client[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

client.exe
Size

3.4MB
MD5

038ed95730e8614529982dd24e31c31f
SHA1

bf73780608a1275398961a9be3a6d3c2fa7e2368
SHA256

7e4d99ac71873d560de212a20b1744aedc005375ba7aec153ae4bf45a6b15144
SHA512

3332738ce3e5db041999dfabf0e4af01c8f953a68086df52c1c13bc0025a4c93c7f9581f9da962a454f596d4abc3be8510e6628874099667f2073df9c8375cc0
SSDEEP

49152:u2jBpWWRWbMheU3jhR1Ml7E4r3+HlCrq/aiWu6:pj2OD3Kl7EOOUy/i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
client.exe

Files

client.exe
.exe windows x86

3876d3e85a584edce9763ecc34509a79

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

__WSAFDIsSet
select
ntohl
ntohs
gethostbyname
gethostname
WSAStartup
WSACleanup
inet_ntoa
setsockopt
send
htons
closesocket
connect
socket
htonl
WSAGetLastError
recv
bind
listen
recvfrom
accept
sendto

comctl32

ord17

ddraw

DirectDrawCreate

dsound

ord1

winmm

timeSetEvent
timeKillEvent
midiOutSetVolume
mciSendCommandA
midiOutGetDevCapsA
midiOutGetVolume
mmioClose
mmioOpenA
mmioSetBuffer
mmioRead
mmioSeek
timeGetTime
timeEndPeriod
timeBeginPeriod
timeGetDevCaps

igrping

?SendPingMessage@@YA_NPADH00H@Z

binkw32

_BinkCopyToBuffer@28
_BinkNextFrame@4
_BinkOpen@8
_BinkDDSurfaceType@4
_BinkOpenDirectSound@4
_BinkSetSoundSystem@8
_BinkWait@4
_BinkClose@4
_BinkDoFrame@4

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

HeapReAlloc
VirtualAlloc
FatalAppExitA
VirtualFree
HeapCreate
HeapDestroy
IsValidCodePage
GetOEMCP
GetFileType
GetStdHandle
SetHandleCount
HeapSize
ResetEvent
SetEvent
GetCurrentThreadId
FileTimeToLocalFileTime
Sleep
GetProfileStringA
GetLocaleInfoA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateMutexA
WaitForSingleObject
ReleaseMutex
CloseHandle
ResumeThread
SetThreadPriority
CreateThread
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
WinExec
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
QueryPerformanceCounter
QueryPerformanceFrequency
GetFileSize
CreateFileA
GetSystemInfo
DeviceIoControl
GetLogicalDriveStringsA
GlobalMemoryStatus
GetTimeZoneInformation
ExitProcess
lstrlenA
GetLastError
GetCurrentDirectoryA
GetModuleFileNameA
GetCommandLineA
FlushFileBuffers
FlushViewOfFile
TerminateProcess
CopyFileA
GetSystemTimeAsFileTime
FindClose
FindFirstFileA
WideCharToMultiByte
FindFirstFileW
CreateDirectoryA
CreateDirectoryW
CreateEventA
GetSystemTime
MultiByteToWideChar
GetExitCodeProcess
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcessId
GetTickCount
lstrcmpiA
WriteFile
ReadFile
SetFilePointer
CreateProcessA
MoveFileA
DeleteFileA
SetFileAttributesA
HeapFree
GetProcessHeap
HeapAlloc
OpenFileMappingA
SetCurrentDirectoryA
GetCurrentThread
GetProcessAffinityMask
GetCurrentProcess
GetThreadPriority
OpenMutexA
GlobalFree
GlobalAlloc
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetVersion
GlobalUnlock
GlobalLock
GetACP
IsDBCSLeadByte
GetModuleHandleA
SetUnhandledExceptionFilter
GetFileTime
FileTimeToDosDateTime
lstrcpyA
LocalFree
IsBadStringPtrA
GetFileInformationByHandle
FindNextFileA
SetFilePointerEx
GetFileSizeEx
TryEnterCriticalSection
UnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetFileAttributesA
VirtualQuery
FileTimeToSystemTime
GetDriveTypeA
ExitThread
GetStartupInfoA
GetTimeFormatA
GetDateFormatA
LCMapStringA
LCMapStringW
GetCPInfo
CompareStringA
GlobalMemoryStatusEx
GetExitCodeThread
SetThreadIdealProcessor
DuplicateHandle
TlsAlloc
TlsGetValue
CompareStringW
GetStringTypeA
GetStringTypeW
TlsFree
SetLastError
SleepEx
TlsSetValue
RaiseException
QueueUserAPC
SuspendThread
CreateSemaphoreA
SetConsoleCtrlHandler
GetConsoleCP
GetConsoleMode
GetFullPathNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
FormatMessageA
SetStdHandle
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileW
SetEndOfFile
SetEnvironmentVariableA
SetProcessAffinityMask
ReleaseSemaphore
InterlockedExchangeAdd
SystemTimeToFileTime
InterlockedCompareExchange

