926c36593ae872f3e96dd1afe63c1dff1693104c90b04f61d15f996706d9118b

Sharing

Copy URL Twitter E-mail

General

Target

926c36593ae872f3e96dd1afe63c1dff1693104c90b04f61d15f996706d9118b
Size

9.3MB
MD5

f7ab3772a4ff0c7d23b0e064e40c8cab
SHA1

e747eaa41b5da6b0b4366ed803974c1101f49e32
SHA256

926c36593ae872f3e96dd1afe63c1dff1693104c90b04f61d15f996706d9118b
SHA512

de0b953424a12a794d9ba91873072db0ca9017c5ea26d3e3251dc6d09ab47594a9d447ec83939dcb9ee80bd75badfcd8b986c0a75708d7c3dd6efb07081a079a
SSDEEP

196608:Ij6kWReYVv5fw00/Ty5wpFQqywDRmjlj/VDAJSyLxwYA:IjPWReYVvyTySFQqYlj/1AJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
926c36593ae872f3e96dd1afe63c1dff1693104c90b04f61d15f996706d9118b

Files

926c36593ae872f3e96dd1afe63c1dff1693104c90b04f61d15f996706d9118b
.exe windows x86

f16cb2837876c441cb94e3b926578d3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

d3d9

Direct3DCreate9

winmm

timeGetTime

dinput8

DirectInput8Create

imm32

ImmNotifyIME
ImmGetContext
ImmReleaseContext
ImmSetOpenStatus
ImmSetCompositionFontA
ImmSetCompositionWindow
ImmGetCompositionStringA
ImmGetCandidateListA
ImmGetOpenStatus
ImmGetProperty
ImmSetCandidateWindow
ImmGetCandidateWindow
ImmIsIME
ImmGetDefaultIMEWnd
ImmSetConversionStatus
ImmGetConversionStatus
ImmSetCompositionStringW
ImmGetCompositionWindow

ws2_32

WSASend
WSAEventSelect
WSACreateEvent
connect
WSAEnumNetworkEvents
WSARecv
WSAGetLastError
WSACloseEvent
closesocket
inet_addr
WSASetEvent
WSAResetEvent
WSAWaitForMultipleEvents
WSAIoctl
getpeername
freeaddrinfo
getaddrinfo
__WSAFDIsSet
bind
WSASetLastError
socket
inet_ntoa
recvfrom
WSAAsyncGetHostByName
WSAAsyncGetHostByAddr
WSAAsyncSelect
getsockname
gethostbyaddr
getsockopt
sendto
shutdown
select
accept
listen
htonl
setsockopt
ntohs
ioctlsocket
recv
send
WSAStartup
gethostname
WSACleanup
htons
gethostbyname

ijl11

ord2
ord5
ord3

dsetup

ord11

ddraw

DirectDrawCreateEx

wininet

InternetCloseHandle
InternetReadFileExA
HttpEndRequestA
HttpSendRequestExA
HttpOpenRequestA
InternetConnectA
InternetSetStatusCallback
InternetOpenA
FtpPutFileA
InternetCrackUrlA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile

freetype6

ord27
ord68
ord67
ord66
ord135
ord167
ord3
ord23
ord46
ord29
ord116
ord211
ord112
ord80
ord126
ord78
ord2
ord221
ord218
ord28
ord113
ord109
ord111

kilos

?OAL_allocate_sample_handle@@YGPAU__SAMPLE_OAL@@PAU_OPENAL_DIG_DRIVER@@@Z
?OAL_file_read@@YGPAXPBDPAX@Z
?OAL_set_sample_file@@YGHPAU__SAMPLE_OAL@@PBXH@Z
?OAL_release_sample_handle@@YGXPAU__SAMPLE_OAL@@@Z
?OAL_mem_free_lock@@YGXPAX@Z
?OAL_close_stream@@YGXPAU__STREAM_OAL@@@Z
?OAL_start_stream@@YGXPAU__STREAM_OAL@@@Z
?OAL_open_stream@@YGPAU__STREAM_OAL@@PAU_OPENAL_DIG_DRIVER@@PBDH@Z
?OAL_stream_status@@YGHPAU__STREAM_OAL@@@Z
?OAL_set_sample_volume_levels@@YGXPAU__SAMPLE_OAL@@MM@Z
?OAL_sample_status@@YGHPAU__SAMPLE_OAL@@@Z
?OAL_open_digital_driver@@YGPAU_OPENAL_DIG_DRIVER@@KHHI@Z
?OAL_startup@@YGXH@Z
?OAL_shutdown@@YGXXZ
?OAL_close_digital_driver@@YGXPAU_OPENAL_DIG_DRIVER@@@Z
?OAL_set_stream_loop_count@@YGXPAU__STREAM_OAL@@H@Z
?OAL_start_sample@@YGXPAU__SAMPLE_OAL@@@Z

