Castle of temptation[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Castle of temptation.exe
Size

19.7MB
MD5

1d9f1969e11bd7218a3c0794880c605f
SHA1

a9be5294186ce16b65e6715f77ad6fe647d136e7
SHA256

e477b4d709ec3c5563099b32bc71e0c8e5246aaaf4d4828ebe3e3f3263a28eae
SHA512

d392c6f1fbdd341c2f5b7f951eae60956abe18c9a5e7a020fb91dcc2a17666d073c19f8a7e4ad65279cebd12c9df2d50c2d833af047c38e52ab6e13d50d92298
SSDEEP

393216:yvh/tyLrexqXnl/qs+803dK+SXyLQyyAbDsz:0YkI7Ab0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Castle of temptation.exe

Files

Castle of temptation.exe
.exe windows x64

db4db9a98469d5f98cf3940967ab0c8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

hid

HidD_GetHidGuid
HidP_GetCaps
HidD_GetProductString
HidP_GetButtonCaps
HidD_GetPreparsedData
HidP_GetValueCaps
HidP_MaxDataListLength
HidP_GetData
HidD_FreePreparsedData

gdi32

CreateDIBSection
CreateBitmap
DeleteObject
GetObjectA
ChoosePixelFormat
GetDeviceCaps
SetPixelFormat
SwapBuffers

user32

DialogBoxParamW
EndDialog
LoadIconA
SendDlgItemMessageW
SetDlgItemTextA
SetDlgItemTextW
MessageBoxA
CopyRect
OffsetRect
GetAncestor
UnregisterClassW
GetDesktopWindow
AdjustWindowRectEx
GetWindowPlacement
SetWindowLongA
ChangeDisplaySettingsA
EnumDisplaySettingsA
GetDlgItem
SetWindowLongPtrA
CreateDialogParamA
GetWindowLongPtrA
SetWindowPos
GetWindowRect
GetParent
GetThreadDesktop
GetUserObjectInformationA
EnumWindows
RegisterWindowMessageA
SendMessageA
SendMessageTimeoutA
IsIconic
ShowWindow
SetForegroundWindow
GetRawInputDeviceList
GetRawInputDeviceInfoW
GetRawInputData
RegisterRawInputDevices
CreateIconIndirect
ReleaseDC
GetDC
GetSystemMetrics
SetCursor
LoadCursorA
DestroyCursor
DefWindowProcW
DestroyWindow
CreateWindowExW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
IsClipboardFormatAvailable
SetCapture
ReleaseCapture
RegisterClassExW
MessageBoxW
WindowFromPoint
UnregisterDeviceNotification
DispatchMessageA
TranslateMessage
PtInRect
GetClientRect
GetWindowLongA
GetMessageExtraInfo
RegisterDeviceNotificationW
SystemParametersInfoW
ClientToScreen
GetAsyncKeyState
ScreenToClient
IsWindowVisible
GetCursorPos
GetKeyState
wsprintfA
GetProcessWindowStation
GetUserObjectInformationW
wvsprintfA
MonitorFromWindow
GetCaretBlinkTime
UpdateWindow
ValidateRect
PeekMessageA
GetMessageA
EnumDisplayDevicesA
EnumDisplayMonitors
SetFocus
GetFocus
ShowCursor
SetCursorPos
ClipCursor
GetWindowLongPtrW
SetWindowLongPtrW
PostQuitMessage
RegisterClassW
SetWindowTextW
CopyImage
EnableWindow
MsgWaitForMultipleObjects
DispatchMessageW
IsDialogMessageW
PeekMessageW
CreateDialogParamW
CheckDlgButton
IsDlgButtonChecked
DialogBoxParamA
LoadImageW
GetMonitorInfoA

advapi32

CryptDestroyHash
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
GetUserNameA
RegCreateKeyW
RegSetValueExA
RegQueryValueExA
RegDeleteValueA
CryptDestroyKey
CryptVerifySignatureA
CryptImportKey
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
RegOpenKeyExW
RegisterEventSourceW
ReportEventW
CryptReleaseContext
DeregisterEventSource

