableTimerW
GetFileAttributesExW
GetFileSizeEx
IsWow64Process
GetExitCodeProcess
lstrcpyW
lstrcmpiW
WriteFile
lstrcatW
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
OutputDebugStringA
OutputDebugStringW
HeapReAlloc
HeapSize
HeapDestroy
VirtualAlloc
CreateFileMappingA
OpenFileMappingA
RtlUnwind
WriteConsoleW
GetFileType
GetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapValidate
IsBadReadPtr
DebugBreak
LoadLibraryA
GetStartupInfoW
ExitProcess

user32

ShowWindow
InvalidateRect
CreateWindowExW
SetWindowLongW
LoadBitmapW
DefWindowProcW
GetWindowLongW
SendMessageW
GetWindowRect
GetParent
MessageBoxW
SetWindowPos
SetFocus
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
CallWindowProcW
UnregisterClassW
SetWindowTextW
PostThreadMessageW
GetWindowThreadProcessId
EnumWindows
GetDlgItem
EndPaint
FillRect
BeginPaint
PostQuitMessage
LoadIconW
GetSystemMetrics
RegisterClassW
ReleaseDC
GetDC
AllowSetForegroundWindow
DestroyWindow
KillTimer
EnableWindow
GetWindowTextW
PostMessageW
SetForegroundWindow
IsWindowVisible
SetTimer
DispatchMessageA
GetMessageA
IsWindowUnicode
PeekMessageA
MsgWaitForMultipleObjects
CharUpperW
CharNextW
MessageBoxA
LoadAcceleratorsW
UnregisterClassA

gdi32

SetBkMode
CreatePen
SelectObject
SetTextColor
GetStockObject
CreateSolidBrush
DeleteObject
CreateFontW
GetDeviceCaps
Rectangle

advapi32

GetSidLengthRequired
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetUserNameW
RegEnumKeyExW
RegDeleteKeyW
SetSecurityInfo
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteValueW
RegFlushKey
GetTokenInformation
GetSidSubAuthority
InitializeSid
CryptReleaseContext
CopySid
GetLengthSid
IsValidSid
CheckTokenMembership
DuplicateToken
OpenProcessToken
OpenThreadToken
RegSetValueExW
RevertToSelf
SetThreadToken
CryptGetHashParam
CryptHashData
CryptDestroyHash
CryptAcquireContextW
CryptCreateHash
RegCreateKeyExW

shell32

ShellExecuteW
SHGetFolderPathAndSubDirW
ShellExecuteExW

ole32

CreateStreamOnHGlobal
CoUnmarshalInterface
CoRevokeClassObject
CoRegisterClassObject
CoReleaseMarshalData
CoInitialize
CoUninitialize
StringFromGUID2
CoCreateInstance
CoCreateGuid
CoMarshalInterface

oleaut32

CreateErrorInfo
VariantClear
VariantInit
SetErrorInfo
VariantChangeType
GetErrorInfo
LoadTypeLi
RegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysAllocString

shlwapi

StrRChrW
StrDupW
PathAddBackslashW
StrStrW
StrCpyW
PathFileExistsW
StrCmpNW
SHDeleteKeyW
StrCmpW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

sensapi

IsNetworkAlive

wininet

HttpQueryInfoW
InternetQueryDataAvailable
InternetReadFile
InternetOpenW
HttpEndRequestW
HttpSendRequestExW
InternetCloseHandle
HttpSendRequestW
InternetSetOptionW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetConnectW
InternetWriteFile

userenv

UnloadUserProfile

ws2_32

WSARecv
select
WSASocketW
ioctlsocket
WSASend
WSASetLastError
closesocket
getsockopt
setsockopt
WSAStartup
connect
freeaddrinfo
WSAGetLastError
getaddrinfo
WSACleanup

comctl32

InitCommonControlsEx
_TrackMouseEvent

psapi

EnumProcesses
GetProcessImageFileNameW

iphlpapi

GetAdaptersInfo

Sections

.textbss
Size: - Virtual size: 945KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 509KB - Virtual size: 508KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 514B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 503KB - Virtual size: 502KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de982436dbe4dac43f4d67784bceb4ce

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

sensapi

wininet

userenv

ws2_32

comctl32

psapi

iphlpapi

Sections

.textbss Size: - Virtual size: 945KB

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 509KB - Virtual size: 508KB

.data Size: 48KB - Virtual size: 60KB

.idata Size: 12KB - Virtual size: 11KB

.tls Size: 1024B - Virtual size: 514B

.rsrc Size: 503KB - Virtual size: 502KB

.reloc Size: 80KB - Virtual size: 80KB

.textbss
Size: - Virtual size: 945KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 509KB - Virtual size: 508KB

.data
Size: 48KB - Virtual size: 60KB

.idata
Size: 12KB - Virtual size: 11KB

.tls
Size: 1024B - Virtual size: 514B

.rsrc
Size: 503KB - Virtual size: 502KB

.reloc
Size: 80KB - Virtual size: 80KB