user32

GetTopWindow
DefFrameProcA
DefMDIChildProcA
PostQuitMessage
SetCursor
MoveWindow
SetWindowPos
GetActiveWindow
GetWindowRect
IsChild
SetTimer
KillTimer
EndPaint
BeginPaint
SetActiveWindow
GetMessageA
wsprintfA
InflateRect
FrameRect
GetMenuItemID
GetClipboardData
IsClipboardFormatAvailable
AdjustWindowRectEx
SetMenu
GetDlgItemTextA
SetDlgItemTextA
MessageBoxW
ReleaseCapture
SetCapture
GetFocus
CreateWindowExW
RegisterClassW
GetWindowDC
CallWindowProcA
FillRect
EndDialog
GetClassNameA
SetScrollRange
SetScrollPos
GetWindowLongA
DestroyWindow
SetWindowLongA
GetWindow
LoadBitmapA
LoadIconA
FindWindowA
DispatchMessageA
IsDialogMessageA
TranslateMDISysAccel
TranslateAcceleratorA
LoadAcceleratorsA
SetWindowTextA
GetDlgItem
CreateDialogParamA
DialogBoxParamA
InvalidateRect
GetMenuState
GetMenu
CheckMenuItem
SetWindowPlacement
GetWindowPlacement
GetClientRect
SendMessageA
GetMenuItemCount
GetMenuStringA
GetSubMenu
LoadMenuA
LoadCursorA
CreateWindowExA
UpdateWindow
RegisterClassA
ScreenToClient
MapVirtualKeyA
SetFocus
ClientToScreen
GetWindowTextA
GetWindowTextW
SetWindowTextW
GetParent
MessageBoxA
GetDesktopWindow
CreatePopupMenu
AppendMenuA
GetCursorPos
ShowCursor
TrackPopupMenu
PeekMessageA
IsWindowUnicode
DefWindowProcW
GetAsyncKeyState
ShowWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetKeyState
IsZoomed
GetDC
ReleaseDC
GetKeyNameTextA
GetDoubleClickTime
GetSystemMetrics
DestroyMenu
DefWindowProcA
TranslateMessage

gdi32

MoveToEx
Rectangle
CreatePen
GetObjectA
GetPaletteEntries
LineTo
CreateSolidBrush
SetBitmapBits
CreateFontA
GetTextExtentPoint32A
SetBkMode
CreateBitmap
RealizePalette
BitBlt
CreatePalette
GetDeviceCaps
TextOutA
ExtTextOutA
SetBkColor
SetTextColor
CreateDIBSection
CreateFontIndirectA
DeleteObject
SelectObject
GdiFlush
DeleteDC
GetStockObject
SelectPalette
CreateCompatibleDC

comdlg32

ChooseFontA
CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA

advapi32

RegCloseKey
RegQueryValueExA
GetUserNameA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExW

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA

ole32

CoInitialize
CoUninitialize

dbghelp

SymSetContext
SymFromAddr
SymInitialize
StackWalk
SymSetOptions
SymEnumSymbols
SymFunctionTableAccess
SymGetLineFromAddr
SymCleanup
SymGetTypeInfo
SymGetModuleBase

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 452KB - Virtual size: 450KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 300KB - Virtual size: 24.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

uva_data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

LBMPEG_D
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debuu
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3876d3e85a584edce9763ecc34509a79

Headers

File Characteristics

Imports

wsock32

comctl32

ddraw

dsound

winmm

igrping

binkw32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

dbghelp

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 452KB - Virtual size: 450KB

.data Size: 300KB - Virtual size: 24.5MB

uva_data Size: 16KB - Virtual size: 15KB

LBMPEG_D Size: 4KB - Virtual size: 1024B

.debuu Size: 52KB - Virtual size: 51KB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 452KB - Virtual size: 450KB

.data
Size: 300KB - Virtual size: 24.5MB

uva_data
Size: 16KB - Virtual size: 15KB

LBMPEG_D
Size: 4KB - Virtual size: 1024B

.debuu
Size: 52KB - Virtual size: 51KB

.rsrc
Size: 8KB - Virtual size: 4KB