client_tc[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

client_tc.exe
Size

3.2MB
MD5

a005dd5a216db01d3f9d167c7db979a0
SHA1

4a999d41f9a9b3955551dedc3d153ad17bd81fc6
SHA256

6507e703b0ae65fa7ba174f53f86317ac3b736f0b12c1a8e86240b4cb03b5146
SHA512

3c5b41319cf58ed4a78cc99a8d10de30ea04f033bdb7f4314bd14b6d60ba3e25514e3a0022471eeb492c264336d2e6e0fa0c8465dcbc27b602bf362e393245b0
SSDEEP

49152:wAuzvilfC/OUivSuLAlWSlIYJO1Jqf+Jo6SCgDbFpPQtVZBSwQX:wACmCNxlkHqf+PShbFpqr83

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
client_tc.exe

Files

client_tc.exe
.exe windows x86

70c0e54181e0706199724de41c0ddf56

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

htonl
socket
connect
closesocket
recv
bind
listen
accept
recvfrom
sendto
htons
send
setsockopt
inet_ntoa
WSACleanup
WSAStartup
gethostname
__WSAFDIsSet
gethostbyname
ntohs
ntohl
select
WSAGetLastError

comctl32

ord17

ddraw

DirectDrawCreate

dsound

ord1

winmm

midiOutSetVolume
timeSetEvent
mmioOpenA
mmioSetBuffer
mciSendCommandA
timeGetDevCaps
timeBeginPeriod
timeEndPeriod
mmioSeek
timeGetTime
midiOutGetDevCapsA
timeKillEvent
midiOutGetVolume
mmioRead
mmioClose

igrping

?SendPingMessage@@YA_NPADH00H@Z

binkw32

_BinkDoFrame@4
_BinkClose@4
_BinkSetSoundSystem@8
_BinkOpenDirectSound@4
_BinkDDSurfaceType@4
_BinkOpen@8
_BinkNextFrame@4
_BinkCopyToBuffer@28
_BinkWait@4

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetConsoleMode
GetConsoleCP
SetConsoleCtrlHandler
FatalAppExitA
IsValidCodePage
GetOEMCP
GetFileType
GetStdHandle
SetHandleCount
HeapSize
GetCurrentThreadId
Sleep
GetProfileStringA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateMutexA
WaitForSingleObject
ReleaseMutex
CloseHandle
ResumeThread
SetThreadPriority
CreateThread
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
WinExec
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
QueryPerformanceCounter
QueryPerformanceFrequency
GetFileSize
CreateFileA
GetSystemInfo
DeviceIoControl
GetLogicalDriveStringsA
GlobalMemoryStatus
GetTimeZoneInformation
ExitProcess
lstrlenA
GetLastError
GetCurrentDirectoryA
GetModuleFileNameA
GetCommandLineA
FlushFileBuffers
FlushViewOfFile
TerminateProcess
CopyFileA
GetSystemTimeAsFileTime
FindClose
FindFirstFileA
WideCharToMultiByte
FindFirstFileW
CreateDirectoryA
CreateDirectoryW
SystemTimeToFileTime
GetStringTypeA
MultiByteToWideChar
GetExitCodeProcess
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcessId
GetTickCount
lstrcmpiA
WriteFile
ReadFile
SetFilePointer
CreateProcessA
MoveFileA
DeleteFileA
SetFileAttributesA
HeapFree
GetProcessHeap
HeapAlloc
OpenFileMappingA
SetCurrentDirectoryA
GetCurrentThread
GetProcessAffinityMask
GetCurrentProcess
GetThreadPriority
OpenMutexA
GlobalFree
GlobalAlloc
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetVersion
GlobalUnlock
GlobalLock
GetACP
IsDBCSLeadByte
GetModuleHandleA
SetUnhandledExceptionFilter
GetFileInformationByHandle
GetFileSizeEx
SetFilePointerEx
FileTimeToDosDateTime
lstrcpyA
IsBadStringPtrA
LocalFree
FileTimeToLocalFileTime
FormatMessageA
VirtualQuery
GetFileTime
InterlockedCompareExchange
UnhandledExceptionFilter
IsDebuggerPresent
RaiseException
FindNextFileA
RtlUnwind
GetFileAttributesA
FileTimeToSystemTime
GetDriveTypeA
ExitThread
GetStartupInfoA
GetTimeFormatA
GetDateFormatA
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeW
GetFullPathNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEvent
CreateEventA
ResetEvent
GlobalMemoryStatusEx
SetProcessAffinityMask
QueueUserAPC
GetExitCodeThread
SetThreadIdealProcessor
SuspendThread
SleepEx
DuplicateHandle
CreateSemaphoreA
ReleaseSemaphore
InterlockedExchangeAdd
GetSystemTime
TryEnterCriticalSection

