sonic[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

sonic.exe
Size

1.9MB
MD5

6b69968e21ec53f751c418a55f1e56e2
SHA1

f6d51248ef50bfef031f259fde1c7ab889a33c39
SHA256

0fe56d2a5a44b52554268ed24083128ca180057a37fbfb37ea3df97abeb0e826
SHA512

2630e1823779975f6dd81ddcf2e0bf89bc64b6dbde77b60deda055061a258b7b0aa13bef1fc0f31a969a1f087b6c06225cc315b370a670c658dc76683aea8468
SSDEEP

24576:ijtHIuFHtokqyJtgKvRMyoV7luUQWfLilI1k15gIM/M5yRIEdU8TSN40:m7Dt/tNeZuUQWziIk7MM5w88TQ4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
sonic.exe

Files

sonic.exe
.exe windows x86

a790c6b0066a69864ee8e69a91b1933c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

d3dx9_41

D3DXMatrixPerspectiveFovRH
D3DXMatrixTranslation
D3DXMatrixRotationZ
D3DXGetShaderConstantTable
D3DXMatrixOrthoOffCenterRH
D3DXMatrixInverse
D3DXMatrixScaling
D3DXSaveSurfaceToFileA
D3DXMatrixMultiply
D3DXMatrixTranspose
D3DXMatrixRotationY
D3DXMatrixRotationX
D3DXCreateTexture
D3DXMatrixRotationQuaternion
D3DXGetImageInfoFromFileInMemory
D3DXCreateTextureFromFileInMemoryEx
D3DXCompileShader

storm_api

SteamAPI_UnregisterCallResult
SteamAPI_Init
SteamAPI_RunCallbacks
SteamAPI_Shutdown
SteamUserStats
SteamFriends
SteamUser
SteamUtils
SteamAPI_RegisterCallResult
SteamAPI_RegisterCallback
SteamAPI_UnregisterCallback

kernel32

GetCurrentProcessId
GetTickCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
GetModuleFileNameA
IsProcessorFeaturePresent
TerminateProcess
WaitForSingleObject
InterlockedIncrement
InterlockedDecrement
QueryPerformanceCounter
QueryPerformanceFrequency
CreateThread
ResumeThread
TryEnterCriticalSection
GetCurrentThreadId
GetLocaleInfoA
CreateMutexA
GetLastError
CloseHandle
Sleep
SetThreadPriority
GetCurrentProcess
ResetEvent
SetEvent
CreateEventA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetFileAttributesA
DeleteFileA
MoveFileA
FlushFileBuffers
CreateDirectoryA
GetFileSize
SetFilePointer
ReadFile
WriteFile
SetEndOfFile
CreateFileA
GetModuleHandleA
ExitThread

user32

RegisterClassA
LoadIconA
LoadImageA
LoadCursorA
RegisterClassExA
DestroyWindow
DefWindowProcA
IsWindow
UnregisterClassA
GetClassInfoExA
CreateWindowExA
AdjustWindowRectEx
MessageBoxW
ReleaseCapture
SetCapture
TrackMouseEvent
GetCursorPos
ScreenToClient
GetKeyboardState
ToAscii
IsWindowVisible
DispatchMessageA
PeekMessageA
TranslateMessage
PostQuitMessage
UpdateWindow
ShowWindow
SetWindowPos
GetClientRect
SetWindowLongA
GetWindowLongA
GetWindowRect
MessageBoxA

shell32

DragAcceptFiles
DragQueryFileA
DragFinish

msvcr100

fgetpos
fsetpos
setvbuf
fflush
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
_CIsqrt
_CIacos
floor
vsprintf
ceil
memset
memcpy
srand
_CIlog
_CIcos
_CIfmod
_CIsin
__CxxFrameHandler3
_CIpow
_CItan
strcpy_s
strncpy_s
strcat_s
vsprintf_s
strcmp
_beginthreadex
qsort
strtol
strstr
strlen
_aligned_offset_malloc
_aligned_free
_CxxThrowException
fread_s
_filelength
_fileno
fopen_s
sprintf_s
puts
fseek
fread
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
_fseeki64
fwrite
_unlock_file
_lock_file
fclose
ungetc
fputc
fgetc
??0exception@std@@QAE@ABV01@@Z
memcpy_s
memmove
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
atoi
free
strncpy
strncmp
rand
_purecall
printf
_snprintf
sprintf
??3@YAXPAX@Z
??2@YAPAXI@Z
_control87
malloc
_CIatan2

msvcp100

?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??_7ios_base@std@@6B@
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??Bid@locale@std@@QAEIXZ
?_Incref@facet@locale@std@@QAEXXZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_BADOFF@std@@3_JB
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xout_of_range@std@@YAXPBD@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z

d3d9

Direct3DCreate9

dinput8

DirectInput8Create

xinput1_3

ord2
ord3

dsound

ord11

winmm

timeSetEvent
timeKillEvent
timeGetTime

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 110KB - Virtual size: 733KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a790c6b0066a69864ee8e69a91b1933c

Headers

DLL Characteristics

File Characteristics

Imports

d3dx9_41

storm_api

kernel32

user32

shell32

msvcr100

msvcp100

d3d9

dinput8

xinput1_3

dsound

winmm

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 188KB - Virtual size: 188KB

.data Size: 110KB - Virtual size: 733KB

.rsrc Size: 149KB - Virtual size: 148KB

.reloc Size: 96KB - Virtual size: 96KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 188KB - Virtual size: 188KB

.data
Size: 110KB - Virtual size: 733KB

.rsrc
Size: 149KB - Virtual size: 148KB

.reloc
Size: 96KB - Virtual size: 96KB