Modmanager[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Modmanager.exe
Size

2.4MB
MD5

d571b78e3328b6904366eefac619da19
SHA1

7cb5ea63d0357adac4813eaab85fca9bdfa39ceb
SHA256

1696b5680c8b4ae68191d3cdc524e33bee9649a1366b38eaae7e500f6ba784d8
SHA512

b753a1a1dbf237d5b2312cfc30aca2a3bf8b24e0b9df574f000ab2f64b74d69d0a1d8d92c383f20b1f38ddf3dac0ef0b7204a055ff0dd85b4d08b01150cfb43d
SSDEEP

49152:AC0pOb8xUkkv9ZVcHiNZzljqRgesMwHMDT/r+J+:CeWHiNZiLwHS+0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Modmanager.exe

Files

Modmanager.exe
.exe windows x64

f638f11ab963859886b12e4521a3387c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateThread
WriteProcessMemory
GetSystemTime
GetCurrentProcessId
CloseHandle
Module32Next
CreateToolhelp32Snapshot
Process32Next
VirtualProtectEx
lstrcmpiA
Module32First
CreateProcessA
GetExitCodeProcess
OpenProcess
GetProcessHeap
SetEndOfFile
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
GetProcessTimes
WaitForSingleObject
Process32First
SystemTimeToFileTime
GetSystemInfo
VirtualAllocEx
ReadProcessMemory
VirtualFreeEx
VirtualQueryEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
MoveFileA
GetFullPathNameA
WriteConsoleA
FreeConsole
DeleteFileA
FindNextFileA
QueryPerformanceFrequency
GetCurrentDirectoryA
FindClose
FindFirstFileA
SetCurrentDirectoryA
CreateDirectoryA
GetLastError
GlobalUnlock
GlobalAlloc
WriteConsoleW
GetConsoleOutputCP
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
FlushFileBuffers
SetHandleCount
GetModuleFileNameA
ExitProcess
GetModuleHandleW
HeapCreate
HeapSetInformation
GetConsoleMode
GetConsoleCP
WriteFile
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
DecodePointer
EncodePointer
IsValidCodePage
GetOEMCP
GetACP
GetCurrentThreadId
ExitThread
SetFilePointer
GetFileInformationByHandle
GetDriveTypeA
FileTimeToLocalFileTime
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwindEx
RtlPcToFileHeader
RaiseException
GetStartupInfoA
GetCommandLineA
GlobalLock
CopyFileA
Sleep
QueryPerformanceCounter
SetEnvironmentVariableA
RemoveDirectoryA
HeapReAlloc
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LocalFree
WideCharToMultiByte
MultiByteToWideChar
SetThreadPriority
WaitForSingleObjectEx
SetEvent
CreateEventA
CreateFileA
GetFileSizeEx
ExpandEnvironmentStringsA
GetTickCount
FreeLibrary
GetStdHandle
GetFileType
WaitForMultipleObjects
PeekNamedPipe
ReadFile
SleepEx
GetModuleHandleA
GetProcAddress
LoadLibraryA
GetFileAttributesA
GetSystemDirectoryA
VerSetConditionMask
VerifyVersionInfoA
FormatMessageA
SetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection

user32

DestroyWindow
RegisterClassExA
SetForegroundWindow
EnumDisplaySettingsA
SetWindowLongA
UnregisterClassA
CreateWindowExA
DefWindowProcA
SetWindowTextA
LoadImageA
LoadCursorA
GetDC
ReleaseDC
CloseClipboard
GetAsyncKeyState
SetCursorPos
GetClipboardData
EmptyClipboard
GetCursorPos
OpenClipboard
SetClipboardData
GetWindowInfo
TranslateMessage
PeekMessageA
SetWindowPos
ShowWindow
DispatchMessageA
GetSystemMetrics
MessageBoxA

gdi32

SwapBuffers
SetPixelFormat
ChoosePixelFormat

comdlg32

GetOpenFileNameA
CommDlgExtendedError

advapi32

CryptDestroyHash
CryptGenRandom
CryptReleaseContext
CryptGetHashParam
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegCloseKey
RegGetValueA
RegOpenKeyExA
CryptHashData
CryptCreateHash
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptAcquireContextA

shell32

SHGetFolderPathA
ShellExecuteA
DragQueryFileA

opengl32

glGetString
glShadeModel
wglMakeCurrent
glPopMatrix
glPushMatrix
glMatrixMode
glViewport
glEnable
glFrontFace
wglDeleteContext
glLoadIdentity
glDeleteTextures
glBindTexture
glTexImage2D
glTexParameteri
glGenTextures
glDeleteLists
glVertex2f
glTexCoord2f
glCallLists
glEnd
glPopAttrib
glBegin
glDepthMask
glListBase
glColor4f
glBlendFunc
glPushAttrib
glScalef
glTranslatef
glColor4fv
glRotatef
glGetIntegerv
glClear
glReadPixels
wglGetProcAddress
wglCreateContext
glClearColor
glOrtho
glTexEnvi
glDisable

