6d785fae7fe4ad6b7e1635b42d13bb940d4a9bc7f5c7c671a3807cfab0625f18

Sharing

Copy URL Twitter E-mail

General

Target

6d785fae7fe4ad6b7e1635b42d13bb940d4a9bc7f5c7c671a3807cfab0625f18
Size

2.4MB
MD5

2725d18d9594f49d253d6d676b1fed70
SHA1

6ab263eac85ed25e7d0117cef61aaf4d010f5dea
SHA256

6d785fae7fe4ad6b7e1635b42d13bb940d4a9bc7f5c7c671a3807cfab0625f18
SHA512

76a58d1189f5a85dcd65addc63f208abb860a867597e1cb8bf24fa16393aaf69ff0ff5f929a0ff63d144a4e5ad70eef88ffe77e77bbf6b4fb57eeab060bed1fe
SSDEEP

49152:7IEK9eVdrrxeIopjr6NB1YNtjM7scid+sI3R12pauBk/YhRQb/WGvwb9B7suvPNi:7zmCoi1YNtjM7U3I49k4vDNeSvqR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6d785fae7fe4ad6b7e1635b42d13bb940d4a9bc7f5c7c671a3807cfab0625f18

Files

6d785fae7fe4ad6b7e1635b42d13bb940d4a9bc7f5c7c671a3807cfab0625f18
.exe windows x86

b1dc2286d2a22a9ffdbd34ba9e90ab63

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

soundlib

CreateSoundLib

winmm

timeGetTime

ss3dgfunc

_CalcDistance@8
_VECTOR3_MULEQU_FLOAT@8
_VECTOR3_ADD_VECTOR3@12
_CrossProduct@12
_COLORtoDWORD@16
_TransformV3TOV4@16
_SetInverseMatrix@8
_MatrixMultiply2@12
_Normalize@8
_VECTOR3Length@4
_WriteTGA@24
_RotatePositionWithPivot@24
_SetRotationXMatrix@8
_SetRotationYMatrix@8
_TransformVector3_VPTR2@16

wsock32

gethostname
WSAGetLastError
gethostbyname
inet_addr

dinput8

DirectInput8Create

wininet

InternetConnectA
InternetReadFile
InternetQueryDataAvailable
HttpSendRequestA
InternetOpenA
InternetCloseHandle
HttpOpenRequestA

kernel32

QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
SetFilePointer
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
HeapSize
GetProcAddress
GetModuleHandleA
VerifyVersionInfoA
VerSetConditionMask
ExitProcess
Sleep
CreateThread
DeleteFileA
CreateEventA
CloseHandle
SetEvent
OpenEventA
GetCurrentDirectoryA
GetCurrentProcess
DuplicateHandle
GetCurrentProcessId
GetProcessId
OpenProcess
CreateDirectoryA
SetUnhandledExceptionFilter
GetModuleFileNameA
GetCurrentThreadId
CreateFileA
lstrcatA
lstrcpyA
LoadLibraryA
GetTickCount
WaitForSingleObject
ResumeThread
GetLocalTime
lstrcmpiA
GetLastError
GetStringTypeW
lstrlenA
MulDiv
OutputDebugStringA
QueryDosDeviceA
GetLogicalDriveStringsA
Process32Next
Process32First
CreateToolhelp32Snapshot
ReadFile
WriteFile
WritePrivateProfileStringA
GetPrivateProfileStringA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetSystemTime
GetFileSize
WideCharToMultiByte
MultiByteToWideChar
FreeLibrary
OpenFile
lstrcmpA
SetCurrentDirectoryA
GetVersionExA
LoadLibraryW
HeapCreate
InitializeCriticalSectionAndSpinCount
SetHandleCount
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
SetStdHandle
IsProcessorFeaturePresent
GetCPInfo
LCMapStringW
GetModuleFileNameW
GetStdHandle
GetFileType
WriteConsoleW
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetSystemTimeAsFileTime
GetModuleHandleW
HeapAlloc
HeapReAlloc
HeapFree
RaiseException
RtlUnwind
DecodePointer
EncodePointer
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetProcessHeap
VirtualQuery
CreateFileW
InterlockedDecrement
InterlockedIncrement
SetEndOfFile
CompareStringW
IsDBCSLeadByte
SetEnvironmentVariableA

user32

ShowCursor
ShowWindow
IsWindowVisible
SetCapture
ReleaseCapture
GetCursorPos
ScreenToClient
IsClipboardFormatAvailable
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
CharPrevA
CharNextA
GetDC
ReleaseDC
OffsetRect
SetCursor
LoadCursorFromFileA
CopyRect
GetClientRect
SetRect
PostMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
LoadIconA
DefWindowProcA
GetSystemMetrics
CreateWindowExA
UpdateWindow
RegisterClassExA
wsprintfA
FindWindowExA
FindWindowA
MessageBoxA

gdi32

GetTextExtentPoint32A
CreateFontIndirectA
DeleteObject
GetStockObject
SelectObject
GetDeviceCaps

advapi32

LookupAccountSidA
GetTokenInformation
OpenProcessToken
GetUserNameA
RegCloseKey
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA

shell32

ShellExecuteA

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoFreeUnusedLibraries

freeimage

_FreeImage_Unload@4
_FreeImage_SaveJPEG@12
_FreeImage_Load@12
_FreeImage_GetBits@4
_FreeImage_ConvertTo16Bits565@4
_FreeImage_GetInfo@4

iphlpapi

GetAdaptersInfo

psapi

GetProcessImageFileNameA

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 694KB - Virtual size: 887KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1dc2286d2a22a9ffdbd34ba9e90ab63

Headers

DLL Characteristics

File Characteristics

Imports

soundlib

winmm

ss3dgfunc

wsock32

dinput8

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

freeimage

iphlpapi

psapi

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 191KB - Virtual size: 190KB

.data Size: 694KB - Virtual size: 887KB

.rsrc Size: 89KB - Virtual size: 89KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 191KB - Virtual size: 190KB

.data
Size: 694KB - Virtual size: 887KB

.rsrc
Size: 89KB - Virtual size: 89KB