37cd3786e2a50ddb2ced91c3c9fc5b6506147f5517436e9a4840282ade180878

Sharing

Copy URL Twitter E-mail

General

Target

37cd3786e2a50ddb2ced91c3c9fc5b6506147f5517436e9a4840282ade180878
Size

4.4MB
MD5

87e2070079299fa5eff4b5cb1b6b0993
SHA1

83923199de39c441a1f3baa058bdc9480e3709d5
SHA256

37cd3786e2a50ddb2ced91c3c9fc5b6506147f5517436e9a4840282ade180878
SHA512

9505b99d9587d9c20e35ae5e7c2defed1c99ee85455397e419e843566f471174a8231e7104ec1acbb4d5971f2622fe0490b89313f661537d45857346817d0e9c
SSDEEP

49152:m33pm50Ewh9Uc5T3z6FsxCYrvE+nM0V+SJ33HIFTxDuc75SLwtemiiuowE2s:KglsPD/rvXLc7siuonn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37cd3786e2a50ddb2ced91c3c9fc5b6506147f5517436e9a4840282ade180878

Files

37cd3786e2a50ddb2ced91c3c9fc5b6506147f5517436e9a4840282ade180878
.exe windows x86

0ba65aa3f3d5e752b023a1a0b732cdcd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

soundlib

CreateSoundLib

winmm

timeGetTime

ss3dgfunc

_VECTOR3_MULEQU_FLOAT@8
_VECTOR3_ADD_VECTOR3@12
_Normalize@8
_SetRotationXMatrix@8
_SetRotationYMatrix@8
_WriteTGA@24
_COLORtoDWORD@16
_CrossProduct@12
_TransformVector3_VPTR2@16
_CalcDistance@8
_RotatePositionWithPivot@24
_MatrixMultiply2@12
_TransformV3TOV4@16
_SetInverseMatrix@8
_VECTOR3Length@4

wsock32

WSAStartup
WSACleanup
closesocket
connect
gethostbyname
ioctlsocket
htons
recv
send
socket
inet_addr

dinput8

DirectInput8Create

wininet

InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetQueryDataAvailable
InternetOpenA
InternetOpenUrlA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle

kernel32

SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
OutputDebugStringA
GetFileSize
CloseHandle
OpenFile
GetLocalTime
IsDBCSLeadByte
GetModuleFileNameA
DeleteFileA
GetTickCount
Sleep
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetCurrentDirectoryA
ReadFile
WaitForSingleObject
CreateProcessA
GetStartupInfoA
CreatePipe
WideCharToMultiByte
lstrlenA
SetCurrentDirectoryA
Process32Next
Module32Next
Module32First
Process32First
CreateToolhelp32Snapshot
lstrcpyA
lstrcmpA
GetProcAddress
LoadLibraryA
FreeLibrary
CreateFileA
CreateThread
CreateEventA
GetLastError
GetThreadContext
ResumeThread
SetEvent
GetPriorityClass
OpenProcess
lstrcatA
QueryDosDeviceA
lstrcmpiA
GetLogicalDriveStringsA
WaitForMultipleObjects
TerminateProcess
IsDebuggerPresent
WriteFile
SetFilePointer
CreateDirectoryA
InterlockedCompareExchange
GetModuleHandleA
SetHandleCount
VerifyVersionInfoA
VerSetConditionMask
HeapSize
DuplicateHandle
GetCurrentProcessId
GetProcessId
ExitProcess
FindClose
FindNextFileA
RemoveDirectoryA
FindFirstFileA
WriteProcessMemory
FileTimeToSystemTime
GetWindowsDirectoryA
LocalAlloc
GetSystemDefaultLangID
MultiByteToWideChar
LCMapStringA
InterlockedExchange
InitializeCriticalSection
SetUnhandledExceptionFilter
DeleteCriticalSection
GetCurrentThread
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
WritePrivateProfileStringA
GetPrivateProfileStringA
GetTempPathA
CopyFileA
SetFileAttributesA
GetVersionExA
GetSystemTime
InterlockedDecrement
DeviceIoControl
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
GetModuleFileNameW
GetStdHandle
GetFileType
WriteConsoleW
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetFileAttributesA
GetModuleHandleW
HeapReAlloc
ExitThread
HeapAlloc
FindFirstFileExA
FileTimeToLocalFileTime
HeapFree
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
DecodePointer
EncodePointer
InterlockedIncrement
MulDiv
InitializeCriticalSectionAndSpinCount
lstrlenW
GetLocaleInfoW
FatalAppExitA
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
LocalFree
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
CreateFileW
VirtualQuery
GetProcessHeap
SetStdHandle
IsValidLocale
HeapCreate
HeapDestroy
FlushFileBuffers
GetTimeZoneInformation
SetConsoleCtrlHandler
LoadLibraryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
GetCurrentProcess

