Static task
static1
General
-
Target
fxcompiler.zip
-
Size
195KB
-
MD5
bb75e3e50a5dd1f8dcd83348e8f5d704
-
SHA1
b7140ead57f7e135aaa1598e82c9b1e4070c3ab3
-
SHA256
1443080a3e4a59bdeca9895de30cc1b94824bd2a24b49ddf61aad15609680d9e
-
SHA512
25a7e4058aabf827059a01a7d89e55145426e5a5ec511e7868f3409396a9c5029f8c71a32fc6c412ecf6543c4dec83dc624faa42c45718e94ac366963a6943c9
-
SSDEEP
3072:4Z36z0bnmoV/J8C72+P4olYbnJFx6C3peWhgjufNjK02aFiKGLOi:4UYbNV7fP4olYdQWhgjuJK0/FzgOi
Malware Config
Signatures
-
Unsigned PE 3 IoCs
Checks for missing Authenticode signature.
resource unpack001/Microsoft.Xna.Framework.Content.Pipeline.EffectImporter.dll unpack001/Microsoft.Xna.Framework.Content.Pipeline.dll unpack001/fxcompiler.exe
Files
-
fxcompiler.zip.zip
-
ExampleEffectDeath.fx
-
ExampleEffectScreen.fx
-
Microsoft.Xna.Framework.Content.Pipeline.EffectImporter.dll.dll windows x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Microsoft.Xna.Framework.Content.Pipeline.dll.dll windows x86
d5ab6642da2bed9134073f6eba5f920f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
msvcr100
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
??3@YAXPAX@Z
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
_crt_debugger_hook
??2@YAPAXI@Z
memcpy_s
_cexit
__FrameUnwindFilter
kernel32
LoadLibraryW
GetProcAddress
IsDebuggerPresent
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
EncodePointer
DecodePointer
InterlockedExchange
Sleep
InterlockedCompareExchange
DisableThreadLibraryCalls
UnhandledExceptionFilter
gdi32
DeleteDC
GetGlyphIndicesW
GetCharABCWidthsFloatW
CreateCompatibleDC
SelectObject
d3dx9_41
D3DXOptimizeVertices
D3DXCreateEffectCompiler
D3DXCreateMesh
D3DXComputeTangentFrameEx
D3DXLoadSurfaceFromMemory
D3DXCreateBuffer
D3DXOptimizeFaces
d3d9
Direct3DCreate9
user32
CreateWindowExW
DestroyWindow
SetRect
mscoree
_CorDllMain
Sections
.text Size: 190KB - Virtual size: 190KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 327KB - Virtual size: 327KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
fxcompiler.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