ws2_32

WSACreateEvent
WSAWaitForMultipleEvents
WSAResetEvent
WSAEnumNetworkEvents
WSASetEvent
sendto
getpeername
getprotobyname
recv
gethostbyname
WSACancelAsyncRequest
WSAAsyncGetHostByName
WSACloseEvent
WSAEventSelect
send
bind
select
__WSAFDIsSet
ntohs
freeaddrinfo
getsockopt
WSASocketA
WSASetLastError
setsockopt
ioctlsocket
gethostname
socket
WSAGetLastError
htons
connect
getsockname
inet_addr
WSAStartup
inet_ntoa
htonl
closesocket
ntohl
recvfrom
WSACleanup
WSAIoctl
getaddrinfo
getnameinfo
accept
listen
shutdown

kernel32

OpenEventA
InterlockedFlushSList
InterlockedPopEntrySList
InterlockedPushEntrySList
InitializeSListHead
GetThreadPriority
GetProcessAffinityMask
FlushConsoleInputBuffer
ExpandEnvironmentStringsA
VerifyVersionInfoA
SetThreadAffinityMask
SwitchToThread
GetProcessHeap
CreateFileA
WriteConsoleW
SetWaitableTimer
SetEnvironmentVariableA
CompareStringW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetTickCount
CreateWaitableTimerA
FreeEnvironmentStringsW
LCMapStringW
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetSystemDirectoryA
GetConsoleCP
GetFileType
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TerminateProcess
UnhandledExceptionFilter
GetLocaleInfoW
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
HeapCreate
GetVersion
HeapSetInformation
GetStdHandle
GetStartupInfoW
GetCommandLineA
ExitThread
DuplicateHandle
SetConsoleCtrlHandler
HeapSize
HeapQueryInformation
ExitProcess
EncodePointer
DecodePointer
RtlPcToFileHeader
HeapFree
GetEnvironmentStringsW
GetThreadLocale
SignalObjectAndWait
HeapReAlloc
HeapAlloc
RtlUnwindEx
SetErrorMode
GlobalMemoryStatus
VirtualQuery
GetFileTime
lstrlenA
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetFileSize
CreateMutexW
TerminateThread
GetTimeZoneInformation
GetLocalTime
FormatMessageA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
GetWindowsDirectoryW
ResetEvent
InitializeCriticalSection
IsDebuggerPresent
GetSystemTimeAsFileTime
SetThreadPriority
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
FlushInstructionCache
CreateSemaphoreW
GetDateFormatA
GetTimeFormatA
SleepEx
SetHandleInformation
SetEvent
SetDllDirectoryW
GetFullPathNameW
GetCurrentDirectoryA
GetVersionExA
GetModuleFileNameA
GetFileAttributesA
GetEnvironmentVariableA
OutputDebugStringA
GetCurrentThread
FileTimeToSystemTime
RtlCaptureContext
GetFileInformationByHandle
SuspendThread
GetThreadContext
PeekNamedPipe
GetDriveTypeA
FindFirstFileExA
ResumeThread
RtlLookupFunctionEntry
ReadConsoleInputA
SetConsoleMode
GetFullPathNameA
SetHandleCount
CreateSemaphoreA
CloseHandle
Sleep
WaitForSingleObjectEx
ReleaseSemaphore
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
CreateEventA
MultiByteToWideChar
GetProcAddress
FreeLibrary
GetModuleHandleW
LoadLibraryW
VirtualProtect
VirtualAlloc
VirtualFree
GetSystemInfo
GetLastError
WideCharToMultiByte
ReadFile
SetFilePointerEx
WriteFile
SetFilePointer
SetEndOfFile
GetFileAttributesExW
CreateFileW
SetFileAttributesW
GetFileAttributesW
CopyFileW
MoveFileExW
FindClose
FindNextFileW
FindFirstFileW
FindFirstFileExW
CreateDirectoryW
RemoveDirectoryW
DeleteFileW
SetFileTime
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceExA
GetModuleFileNameW
QueryPerformanceFrequency
QueryPerformanceCounter
LocalFree
FormatMessageW
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleHandleA
lstrcpynA
lstrcpyA
lstrcpynW
GetCommandLineW
CancelIo
GetOverlappedResult
CreateEventW
ExpandEnvironmentStringsW
CreateMutexA
GetCurrentThreadId
VerifyVersionInfoW
VerSetConditionMask
GetVersionExW
GlobalMemoryStatusEx
GetCurrentProcess
GetUserDefaultLangID
GetComputerNameW
GetTempPathW
LoadLibraryA
GetCurrentProcessId
SetUnhandledExceptionFilter
WaitForSingleObject
CreateThread
GetCurrentDirectoryW
OpenEventW
DebugBreak
SetLastError
RtlVirtualUnwind
GetDriveTypeW