glu32

gluPerspective
gluBuild2DMipmaps

unrar

RARCloseArchive
RAROpenArchiveEx
RARReadHeaderEx
RARProcessFile

fmodex64

?getMode@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAI@Z
?getLoopCount@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH@Z
?getLoopPoints@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAII0I@Z
FMOD_System_Create
?getLength@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAII@Z
?getRecordNumDrivers@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH@Z
?createSound@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEBDIPEAUFMOD_CREATESOUNDEXINFO@@PEAPEAVSound@2@@Z
?createStream@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEBDIPEAUFMOD_CREATESOUNDEXINFO@@PEAPEAVSound@2@@Z
?release@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?setDefaults@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@MMMH@Z
?getDefaults@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAM00PEAH@Z
?getNumTags@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH0@Z
?getTag@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEBDHPEAUFMOD_TAG@@@Z
?setMode@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@I@Z
?setLoopCount@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@H@Z
?setLoopPoints@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@IIII@Z
?stop@Channel@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?playSound@System@FMOD@@QEAA?AW4FMOD_RESULT@@W4FMOD_CHANNELINDEX@@PEAVSound@2@_NPEAPEAVChannel@2@@Z
?getRecordDriverInfo@System@FMOD@@QEAA?AW4FMOD_RESULT@@HPEADHPEAUFMOD_GUID@@@Z
?setSoftwareFormat@System@FMOD@@QEAA?AW4FMOD_RESULT@@HW4FMOD_SOUND_FORMAT@@HHW4FMOD_DSP_RESAMPLER@@@Z
?getVersion@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAI@Z
?update@System@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?init@System@FMOD@@QEAA?AW4FMOD_RESULT@@HIPEAX@Z
?setSpeakerMode@System@FMOD@@QEAA?AW4FMOD_RESULT@@W4FMOD_SPEAKERMODE@@@Z
?setDSPBufferSize@System@FMOD@@QEAA?AW4FMOD_RESULT@@IH@Z
?getDriverCaps@System@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAIPEAHPEAW4FMOD_SPEAKERMODE@@@Z
?getDriverInfo@System@FMOD@@QEAA?AW4FMOD_RESULT@@HPEADHPEAUFMOD_GUID@@@Z
?getNumDrivers@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH@Z
?setOutput@System@FMOD@@QEAA?AW4FMOD_RESULT@@W4FMOD_OUTPUTTYPE@@@Z
?setVolume@Channel@FMOD@@QEAA?AW4FMOD_RESULT@@M@Z

xinput9_1_0

XInputGetState

winmm

timeBeginPeriod
timeEndPeriod

ws2_32

shutdown
gethostbyname
inet_addr
inet_ntoa
ntohl
htonl
gethostname
ioctlsocket
getaddrinfo
freeaddrinfo
WSAGetLastError
recv
send
WSASetLastError
__WSAFDIsSet
select
socket
WSACleanup
WSAStartup
WSAIoctl
setsockopt
getsockname
ntohs
bind
htons
getsockopt
getpeername
closesocket
connect
listen
recvfrom
accept
sendto

wldap32

ord22
ord41
ord46
ord211
ord217
ord143
ord50
ord26
ord30
ord200
ord32
ord35
ord79
ord33
ord301
ord27
ord60
ord45

crypt32

CertFreeCertificateContext
CertFindCertificateInStore
CertGetCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateChain
CryptStringToBinaryA
CertCreateCertificateChainEngine
CertCloseStore
CertOpenStore
CertGetNameStringA
CryptQueryObject
CertAddCertificateContextToStore
CertEnumCertificatesInStore

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 332KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 182KB - Virtual size: 11.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f638f11ab963859886b12e4521a3387c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

opengl32

glu32

unrar

fmodex64

xinput9_1_0

winmm

ws2_32

wldap32

crypt32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 332KB - Virtual size: 332KB

.data Size: 182KB - Virtual size: 11.2MB

.pdata Size: 53KB - Virtual size: 53KB

.rsrc Size: 362KB - Virtual size: 362KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 332KB - Virtual size: 332KB

.data
Size: 182KB - Virtual size: 11.2MB

.pdata
Size: 53KB - Virtual size: 53KB

.rsrc
Size: 362KB - Virtual size: 362KB