kernel32

ReleaseSemaphore
GetLocaleInfoW
IsValidCodePage
GetOEMCP
GetACP
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
HeapDestroy
HeapCreate
GetTimeZoneInformation
HeapSize
GetFileType
GetStdHandle
SetHandleCount
TlsFree
TlsSetValue
TlsAlloc
IsDebuggerPresent
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
DuplicateHandle
CreateProcessA
GetStartupInfoW
SwitchToThread
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
TlsGetValue
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
SetLastError
ExitProcess
DecodePointer
EncodePointer
GetDateFormatA
MoveFileA
CreateTimerQueue
DeleteTimerQueueTimer
CreateTimerQueueTimer
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrlenA
GetTickCount
OutputDebugStringA
CloseHandle
SetFilePointer
ReadFile
CreateFileA
WriteFile
GetLocalTime
Sleep
GetProcAddress
LoadLibraryA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetFileSize
QueryPerformanceCounter
QueryPerformanceFrequency
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
lstrcatA
GetModuleFileNameA
GetFileAttributesA
lstrcpyA
DeviceIoControl
LocalFree
GetCurrentProcess
GetLastError
GlobalUnlock
GlobalLock
IsDBCSLeadByteEx
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleHandleA
GlobalAlloc
CreateDirectoryA
FindClose
FindFirstFileA
Process32Next
Process32First
CreateToolhelp32Snapshot
VerifyVersionInfoA
VerSetConditionMask
GetVersionExA
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
DeleteFileA
CopyFileA
SetUnhandledExceptionFilter
RemoveDirectoryA
GlobalMemoryStatus
LeaveCriticalSection
EnterCriticalSection
SetThreadPriority
CreateThread
InitializeCriticalSection
TerminateThread
GetExitCodeThread
UnmapViewOfFile
GetSystemInfo
MapViewOfFile
CreateFileMappingA
DeleteCriticalSection
GetWindowsDirectoryA
_lread
_lclose
_lopen
_llseek
CreateFileW
GetVolumeInformationW
GetDriveTypeW
FindNextFileW
FindFirstFileW
FormatMessageA
IsBadWritePtr
IsBadReadPtr
Module32Next
Module32First
GlobalMemoryStatusEx
SystemTimeToFileTime
InterlockedDecrement
InterlockedIncrement
lstrlenW
GetVersion
IsWow64Process
GetEnvironmentVariableA
GetTempFileNameA
GetTempPathA
IsProcessorFeaturePresent
GetProfileIntA
DebugBreak
FatalAppExitA
LockResource
LoadResource
SizeofResource
FindResourceA
FindResourceW
VirtualFree
VirtualAlloc
InterlockedExchange
InterlockedCompareExchange
GetFullPathNameA
lstrcmpiA
HeapAlloc
GetProcessHeap
HeapFree
GetDriveTypeA
FindFirstFileExA
ExitThread
HeapReAlloc
GetModuleHandleW
GetCommandLineA
HeapSetInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
VirtualQuery
CreatePipe
GetExitCodeProcess
CompareStringW
WriteConsoleW
SetEndOfFile
GetThreadPriority
SetEnvironmentVariableA
SignalObjectAndWait
SleepEx
GetSystemDirectoryW
VerifyVersionInfoW
FormatMessageW
MoveFileExW
OutputDebugStringW
LoadLibraryW
GetModuleFileNameW
FreeLibraryAndExitThread
GetThreadTimes
InterlockedPushEntrySList
QueryDepthSList
SetEvent
InterlockedPopEntrySList
InterlockedFlushSList
CreateSemaphoreW
WaitForMultipleObjects
CreateEventW
WaitForSingleObject
GetVersionExW
GetProcessAffinityMask
SetConsoleCtrlHandler
SetCurrentDirectoryW
GetCurrentDirectoryW
PeekNamedPipe
VirtualProtect
SetThreadAffinityMask
FindNextFileA
GetFileInformationByHandle
GetCurrentThread
FindFirstFileExW
GetFileAttributesW
FreeLibrary
GetFullPathNameW
GetTimeFormatA