user32

GetTopWindow
DefFrameProcA
DefMDIChildProcA
PostQuitMessage
SetCursor
MoveWindow
SetWindowPos
GetActiveWindow
GetWindowRect
IsChild
SetTimer
KillTimer
EndPaint
BeginPaint
SetActiveWindow
GetMessageA
wsprintfA
InflateRect
FrameRect
GetMenuItemID
GetClipboardData
IsClipboardFormatAvailable
AdjustWindowRectEx
SetMenu
GetDlgItemTextA
SetDlgItemTextA
MessageBoxW
ReleaseCapture
SetCapture
GetFocus
CreateWindowExW
RegisterClassW
GetWindowDC
GetParent
CallWindowProcA
FillRect
GetClassNameA
SetWindowTextW
SetScrollRange
SetScrollPos
GetWindowLongA
DestroyWindow
SetWindowLongA
GetWindow
LoadBitmapA
LoadIconA
FindWindowA
TranslateMessage
DispatchMessageA
IsDialogMessageA
TranslateMDISysAccel
TranslateAcceleratorA
LoadAcceleratorsA
SetWindowTextA
GetDlgItem
CreateDialogParamA
DialogBoxParamA
InvalidateRect
GetMenuState
GetMenu
CheckMenuItem
SetWindowPlacement
GetWindowPlacement
GetClientRect
SendMessageA
GetMenuItemCount
GetMenuStringA
GetSubMenu
LoadMenuA
LoadCursorA
CreateWindowExA
UpdateWindow
RegisterClassA
ScreenToClient
ClientToScreen
GetWindowTextA
EndDialog
GetWindowTextW
MapVirtualKeyA
SetFocus
MessageBoxA
GetDesktopWindow
CreatePopupMenu
AppendMenuA
GetCursorPos
ShowCursor
TrackPopupMenu
PeekMessageA
IsWindowUnicode
DefWindowProcA
GetAsyncKeyState
ShowWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetKeyState
IsZoomed
GetDC
ReleaseDC
GetKeyNameTextA
GetDoubleClickTime
GetSystemMetrics
DestroyMenu
DefWindowProcW

gdi32

Rectangle
CreatePen
CreateBitmap
GetObjectA
GetPaletteEntries
MoveToEx
CreateSolidBrush
SetBitmapBits
CreateFontA
GetTextExtentPoint32A
SetBkMode
GetDeviceCaps
LineTo
RealizePalette
BitBlt
CreatePalette
TextOutA
ExtTextOutA
SetBkColor
SetTextColor
CreateDIBSection
CreateFontIndirectA
DeleteObject
SelectObject
GdiFlush
CreateCompatibleDC
GetStockObject
DeleteDC
SelectPalette

comdlg32

GetSaveFileNameA
CommDlgExtendedError
GetOpenFileNameA
ChooseFontA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExW
GetUserNameA

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation

ole32

CoInitialize
CoUninitialize

dbghelp

SymGetTypeInfo
SymFunctionTableAccess
SymFromAddr
SymEnumSymbols
SymGetLineFromAddr
SymGetModuleBase
SymSetOptions
SymCleanup
StackWalk
SymInitialize
SymSetContext

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 424KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 280KB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

uva_data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

LBMPEG_D
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debuu
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

70c0e54181e0706199724de41c0ddf56

Headers

File Characteristics

Imports

wsock32

comctl32

ddraw

dsound

winmm

igrping

binkw32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

dbghelp

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 424KB - Virtual size: 423KB

.data Size: 280KB - Virtual size: 4.5MB

uva_data Size: 16KB - Virtual size: 15KB

LBMPEG_D Size: 4KB - Virtual size: 1024B

.debuu Size: 52KB - Virtual size: 51KB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 424KB - Virtual size: 423KB

.data
Size: 280KB - Virtual size: 4.5MB

uva_data
Size: 16KB - Virtual size: 15KB

LBMPEG_D
Size: 4KB - Virtual size: 1024B

.debuu
Size: 52KB - Virtual size: 51KB

.rsrc
Size: 8KB - Virtual size: 4KB