2c02d96e6ce2b11a30e6dd2b47dded98537203251dbf5442f8ff009a8d6e479f

Sharing

Copy URL Twitter E-mail

General

Target

2c02d96e6ce2b11a30e6dd2b47dded98537203251dbf5442f8ff009a8d6e479f
Size

872KB
MD5

b4f1a1c3198149f69aecdf7ce1cf6e6d
SHA1

c526ea69a8e4ce129792625154d55ec5eca8c113
SHA256

2c02d96e6ce2b11a30e6dd2b47dded98537203251dbf5442f8ff009a8d6e479f
SHA512

e6905ba040f8e36d9ace861022bdcdec7f26d9c1e314f91d18d5b33917b74d11ada798bb7555616a20fa7a23a758cf6e2d0ceed8f0b1e7035268015fbe31ae72
SSDEEP

24576:Ft+YfwTjBvg3YQG5yro/xZ+U/kazGhc2gBglgggcgKgggYgbgNgLgwCgxgWgcg7s:Ft+YfwTjBvQoyXdazf2k/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c02d96e6ce2b11a30e6dd2b47dded98537203251dbf5442f8ff009a8d6e479f

Files

2c02d96e6ce2b11a30e6dd2b47dded98537203251dbf5442f8ff009a8d6e479f
.exe windows x86

facbfa307ee91c74e8bf12903c675494

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
ExitThread
lstrcatA
lstrlenA
WaitForMultipleObjects
CreateEventA
MapViewOfFile
OpenFileMappingA
GetCurrentProcessId
DeleteFileA
GetTickCount
TerminateThread
CreateToolhelp32Snapshot
SetFilePointer
VirtualAlloc
ReleaseMutex
CreateDirectoryA
Sleep
VirtualProtect
VirtualFree
ReadFile
HeapFree
HeapAlloc
GetProcessHeap
WriteFile
CreateFileA
lstrcpyA
LoadLibraryA
GetOEMCP
WideCharToMultiByte
GetProcAddress
HeapReAlloc
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
GetFileType
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
GetLastError
GetCurrentProcess
ExitProcess
GetLocalTime
GetSystemTime
GetTimeZoneInformation
GetSystemInfo
HeapCreate
HeapDestroy
SetHandleCount
GetStdHandle
SetEndOfFile
HeapSize
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
CloseHandle
GetModuleFileNameA
MultiByteToWideChar
GlobalLock
GetACP
GlobalUnlock
IsDBCSLeadByte
Process32First
Process32Next
SetEnvironmentVariableA
CompareStringW
CompareStringA
FreeEnvironmentStringsA
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsW
GetCPInfo
OpenProcess
TerminateProcess
GetEnvironmentStrings
FlushFileBuffers
SetStdHandle
RtlUnwind
GetEnvironmentStringsW

user32

SetWindowTextA
RegisterClassA
LoadCursorA
LoadIconA
UpdateWindow
SetWindowPos
SetWindowLongA
CreateWindowExA
CloseClipboard
TranslateMessage
ShowWindow
AdjustWindowRectEx
SetRect
DispatchMessageA
BeginPaint
EndPaint
GetKeyState
LoadImageA
SetFocus
GetWindowRect
GetSystemMetrics
SetWindowRgn
GetWindowLongA
InvalidateRect
SetTimer
KillTimer
GetAsyncKeyState
DestroyWindow
PostQuitMessage
GetClientRect
OffsetRect
SendMessageA
DefWindowProcA
PeekMessageA
MessageBoxA
ReleaseDC
GetClipboardData
OpenClipboard
GetKeyboardLayout
GetDC
ClientToScreen
PostMessageA
ShowCursor
wsprintfA

gdi32

DeleteDC
CreateCompatibleDC
BitBlt
CreateFontA
GetDeviceCaps
TextOutA
SetTextColor
DeleteObject
SetBkMode
GetStockObject
SelectObject
CreateCompatibleBitmap
CreateRectRgn

ddraw

DirectDrawCreate

dsound

ord1

winmm

mciSendCommandA
timeGetTime
mmioRead
mmioDescend
mmioOpenA
mmioClose
mmioAscend

dinput

DirectInputCreateA

wsock32

closesocket
send
WSAGetLastError
__WSAFDIsSet
recv
select
WSAStartup
WSACleanup
connect
gethostbyname
ioctlsocket
htons
inet_ntoa
recvfrom
sendto
socket
setsockopt

imm32

ImmAssociateContext
ImmCreateContext
ImmDestroyContext
ImmGetOpenStatus
ImmGetProperty
ImmSetOpenStatus
ImmGetConversionStatus
ImmGetDescriptionA
ImmIsIME
ImmGetCandidateListA
ImmGetCompositionStringA

Sections

.text
Size: 620KB - Virtual size: 616KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 232KB - Virtual size: 74.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

facbfa307ee91c74e8bf12903c675494

Headers

File Characteristics

Imports

kernel32

user32

gdi32

ddraw

dsound

winmm

dinput

wsock32

imm32

Sections

.text Size: 620KB - Virtual size: 616KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 232KB - Virtual size: 74.1MB

.rsrc Size: 8KB - Virtual size: 5KB

.text
Size: 620KB - Virtual size: 616KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 232KB - Virtual size: 74.1MB

.rsrc
Size: 8KB - Virtual size: 5KB