3ca57f132818b1255a0d7c62dc0e00319f028211438c618176c75d0081774b8a

Sharing

Copy URL Twitter E-mail

General

Target

3ca57f132818b1255a0d7c62dc0e00319f028211438c618176c75d0081774b8a
Size

2.0MB
MD5

2375b1178ddb27aff03be8f853de37b1
SHA1

ec6040ca94f25dc5351c2161d502bdf03249a096
SHA256

3ca57f132818b1255a0d7c62dc0e00319f028211438c618176c75d0081774b8a
SHA512

dbcc29ae5d3b1cbc148e3e42fae917c8f41e90a1bd5c096bb26c866d1ffb664c676c857fe902ea289b0bc0964d92a1967ba898c7c0c234cbd1ae20b17c108299
SSDEEP

24576:mpM8j7ZmqsIgT4IP0jdU/lsRtiB2exo46i2dSFp:mm8EqNgTMaMeFcyp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ca57f132818b1255a0d7c62dc0e00319f028211438c618176c75d0081774b8a

Files

3ca57f132818b1255a0d7c62dc0e00319f028211438c618176c75d0081774b8a
.exe windows x86

618072f8008a93747b8b08cc8ee51033

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ddraw

DirectDrawCreateEx

dinput

DirectInputCreateA

dsound

ord1

user32

SetRectEmpty
SetPropA
UnregisterClassA
MessageBoxA
GetClassInfoA
RegisterClassA
LoadCursorA
SetCursor
PtInRect
SendMessageA
wsprintfA
DispatchMessageA
TranslateMessage
PeekMessageA
CharNextExA
SetWindowLongA
CallWindowProcA
GetKeyState
CloseClipboard
SetClipboardData
SetRect
ReleaseDC
GetDC
SetWindowPos
OffsetRect
ClientToScreen
GetClientRect
CopyRect
DrawTextA
SetFocus
UpdateWindow
ShowWindow
MoveWindow
AdjustWindowRect
GetWindowRect
CreateWindowExA
EmptyClipboard
DestroyCursor
LoadStringA
LoadAcceleratorsA
GetMessageA
PostQuitMessage
PostMessageA
LoadIconA
GetSystemMetrics
DefWindowProcA
GetCursorPos
GetPropA
GetClipboardData
RemovePropA
CharPrevExA
OpenClipboard

imm32

ImmGetConversionStatus
ImmNotifyIME
ImmGetCandidateListA
ImmGetCompositionStringA
ImmGetContext
ImmSetConversionStatus
ImmReleaseContext

ws2_32

inet_addr
WSAEventSelect
WSACreateEvent
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAResetEvent
WSAGetLastError
WSACleanup
setsockopt
htons
WSAStartup
shutdown
socket
connect
send
recv

gdi32

DeleteObject
TextOutA
GetTextMetricsA
GetStockObject
SetBkColor
Rectangle
CreatePen
CreateSolidBrush
MoveToEx
LineTo
SetBkMode
GetTextExtentPoint32A
SelectObject
SetTextColor
DeleteDC
StretchDIBits
CreateICA
CreateFontA
GetDeviceCaps

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA

wininet

InternetGetLastResponseInfoA
HttpSendRequestA
InternetFindNextFileA
FtpFindFirstFileA
FtpSetCurrentDirectoryA
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetReadFile
FtpOpenFileA
HttpOpenRequestA
InternetQueryDataAvailable

ole32

CreateStreamOnHGlobal
CoInitialize
CoCreateInstance
CLSIDFromString
CoUninitialize

oleaut32

SysFreeString
SafeArrayAccessData
VariantInit
SysAllocString
SafeArrayUnaccessData
VariantClear
SysAllocStringLen
OleLoadPicture
SafeArrayCreate
GetErrorInfo

shlwapi

PathAddBackslashA
PathRemoveFileSpecA

winmm

timeGetTime

kernel32

GetModuleFileNameA
HeapSize
GetEnvironmentVariableA
SetLastError
TlsAlloc
CompareStringW
CompareStringA
HeapCreate
HeapDestroy
LCMapStringA
GetCurrentProcess
TerminateProcess
HeapReAlloc
ExitProcess
GetVersion
GetCommandLineA
FlushFileBuffers
GetACP
GetStdHandle
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringW
GetCPInfo
FreeEnvironmentStringsW
GetTimeZoneInformation
HeapFree
ExitThread
TlsGetValue
TlsSetValue
GetCurrentThreadId
FileTimeToLocalFileTime
FileTimeToSystemTime
RaiseException
HeapAlloc
RtlUnwind
InterlockedExchange
CreateMutexA
GetVersionExA
GetFileAttributesA
GlobalMemoryStatus
InterlockedDecrement
GetOEMCP
GetLastError
FreeEnvironmentStringsA
SetHandleCount
GetEnvironmentStrings
GetEnvironmentStringsW
GetStartupInfoA
GetFileType
IsBadReadPtr
SetStdHandle
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetStringTypeW
GetSystemTime
GetLocalTime
IsBadCodePtr
LoadLibraryA
SetEnvironmentVariableA
SetEndOfFile
GetLocaleInfoW
InterlockedIncrement
WideCharToMultiByte
lstrlenA
SuspendThread
ResumeThread
ResetEvent
CreateEventA
WaitForMultipleObjects
SetEvent
WaitForSingleObject
TerminateThread
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetExitCodeThread
CreateThread
LocalFree
GetModuleHandleA
GetProcAddress
GetDiskFreeSpaceA
GetPrivateProfileStringA
WritePrivateProfileSectionA
WriteFile
GetFileSize
FindResourceA
LoadResource
LockResource
SetFilePointer
CreateDirectoryA
GlobalAlloc
GetPrivateProfileIntA
MoveFileA
SetThreadPriority
RemoveDirectoryA
DeleteFileA
SetFileAttributesA
MultiByteToWideChar
ReadFile
CreateFileA
CloseHandle
WritePrivateProfileStringA
FindNextFileA
FindFirstFileA
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
FindClose
GlobalUnlock
SetCurrentDirectoryA
GetCurrentDirectoryA
MulDiv
GlobalLock

Sections

.text
Size: 816KB - Virtual size: 812KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 948KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

618072f8008a93747b8b08cc8ee51033

Headers

File Characteristics

Imports

ddraw

dinput

dsound

user32

imm32

ws2_32

gdi32

advapi32

wininet

ole32

oleaut32

shlwapi

winmm

kernel32

Sections

.text Size: 816KB - Virtual size: 812KB

.rdata Size: 56KB - Virtual size: 53KB

.data Size: 948KB - Virtual size: 1.1MB

.rsrc Size: 180KB - Virtual size: 178KB

.text
Size: 816KB - Virtual size: 812KB

.rdata
Size: 56KB - Virtual size: 53KB

.data
Size: 948KB - Virtual size: 1.1MB

.rsrc
Size: 180KB - Virtual size: 178KB