swkotor[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

swkotor.exe
Size

3.9MB
MD5

d2bc3d8ef527df1b8547bc0740db74ed
SHA1

90663e2b281442cbae8a2856b60185920b920c07
SHA256

761f9466f456a83909036baebb5c43167d722387be66e54617ba20a8c49e9886
SHA512

a9193891da6b1ada71cd7c24e8739d1e2d742c971052543f5863539398da19cb6d40b4576893bc0c3e74a4379a2c2fbc20cc02d6f7eb4f25e5b8e88df791177f
SSDEEP

49152:3NLzXOKH6AqIHxAAAf7CpjZMZGIFjItJgtG3wBzP+F61w5USQ3/lY1Q7sq4hyJ:dLzXOKHD5xABKIxksBaQuKys4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
swkotor.exe

Files

swkotor.exe
.exe windows x86

Password: infected

360f23fb8ff7196bdd7b7ad6201c9846

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

opengl32

glGetFloatv
glClear
glClearColor
glColor4f
glMatrixMode
glDisable
glLoadIdentity
glOrtho
glAlphaFunc
glTexParameteri
glBindTexture
glGetIntegerv
glDeleteTextures
glGenTextures
glReadPixels
glFinish
glDrawElements
glMultMatrixf
glEnableClientState
glDisableClientState
glPushAttrib
glPopAttrib
glStencilOp
glFrontFace
glStencilMask
glIsTexture
glTexImage2D
glTranslatef
glRotatef
glDepthMask
glGetString
glTexSubImage2D
glStencilFunc
glTexCoordPointer
glColorPointer
glNormalPointer
glVertexPointer
glDrawArrays
wglMakeCurrent
wglShareLists
wglCreateContext
glViewport
glGetError
glEnd
glVertex3f
glTexCoord2f
glBegin
glNormal3f
glCopyTexImage2D
wglGetCurrentDC
wglGetCurrentContext
glVertex3fv
glColor4ubv
glColor3f
glTexImage1D
glTexEnvi
glFlush
glPopMatrix
glPushMatrix
glDrawBuffer
glCopyTexSubImage2D
wglDeleteContext
wglGetProcAddress
glTexGeni
glNormal3fv
glCallLists
glListBase
glVertex4f
glEndList
glBitmap
glNewList
glGenLists
glPixelStorei
glDeleteLists
glRasterPos2f
glPushClientAttrib
glPopClientAttrib
glFogi
glFogf
glFogfv
glColorMask
glColor4fv
glMaterialfv
glColorMaterial
glDepthFunc
glClearStencil
glLightModelfv
glScalef
glPolygonMode
glIsEnabled
glLineWidth
glPointSize
glLightfv
glBlendFunc
glEnable

kernel32

CreateMutexA
FormatMessageA
LocalFree
WaitForSingleObject
GetVersionExA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
SetEndOfFile
GetCurrentProcessId
LoadLibraryA
VirtualQuery
VirtualProtect
CreateFileA
GetOEMCP
GetACP
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCPInfo
GetCurrentProcess
FlushFileBuffers
SetUnhandledExceptionFilter
SetFilePointer
IsBadWritePtr
VirtualAlloc
LCMapStringW
MultiByteToWideChar
LCMapStringA
VirtualFree
HeapCreate
HeapDestroy
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTickCount
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
HeapSize
HeapReAlloc
SetPriorityClass
ReadFile
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentThreadId
SetLastError
TlsFree
MoveFileA
GetLocalTime
GetTimeZoneInformation
WideCharToMultiByte
GetFileType
SetStdHandle
RaiseException
HeapAlloc
HeapFree
GetCommandLineA
GetStartupInfoA
TerminateProcess
ExitProcess
RtlUnwind
GetSystemInfo
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDriveTypeA
CompareFileTime
GetModuleFileNameA
lstrlenA
GetSystemTimeAsFileTime
DeleteFileA
CopyFileA
GetFileAttributesA
SetFileAttributesA
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentDirectoryA
FindFirstFileA
FindNextFileA
FindClose
GlobalMemoryStatus
SuspendThread
RemoveDirectoryA
CreateDirectoryA
GetModuleHandleA
GetProcAddress
GetDiskFreeSpaceExA
ResumeThread
ExitThread
Sleep
GetCurrentThread
CreateEventA
CreateThread
SetThreadPriority
SetEvent
GetExitCodeThread
CloseHandle
WriteFile
GetLastError
GetEnvironmentStrings
GetFullPathNameA