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA

ole32

CoTaskMemFree
CoCreateGuid
StringFromGUID2
CoCreateInstance
CoSetProxyBlanket
CoInitialize
CoUninitialize
PropVariantClear
CoTaskMemAlloc

shlwapi

SHDeleteKeyW
PathCanonicalizeW
PathFileExistsW

shell32

CommandLineToArgvW
SHGetFolderPathW
SHFileOperationW
ShellExecuteW

opengl32

glColor4f
glColorPointer
glEnableClientState
glVertexPointer
glNormalPointer
glTexCoordPointer
glDisableClientState
glIsTexture
glLoadIdentity
glGetTexParameteriv
glTexSubImage2D
glPixelStorei
glCopyTexSubImage2D
glReadBuffer
glGetBooleanv
glGetError
glTexParameterf
glDrawElements
glDrawArrays
glGetIntegerv
glGenTextures
glBindTexture
glTexImage2D
glTexParameteri
glReadPixels
glDeleteTextures
glFinish
glDrawBuffer
glScissor
glViewport
glGetFloatv
glMultMatrixf
glMatrixMode
glLoadMatrixf
glPolygonMode
glFrontFace
glClearColor
glClearDepth
glClearStencil
glClear
glStencilMask
glDepthFunc
glDepthMask
glCullFace
glPolygonOffset
glColorMask
glDisable
glBlendFunc
glEnable
glGetString
wglGetCurrentDC
wglGetCurrentContext
wglCreateContext
wglDeleteContext
wglShareLists
wglGetProcAddress
wglMakeCurrent

winmm

waveOutPrepareHeader
waveInReset
waveInClose
waveInOpen
waveInStart
waveInGetDevCapsW
waveInGetDevCapsA
waveInUnprepareHeader
waveInPrepareHeader
waveInAddBuffer
timeGetTime
timeEndPeriod
timeBeginPeriod
waveInGetNumDevs
waveOutGetNumDevs
waveOutGetDevCapsA
waveOutGetDevCapsW
waveOutClose
waveOutOpen
waveOutUnprepareHeader
waveOutWrite
waveOutReset
waveOutGetPosition

oleaut32

VariantChangeType
VariantClear
VariantInit
SysFreeString
SysAllocString

imm32

ImmSetCompositionStringW
ImmReleaseContext
ImmAssociateContext
ImmAssociateContextEx
ImmGetConversionStatus
ImmSetOpenStatus
ImmGetCompositionStringW
ImmGetContext

dnsapi

DnsFree
DnsQuery_A

iphlpapi

GetIpAddrTable

winhttp

WinHttpGetIEProxyConfigForCurrentUser

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 14.8MB - Virtual size: 14.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 662KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 774KB - Virtual size: 774KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.trace
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data1
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 554KB - Virtual size: 553KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db4db9a98469d5f98cf3940967ab0c8c

Headers

DLL Characteristics

File Characteristics

Imports

hid

gdi32

user32

advapi32

ws2_32

kernel32

version

ole32

shlwapi

shell32

opengl32

winmm

oleaut32

imm32

dnsapi

iphlpapi

winhttp

Exports

Exports

Sections

.text Size: 14.8MB - Virtual size: 14.8MB

.rdata Size: 2.8MB - Virtual size: 2.8MB

.data Size: 662KB - Virtual size: 1.5MB

.pdata Size: 774KB - Virtual size: 774KB

text Size: 12KB - Virtual size: 11KB

data Size: 26KB - Virtual size: 25KB

.trace Size: 3KB - Virtual size: 2KB

.data1 Size: 512B - Virtual size: 64B

_RDATA Size: 4KB - Virtual size: 4KB

.rsrc Size: 554KB - Virtual size: 553KB

.reloc Size: 158KB - Virtual size: 158KB

.text
Size: 14.8MB - Virtual size: 14.8MB

.rdata
Size: 2.8MB - Virtual size: 2.8MB

.data
Size: 662KB - Virtual size: 1.5MB

.pdata
Size: 774KB - Virtual size: 774KB

text
Size: 12KB - Virtual size: 11KB

data
Size: 26KB - Virtual size: 25KB

.trace
Size: 3KB - Virtual size: 2KB

.data1
Size: 512B - Virtual size: 64B

_RDATA
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 554KB - Virtual size: 553KB

.reloc
Size: 158KB - Virtual size: 158KB