7704a1d99a7b1eab105b7021596c632dafd6d150e326c603d492f226c94e3fa8

Sharing

Copy URL Twitter E-mail

General

Target

7704a1d99a7b1eab105b7021596c632dafd6d150e326c603d492f226c94e3fa8
Size

2.5MB
MD5

565df11fd1e548ad650b004227331610
SHA1

21f32708607b68fe36506c3be396f419a59b55f2
SHA256

7704a1d99a7b1eab105b7021596c632dafd6d150e326c603d492f226c94e3fa8
SHA512

c49dab66ea07ffb6a3d0e84df0186e3edc947d52329de1b9c7d04c40a5319103fe772370e3cbbe23a64478cdcb0fb2dfa354539b5b71b19b6b41895dc68e2954
SSDEEP

49152:StI9Rc3mmOJkJ+WL4xfKHNVqdvyDqArAPfFS3FLNQi8IJyU+:DbKtKvbIJm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7704a1d99a7b1eab105b7021596c632dafd6d150e326c603d492f226c94e3fa8

Files

7704a1d99a7b1eab105b7021596c632dafd6d150e326c603d492f226c94e3fa8
.exe windows x86

57534e117e55c88f66a00e325b352d0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

soundlib

CreateSoundLib

winmm

timeGetTime

ss3dgfunc

_COLORtoDWORD@16
_CrossProduct@12
_CalcDistance@8
_MatrixMultiply2@12
_VECTOR3_ADD_VECTOR3@12
_VECTOR3_MULEQU_FLOAT@8
_SetInverseMatrix@8
_Normalize@8
_VECTOR3Length@4
_WriteTGA@24
_RotatePositionWithPivot@24
_SetRotationXMatrix@8
_SetRotationYMatrix@8
_TransformV3TOV4@16
_TransformVector3_VPTR2@16

wsock32

gethostname
WSAGetLastError
gethostbyname
inet_addr

dinput8

DirectInput8Create

wininet

InternetConnectA
InternetReadFile
InternetQueryDataAvailable
HttpSendRequestA
InternetOpenA
InternetCloseHandle
HttpOpenRequestA

kernel32

SetStdHandle
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
WriteConsoleA
LoadLibraryW
DebugBreak
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
GetProcAddress
GetModuleHandleA
VerifyVersionInfoA
VerSetConditionMask
ExitProcess
Sleep
CreateThread
DeleteFileA
CreateEventA
CloseHandle
SetEvent
OpenEventA
GetCurrentDirectoryA
GetCurrentProcess
DuplicateHandle
GetCurrentProcessId
GetProcessId
OpenProcess
CreateDirectoryA
SetUnhandledExceptionFilter
GetModuleFileNameA
GetCurrentThreadId
CreateFileA
lstrcatA
LoadLibraryA
lstrcpyA
GetTickCount
lstrcmpiA
GetLastError
WaitForSingleObject
ResumeThread
GetLocalTime
IsDBCSLeadByte
lstrlenA
GetConsoleOutputCP
OutputDebugStringA
GetProcessHeap
GetLogicalDriveStringsA
Process32Next
Process32First
CreateToolhelp32Snapshot
ReadFile
WriteFile
WritePrivateProfileStringA
GetPrivateProfileStringA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetSystemTime
GetFileSize
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
FreeLibrary
OpenFile
lstrcmpA
SetCurrentDirectoryA
GetVersionExA
FreeEnvironmentStringsA
FlushFileBuffers
SetFilePointer
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
HeapSize
InitializeCriticalSectionAndSpinCount
VirtualAlloc
VirtualFree
HeapCreate
SetHandleCount
VirtualQuery
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
GetModuleFileNameW
GetStdHandle
GetFileType
WriteConsoleW
GetStartupInfoA
GetCommandLineA
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetModuleHandleW
HeapAlloc
HeapReAlloc
HeapFree
RaiseException
SetEndOfFile
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
QueryDosDeviceA
InterlockedIncrement
CompareStringA
CompareStringW
InterlockedDecrement
MulDiv
SetEnvironmentVariableA

user32

ShowCursor
ShowWindow
IsWindowVisible
SetCapture
ReleaseCapture
GetCursorPos
ScreenToClient
IsClipboardFormatAvailable
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
CharNextA
CharPrevA
GetDC
ReleaseDC
OffsetRect
SetCursor
LoadCursorFromFileA
CopyRect
GetClientRect
SetRect
PostMessageA
PeekMessageA
TranslateMessage
LoadIconA
RegisterClassExA
DefWindowProcA
GetSystemMetrics
CreateWindowExA
UpdateWindow
DispatchMessageA
wsprintfA
FindWindowExA
FindWindowA
MessageBoxA

gdi32

GetTextExtentPoint32A
SelectObject
DeleteObject
GetStockObject
CreateFontIndirectA
GetDeviceCaps

advapi32

RegQueryInfoKeyA
RegCloseKey
GetUserNameA
OpenProcessToken
GetTokenInformation
LookupAccountSidA
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteA

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoFreeUnusedLibraries

freeimage

_FreeImage_SaveJPEG@12
_FreeImage_Unload@4
_FreeImage_Load@12
_FreeImage_GetBits@4
_FreeImage_GetInfo@4
_FreeImage_ConvertTo16Bits565@4

iphlpapi

GetAdaptersInfo

psapi

GetProcessImageFileNameA

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 694KB - Virtual size: 889KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

57534e117e55c88f66a00e325b352d0b

Headers

DLL Characteristics

File Characteristics

Imports

soundlib

winmm

ss3dgfunc

wsock32

dinput8

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

freeimage

iphlpapi

psapi

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 187KB - Virtual size: 186KB

.data Size: 694KB - Virtual size: 889KB

.rsrc Size: 89KB - Virtual size: 89KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 187KB - Virtual size: 186KB

.data
Size: 694KB - Virtual size: 889KB

.rsrc
Size: 89KB - Virtual size: 89KB