user32

MonitorFromWindow
SetWindowTextA
TranslateMessage
GetMonitorInfoA
FindWindowA
EnableWindow
DefWindowProcA
GetMessageA
DispatchMessageA
GetDesktopWindow
GetWindowRect
ClientToScreen
SetCursorPos
GetCursorInfo
ShowCursor
SetCursor
DestroyCursor
PostQuitMessage
AdjustWindowRect
EnumDisplaySettingsA
ChangeDisplaySettingsA
SetWindowLongA
MoveWindow
PeekMessageA
SystemParametersInfoA
DestroyWindow
ShowWindow
ReleaseDC
GetDC
SetWindowPos
CreateWindowExA
GetWindowInfo
MessageBoxA
RegisterClassA
LoadCursorA
LoadIconA
SendMessageA
ScreenToClient
SetCapture
PostMessageA

gdi32

DescribePixelFormat
SwapBuffers
PatBlt
SetPixelFormat
ChoosePixelFormat
GetStockObject
SetDeviceGammaRamp

ole32

CoInitialize
CoUninitialize

binkw32

_BinkOpenMiles@4
_BinkClose@4
_BinkPause@8
_BinkGetSummary@8
_BinkNextFrame@4
_BinkBufferBlit@12
_BinkGetRects@8
_BinkBufferUnlock@4
_BinkCopyToBuffer@28
_BinkBufferLock@4
_BinkDoFrame@4
_BinkWait@4
_BinkBufferCheckWinPos@12
_BinkBufferSetOffset@12
_BinkBufferSetScale@12
_BinkSetVolume@12
_BinkBufferOpen@16
_BinkOpen@8
_BinkSetSoundSystem@8
_BinkBufferClose@4

mss32

_AIL_resume_3D_sample@4
_AIL_close_3D_listener@4
_AIL_set_3D_orientation@28
_AIL_open_3D_listener@4
_AIL_set_3D_position@16
_AIL_set_3D_rolloff_factor@8
_AIL_set_3D_provider_preference@12
_AIL_set_digital_master_room_type@8
_AIL_set_3D_room_type@8
_AIL_quick_shutdown@0
_AIL_close_3D_provider@4
_AIL_release_sample_handle@4
_AIL_release_3D_sample_handle@4
_AIL_decompress_ASI@24
_AIL_decompress_ADPCM@12
_AIL_mem_free_lock@4
_AIL_set_3D_sample_effects_level@8
_AIL_3D_room_type@4
_AIL_set_3D_sample_playback_rate@8
_AIL_set_3D_sample_offset@8
_AIL_set_3D_sample_distances@12
_AIL_set_3D_sample_loop_count@8
_AIL_set_3D_sample_file@8
_AIL_resume_sample@4
_AIL_set_sample_playback_rate@8
_AIL_set_sample_position@8
_AIL_set_sample_loop_count@8
_AIL_set_sample_file@12
_AIL_init_sample@4
_AIL_set_preference@8
_AIL_open_3D_provider@4
_AIL_enumerate_3D_providers@12
_AIL_allocate_sample_handle@4
_AIL_allocate_3D_sample_handle@4
_AIL_quick_startup@20
_AIL_set_redist_directory@4
_AIL_end_sample@4
_AIL_end_3D_sample@4
_AIL_close_stream@4
_AIL_set_3D_sample_obstruction@8
_AIL_sample_status@4
_AIL_3D_sample_status@4
_AIL_stop_sample@4
_AIL_sample_position@4
_AIL_stop_3D_sample@4
_AIL_3D_sample_offset@4
_AIL_WAV_info@8
_AIL_set_sample_volume_levels@12
_AIL_set_3D_sample_volume@8
_AIL_open_stream@12
_AIL_stream_status@4
_AIL_set_stream_loop_count@8
_AIL_pause_stream@8
_AIL_stream_position@4
_AIL_set_stream_volume_levels@12
_AIL_set_stream_reverb_levels@12
_AIL_set_stream_volume_pan@12
_AIL_start_stream@4
_AIL_stream_ms_position@12
_AIL_set_stream_position@8
_AIL_quick_handles@12

dinput8

DirectInput8Create

glu32

gluErrorString
gluPerspective
gluBuild2DMipmaps

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus
ImmGetCandidateListA
ImmGetCompositionStringA

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 673KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 220KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

360f23fb8ff7196bdd7b7ad6201c9846

Headers

File Characteristics

Imports

opengl32

kernel32

user32

gdi32

ole32

binkw32

mss32

dinput8

glu32

version

imm32

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 320KB - Virtual size: 318KB

.data Size: 92KB - Virtual size: 673KB

.rsrc Size: 220KB - Virtual size: 218KB

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 320KB - Virtual size: 318KB

.data
Size: 92KB - Virtual size: 673KB

.rsrc
Size: 220KB - Virtual size: 218KB