6e25051e65ac6b09606d74e836d44623d5a695d418fbe72a62a2e90e5f671d26

Sharing

Copy URL

Twitter E-mail

General

Target

6e25051e65ac6b09606d74e836d44623d5a695d418fbe72a62a2e90e5f671d26
Size

5.1MB
MD5

6f74ea0cb16fbda4c1f0e37a72be2676
SHA1

75c32b11b96a519d7da1e5d782247ba9c7d26d28
SHA256

6e25051e65ac6b09606d74e836d44623d5a695d418fbe72a62a2e90e5f671d26
SHA512

706324ecd5256ecc220ba53c3c860683e6506d85f5397a6f1046993df2879edf1df5359db172bca03aeb9dfb167601254d3f041f925ef732806bd45939718b55
SSDEEP

49152:oZruVce1jwqJQDx8SGx+fftNPndkGVEzHn5nyQ0CwKM7ZwkDvK:TVfhJbgXtNPndZcZnzaFJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6e25051e65ac6b09606d74e836d44623d5a695d418fbe72a62a2e90e5f671d26

Files

6e25051e65ac6b09606d74e836d44623d5a695d418fbe72a62a2e90e5f671d26
.exe windows x86

a0dbac41a80b57fc9ba2d9db596e5c6b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

soundlib

CreateSoundLib

winmm

timeGetTime

ss3dgfunc

_SetInverseMatrix@8
_VECTOR3Length@4
_COLORtoDWORD@16
_WriteTGA@24
_Normalize@8
_SetRotationYMatrix@8
_SetRotationXMatrix@8
_TransformVector3_VPTR2@16
_RotatePositionWithPivot@24
_CalcDistance@8
_MatrixMultiply2@12
_TransformV3TOV4@16
_CrossProduct@12

wsock32

htons
inet_addr
gethostbyname
WSAGetLastError
WSAStartup
socket
send
recv
ioctlsocket
connect
closesocket
WSACleanup

dinput8

DirectInput8Create

wininet

InternetOpenA
InternetConnectA
InternetQueryDataAvailable
InternetCloseHandle
InternetOpenUrlA
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
HttpQueryInfoA

kernel32

QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
ReleaseSemaphore
VirtualProtect
GetSystemInfo
ExitProcess
VirtualFree
VirtualAlloc
GetVersionExW
FreeLibraryAndExitThread
GetThreadTimes
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
CreateDirectoryW
GetFileAttributesExW
GetFileSize
CloseHandle
GetLocalTime
OpenFile
IsDBCSLeadByte
ReadFile
GetCurrentDirectoryA
CreateFileA
GetTickCount
DeleteFileA
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
GetSystemDefaultLangID
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WaitForSingleObject
CreatePipe
CreateProcessA
GetStartupInfoA
lstrlenA
SetCurrentDirectoryA
lstrcmpA
lstrcpyA
OutputDebugStringA
FreeLibrary
GetProcAddress
LoadLibraryA
OpenProcess
TerminateProcess
CreateThread
GetCurrentThread
GetThreadContext
SetEvent
WaitForMultipleObjects
Sleep
lstrcmpiA
lstrcatA
CreateEventA
GetLogicalDriveStringsA
GetModuleHandleA
QueryDosDeviceA
GetPriorityClass
CreateToolhelp32Snapshot
UnregisterWaitEx
Process32Next
Module32First
Module32Next
InterlockedCompareExchange
MulDiv
WriteFile
CreateDirectoryA
AreFileApisANSI
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
RemoveDirectoryA
FindFirstFileA
FindNextFileA
InterlockedExchange
GetCurrentProcess
GetCurrentProcessId
SetUnhandledExceptionFilter
GetCurrentThreadId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
GetTempPathA
SetFileAttributesA
CopyFileA
GetSystemTime
HeapQueryInformation
HeapSize
HeapReAlloc
FlushFileBuffers
FindNextFileW
FindFirstFileExW
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
GetOEMCP
GetACP
IsValidCodePage
OutputDebugStringW
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
FileTimeToSystemTime
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
GetTimeZoneInformation
SetStdHandle
CreateFileW
GetStdHandle
GetFileType
WriteConsoleW
Process32First
HeapValidate
ExitThread
GetCommandLineA
GetCPInfo
UnhandledExceptionFilter
SystemTimeToTzSpecificLocalTime
LoadLibraryExW
CreateTimerQueue
CreateSemaphoreW
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
GetModuleHandleExW
GetModuleFileNameW
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwind
GetStringTypeW
GetSystemTimeAsFileTime
EncodePointer
GetExitCodeThread
SetLastError
CreateEventW
LoadLibraryW
SetEndOfFile
TlsAlloc
FindClose
SetEnvironmentVariableA
DuplicateHandle
TlsGetValue

user32

CopyRect
wsprintfA
SetRect
MessageBoxA
CharNextA
CharPrevA
OpenClipboard
GetClientRect
LoadCursorFromFileA
SetCursor
LoadIconA
ShowCursor
UpdateWindow
GetSystemMetrics
EndDialog
ShowWindow
RegisterClassExA
DefWindowProcA
UnregisterHotKey
RegisterHotKey
PeekMessageA
DispatchMessageA
TranslateMessage
SendMessageA
ReleaseDC
GetDC
ScreenToClient
GetCursorPos
ReleaseCapture
SetCapture
IsClipboardFormatAvailable
GetClipboardData
OffsetRect
GetWindowThreadProcessId
EnumWindows
GetWindowTextA
CreateWindowExA
PostMessageA
EmptyClipboard
SetClipboardData
CloseClipboard

gdi32

GetDeviceCaps
SelectObject
GetTextExtentPoint32A
DeleteObject
CreateFontIndirectA
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject

advapi32

OpenProcessToken
OpenThreadToken
AdjustTokenPrivileges
LookupPrivilegeValueA

shell32

ShellExecuteA

ole32

CoCreateInstance
CoInitialize
CoInitializeEx
CoFreeUnusedLibraries
CoInitializeSecurity
CoUninitialize

oleaut32

SysFreeString
VariantClear
VariantInit
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetDim
SysAllocString

freeimage

_FreeImage_Unload@4
_FreeImage_GetBits@4
_FreeImage_GetInfo@4
_FreeImage_SaveJPEG@12
_FreeImage_ConvertTo16Bits565@4
_FreeImage_Load@12

psapi

GetProcessImageFileNameA

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 479KB - Virtual size: 478KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 977KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a0dbac41a80b57fc9ba2d9db596e5c6b

Headers

DLL Characteristics

File Characteristics

Imports

soundlib

winmm

ss3dgfunc

wsock32

dinput8

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

freeimage

psapi

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 479KB - Virtual size: 478KB

.data Size: 977KB - Virtual size: 1.2MB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 177KB - Virtual size: 176KB

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 479KB - Virtual size: 478KB

.data
Size: 977KB - Virtual size: 1.2MB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 177KB - Virtual size: 176KB