Client[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Client.exe
Size

3.1MB
MD5

34c99879599fc0adf911e45dfcd069f1
SHA1

a0c12061e3060d5c6d41943ad492e035286cb69a
SHA256

e6b82a11c948adb73496af735d8a76c916113647378c08edc4dc46077165a46f
SHA512

cb0af43575040082d56b5a1329b8ee8ab1bbc1a552b5abb6d6efea375f5a42fc7bbb3d7b1887c2d182af56e5e3dbc7b0e9c04d71ae5cbcdac0770e367800aab5
SSDEEP

49152:9HjDMP2I+lme0B/+nIhSKujidq4TfLNxR7nEYdDrED:hjoym5Zaidq4XDNnxdP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Client.exe

Files

Client.exe
.exe windows x86

a91a8933929d6a876ae7d04db7a5fc15

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

htonl
socket
connect
closesocket
recv
bind
listen
accept
recvfrom
sendto
htons
send
setsockopt
inet_ntoa
WSACleanup
WSAStartup
gethostname
__WSAFDIsSet
gethostbyname
ntohs
ntohl
select
WSAGetLastError

comctl32

ord17

ddraw

DirectDrawCreate

dsound

ord1

winmm

midiOutSetVolume
timeSetEvent
mmioOpenA
mmioSetBuffer
mciSendCommandA
timeGetDevCaps
timeBeginPeriod
timeEndPeriod
mmioSeek
timeGetTime
midiOutGetDevCapsA
timeKillEvent
midiOutGetVolume
mmioRead
mmioClose

igrping

?SendPingMessage@@YA_NPADH00H@Z

binkw32

_BinkDoFrame@4
_BinkClose@4
_BinkSetSoundSystem@8
_BinkOpenDirectSound@4
_BinkDDSurfaceType@4
_BinkOpen@8
_BinkNextFrame@4
_BinkCopyToBuffer@28
_BinkWait@4

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

GetStringTypeA
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetConsoleMode
GetConsoleCP
SetConsoleCtrlHandler
FatalAppExitA
IsValidCodePage
GetOEMCP
GetFileType
GetStdHandle
SetHandleCount
HeapSize
Sleep
GetProfileStringA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateMutexA
WaitForSingleObject
ReleaseMutex
CloseHandle
ResumeThread
SetThreadPriority
CreateThread
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
WinExec
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
QueryPerformanceCounter
QueryPerformanceFrequency
GetFileSize
CreateFileA
GetSystemInfo
DeviceIoControl
GetLogicalDriveStringsA
GlobalMemoryStatus
GetTimeZoneInformation
ExitProcess
lstrlenA
GetLastError
GetCurrentDirectoryA
GetModuleFileNameA
GetCommandLineA
TerminateProcess
CopyFileA
GetSystemTimeAsFileTime
FindClose
FindFirstFileA
WideCharToMultiByte
FindFirstFileW
CreateDirectoryA
CreateDirectoryW
SystemTimeToFileTime
GetSystemTime
MultiByteToWideChar
GetStringTypeW
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcessId
GetTickCount
lstrcmpiA
WriteFile
ReadFile
SetFilePointer
CreateProcessA
MoveFileA
DeleteFileA
SetFileAttributesA
HeapFree
GetProcessHeap
HeapAlloc
OpenFileMappingA
SetCurrentDirectoryA
GetCurrentThread
GetProcessAffinityMask
GetCurrentProcess
GetThreadPriority
OpenMutexA
GlobalFree
GlobalAlloc
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
FlushViewOfFile
GetVersion
GlobalUnlock
GlobalLock
GetACP
IsDBCSLeadByte
GetModuleHandleA
SetUnhandledExceptionFilter
GetFileSizeEx
SetFilePointerEx
FindNextFileA
GetFileInformationByHandle
GetFileTime
FileTimeToDosDateTime
lstrcpyA
IsBadStringPtrA
LocalFree
FileTimeToLocalFileTime
FormatMessageA
VirtualQuery
UnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
InterlockedCompareExchange
GetFileAttributesA
FileTimeToSystemTime
GetDriveTypeA
ExitThread
GetStartupInfoA
GetTimeFormatA
GetDateFormatA
LCMapStringA
LCMapStringW
GetCPInfo
TlsGetValue
GetFullPathNameA
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEvent
CreateEventA
ResetEvent
GlobalMemoryStatusEx
SetProcessAffinityMask
QueueUserAPC
GetExitCodeThread
SetThreadIdealProcessor
SuspendThread
SleepEx
DuplicateHandle
CreateSemaphoreA
ReleaseSemaphore
InterlockedExchangeAdd
GetExitCodeProcess
TryEnterCriticalSection