user32

ChangeDisplaySettingsA
GetMenu
AdjustWindowRectEx
ClipCursor
OffsetRect
IntersectRect
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
EnumWindows
PeekMessageA
TranslateMessage
DispatchMessageA
SystemParametersInfoA
ShowCursor
GetClassNameA
GetWindowTextA
EndDialog
SetFocus
wsprintfA
EmptyClipboard
SetClipboardData
AdjustWindowRect
PtInRect
SetCursor
OpenClipboard
CloseClipboard
SendMessageA
GetKeyboardLayout
LoadCursorA
RegisterClassA
GetCaretPos
ClientToScreen
GetWindowLongA
CreateWindowExA
SetWindowLongA
ShowWindow
DrawTextA
DefWindowProcA
DestroyWindow
GetAsyncKeyState
PostMessageA
SetCursorPos
GetCursorPos
GetClientRect
SetWindowPos
LoadIconA
ScreenToClient
GetIconInfo
GetActiveWindow
MessageBoxA
GetDC
ReleaseDC
UnionRect
FillRect
EnumDisplaySettingsA
SetWindowsHookExA
ToAscii
CallNextHookEx
UnhookWindowsHookEx
GetWindowRgn
SetRect
GetCursor
DrawIcon
GetPropA
SetPropA
RemovePropA
BeginPaint
EndPaint
UnregisterClassA
SetRectEmpty
CopyRect
GetClassInfoA
LoadStringA
GetKeyboardState
keybd_event
MoveWindow
CharLowerA
DestroyMenu
PostQuitMessage
GetLastActivePopup
MessageBoxW
SetForegroundWindow
SetActiveWindow
GetKeyState
GetClipboardData
GetMessageA

gdi32

GetObjectW
SetMapMode
CreateSolidBrush
CreateRectRgn
OffsetRgn
SelectClipRgn
CreateDIBSection
BitBlt
CreateDIBitmap
Rectangle
GetCharacterPlacementA
GetCharacterPlacementW
GetTextMetricsA
GetTextMetricsW
GetFontLanguageInfo
CreateFontIndirectA
CreateFontIndirectW
MoveToEx
ExtTextOutW
TextOutA
RemoveFontResourceA
GetClipBox
GetDCOrgEx
GetStockObject
GetObjectA
CreateCompatibleDC
GetDIBits
SelectObject
SetBkMode
SetTextColor
SetBkColor
DeleteDC
SetTextAlign
ExtTextOutA
DeleteObject
GetTextExtentPoint32A

comdlg32

GetOpenFileNameA

advapi32

CryptAcquireContextW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptImportKey
CryptReleaseContext
RegOpenKeyA
RegCreateKeyExA
RegSetValueExA
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CryptEncrypt
CryptDestroyKey
CryptGetHashParam

shell32

ShellExecuteA

ole32

CoCreateInstance
CLSIDFromString
CoUninitialize
CoInitializeEx
CoInitialize

oleaut32

SetErrorInfo
VariantChangeType
GetErrorInfo
SysFreeString
SysAllocString
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
VariantClear
CreateErrorInfo

wldap32

ord133
ord145
ord127
ord142
ord79
ord26
ord301
ord27
ord41
ord46
ord216
ord167
ord219
ord14
ord117
ord208
ord147

Sections

.text
Size: 7.8MB - Virtual size: 7.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 74.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f16cb2837876c441cb94e3b926578d3b

Headers

DLL Characteristics

File Characteristics

Imports

d3d9

winmm

dinput8

imm32

ws2_32

ijl11

dsetup

ddraw

wininet

freetype6

kilos

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

wldap32

Sections

.text Size: 7.8MB - Virtual size: 7.8MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 124KB - Virtual size: 74.3MB

.rsrc Size: 80KB - Virtual size: 80KB

.text
Size: 7.8MB - Virtual size: 7.8MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 124KB - Virtual size: 74.3MB

.rsrc
Size: 80KB - Virtual size: 80KB