user32

ReleaseDC
SetCapture
GetCursorPos
ReleaseCapture
GetDC
FindWindowA
FindWindowExA
EndDialog
ShowCursor
UpdateWindow
ScreenToClient
IsClipboardFormatAvailable
GetClipboardData
CreateDialogParamA
SetWindowLongA
GetClientRect
ClientToScreen
SendDlgItemMessageA
GetSystemMetrics
CallWindowProcA
CreateWindowExA
EnableWindow
CheckRadioButton
GetDlgItem
SendMessageA
GetDlgItemTextA
DefWindowProcA
RegisterClassExA
SetDlgItemTextA
SetDlgItemInt
CheckDlgButton
ShowWindow
SetFocus
AnimateWindow
GetWindowRect
SetWindowPos
IsWindow
IsDialogMessageA
DestroyWindow
OffsetRect
EnumWindows
GetWindowTextA
GetWindowThreadProcessId
CopyRect
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
PostMessageA
CharPrevA
CharNextA
MessageBoxA
SetRect
wsprintfA
LoadIconA
DispatchMessageA
TranslateMessage
PeekMessageA
RegisterHotKey
GetActiveWindow
LoadCursorFromFileA
SetCursor
SetWindowTextA
GetDlgItemInt

gdi32

CreateFontIndirectA
DeleteObject
GetStockObject
GetTextExtentPoint32A
SelectObject
GetDeviceCaps

comdlg32

GetOpenFileNameA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenThreadToken
GetUserNameA
AllocateAndInitializeSid
InitializeAcl
AddAccessDeniedAce
AddAccessAllowedAce
SetSecurityInfo
RegCloseKey
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
LookupAccountSidA
GetTokenInformation
OpenProcessToken
FreeSid

shell32

ShellExecuteA

ole32

CoInitialize
CoCreateInstance
CoInitializeEx
CoSetProxyBlanket
CoUninitialize
CoFreeUnusedLibraries
CoInitializeSecurity

oleaut32

SysAllocString
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantClear
VariantInit
CreateErrorInfo
GetErrorInfo
VariantChangeType
SetErrorInfo
SysFreeString

freeimage

_FreeImage_SaveJPEG@12
_FreeImage_Load@12
_FreeImage_GetInfo@4
_FreeImage_ConvertTo16Bits565@4
_FreeImage_Unload@4
_FreeImage_GetBits@4

psapi

GetProcessImageFileNameA

iphlpapi

GetAdaptersInfo

Sections

.textbss
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 365KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 860KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ba65aa3f3d5e752b023a1a0b732cdcd

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

soundlib

winmm

ss3dgfunc

wsock32

dinput8

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

freeimage

psapi

iphlpapi

Sections

.textbss Size: - Virtual size: 1.4MB

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 365KB - Virtual size: 365KB

.data Size: 860KB - Virtual size: 1.2MB

.idata Size: 11KB - Virtual size: 10KB

.rsrc Size: 102KB - Virtual size: 101KB

.textbss
Size: - Virtual size: 1.4MB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 365KB - Virtual size: 365KB

.data
Size: 860KB - Virtual size: 1.2MB

.idata
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 102KB - Virtual size: 101KB