user32

DefFrameProcA
DefMDIChildProcA
PostQuitMessage
SetCursor
MoveWindow
SetWindowPos
GetWindowRect
IsChild
SetTimer
KillTimer
EndPaint
BeginPaint
SetActiveWindow
GetMessageA
wsprintfA
InflateRect
FrameRect
GetMenuItemID
GetClipboardData
IsClipboardFormatAvailable
AdjustWindowRectEx
SetMenu
GetDlgItemTextA
SetDlgItemTextA
MessageBoxW
GetActiveWindow
ReleaseCapture
SetCapture
GetFocus
CreateWindowExW
RegisterClassW
GetWindowDC
GetWindowTextW
GetParent
CallWindowProcA
GetTopWindow
EndDialog
SetWindowTextW
SetScrollRange
SetScrollPos
GetWindowLongA
DestroyWindow
SetWindowLongA
GetWindow
LoadBitmapA
LoadIconA
FindWindowA
TranslateMessage
DispatchMessageA
IsDialogMessageA
TranslateMDISysAccel
TranslateAcceleratorA
LoadAcceleratorsA
SetWindowTextA
GetDlgItem
CreateDialogParamA
DialogBoxParamA
InvalidateRect
GetMenuState
GetMenu
CheckMenuItem
SetWindowPlacement
GetWindowPlacement
GetClientRect
SendMessageA
GetMenuItemCount
GetMenuStringA
GetSubMenu
LoadMenuA
LoadCursorA
CreateWindowExA
UpdateWindow
RegisterClassA
GetClassNameA
ClientToScreen
FillRect
GetWindowTextA
ScreenToClient
MapVirtualKeyA
SetFocus
MessageBoxA
GetDesktopWindow
CreatePopupMenu
AppendMenuA
GetCursorPos
ShowCursor
TrackPopupMenu
PeekMessageA
DefWindowProcW
DefWindowProcA
GetAsyncKeyState
ShowWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetKeyState
IsZoomed
GetDC
ReleaseDC
GetKeyNameTextA
GetDoubleClickTime
GetSystemMetrics
DestroyMenu
IsWindowUnicode

gdi32

Rectangle
CreatePen
CreateBitmap
GetObjectA
GetPaletteEntries
MoveToEx
CreateSolidBrush
SetBitmapBits
CreateFontA
GetTextExtentPoint32A
SetBkMode
GetDeviceCaps
LineTo
RealizePalette
BitBlt
CreatePalette
TextOutA
ExtTextOutA
SetBkColor
SetTextColor
CreateDIBSection
CreateFontIndirectA
DeleteObject
SelectObject
GdiFlush
CreateCompatibleDC
GetStockObject
DeleteDC
SelectPalette

comdlg32

GetSaveFileNameA
CommDlgExtendedError
GetOpenFileNameA
ChooseFontA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExW
GetUserNameA

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation

ole32

CoInitialize
CoUninitialize

dbghelp

SymCleanup
SymGetModuleBase
SymGetLineFromAddr
SymFunctionTableAccess
SymGetTypeInfo
StackWalk
SymSetOptions
SymInitialize
SymSetContext
SymEnumSymbols
SymFromAddr

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 424KB - Virtual size: 421KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 276KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

uva_data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

LBMPEG_D
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debuu
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a91a8933929d6a876ae7d04db7a5fc15

Headers

File Characteristics

Imports

wsock32

comctl32

ddraw

dsound

winmm

igrping

binkw32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

dbghelp

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 424KB - Virtual size: 421KB

.data Size: 276KB - Virtual size: 3.5MB

uva_data Size: 16KB - Virtual size: 15KB

LBMPEG_D Size: 4KB - Virtual size: 1024B

.debuu Size: 52KB - Virtual size: 51KB

.rsrc Size: 24KB - Virtual size: 23KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 424KB - Virtual size: 421KB

.data
Size: 276KB - Virtual size: 3.5MB

uva_data
Size: 16KB - Virtual size: 15KB

LBMPEG_D
Size: 4KB - Virtual size: 1024B

.debuu
Size: 52KB - Virtual size: 51KB

.rsrc
Size: 24KB - Virtual size: 23KB