c5875116af02830d8b02c7fb614e7c91e6d756e33a7ee07d56bb06a9682d00c4

Sharing

Copy URL Twitter E-mail

General

Target

c5875116af02830d8b02c7fb614e7c91e6d756e33a7ee07d56bb06a9682d00c4
Size

2.8MB
MD5

e05c723b7ab3f5b40ab6315642887939
SHA1

34ad90a88f8156069d31192b9e97f12d4fca1554
SHA256

c5875116af02830d8b02c7fb614e7c91e6d756e33a7ee07d56bb06a9682d00c4
SHA512

6bf5961f8dde2f8c4e5147c10ef3bdd013064a72dd3f04d062c68373f4a1eb2029d27e1d25298fc1c82eeb67472fe22242b9023cb1d0d2edb824d2c54c129f7e
SSDEEP

49152:nXDqIscPk7pmAQ1NaT+/2m7SMEO1jlWj//o09D+QrNdxcNy4Nre4gixOa24AVUdL:vPr5VSMEO1Jg//B8yGO4xL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c5875116af02830d8b02c7fb614e7c91e6d756e33a7ee07d56bb06a9682d00c4

Files

c5875116af02830d8b02c7fb614e7c91e6d756e33a7ee07d56bb06a9682d00c4
.exe windows x86

14d2e3afd9c86852d609ce684661635d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

soundlib

CreateSoundLib

winmm

timeGetTime

ss3dgfunc

_RotatePositionWithPivot@24
_CalcDistance@8
_MatrixMultiply2@12
_TransformV3TOV4@16
_SetInverseMatrix@8
_TransformVector3_VPTR2@16
_SetRotationXMatrix@8
_SetRotationYMatrix@8
_Normalize@8
_VECTOR3_ADD_VECTOR3@12
_VECTOR3_MULEQU_FLOAT@8
_WriteTGA@24
_COLORtoDWORD@16
_VECTOR3Length@4
_CrossProduct@12

wsock32

inet_addr
gethostbyname
WSAStartup
WSACleanup
closesocket
htons
ioctlsocket
socket
connect
send
recv

dinput8

DirectInput8Create

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetQueryDataAvailable
HttpSendRequestA
InternetConnectA
HttpOpenRequestA

kernel32

GetStringTypeW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
LoadLibraryW
GetTimeZoneInformation
OutputDebugStringA
GetLocalTime
GetFileSize
CloseHandle
OpenFile
IsDBCSLeadByte
GetModuleFileNameA
DeleteFileA
GetTickCount
Sleep
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
ReadFile
WaitForSingleObject
CreateProcessA
GetStartupInfoA
CreatePipe
WideCharToMultiByte
GetCurrentDirectoryA
lstrlenA
SetCurrentDirectoryA
Process32Next
Module32Next
Module32First
Process32First
CreateToolhelp32Snapshot
lstrcpyA
lstrcmpA
GetProcAddress
LoadLibraryA
FreeLibrary
CreateFileA
SetEvent
lstrcatA
QueryDosDeviceA
lstrcmpiA
GetLogicalDriveStringsA
TerminateProcess
OpenProcess
IsDebuggerPresent
GetLastError
GetThreadContext
ResumeThread
GetPriorityClass
WaitForMultipleObjects
CreateThread
CreateEventA
InterlockedCompareExchange
GetModuleHandleA
CompareStringW
VerifyVersionInfoA
VerSetConditionMask
GetCurrentProcess
DuplicateHandle
GetCurrentProcessId
GetProcessId
ExitProcess
WriteFile
CreateDirectoryA
FindClose
FindNextFileA
GetUserDefaultLCID
FindFirstFileA
FileTimeToSystemTime
MultiByteToWideChar
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
InitializeCriticalSection
SetUnhandledExceptionFilter
WritePrivateProfileStringA
GetPrivateProfileStringA
GetTempPathA
SetFileAttributesA
CopyFileA
GetVersionExA
GetSystemTime
InterlockedDecrement
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoW
HeapSize
InitializeCriticalSectionAndSpinCount
SetHandleCount
SetLastError
TlsFree
TlsSetValue
SetEnvironmentVariableA
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
GetModuleFileNameW
GetStdHandle
GetFileType
WriteConsoleW
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetFileAttributesA
GetModuleHandleW
HeapReAlloc
ExitThread
FindFirstFileExA
FileTimeToLocalFileTime
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
DecodePointer
EncodePointer
InterlockedIncrement
GetLocaleInfoA
SetEndOfFile
CreateFileW
EnumSystemLocalesA
IsValidLocale
SetStdHandle
GetProcessHeap
LocalFree
RemoveDirectoryA
VirtualQuery
MulDiv

user32

GetWindowTextA
wsprintfA
SetRect
MessageBoxA
CharNextA
CharPrevA
PostMessageA
CloseClipboard
GetClientRect
SetCursor
LoadCursorFromFileA
RegisterHotKey
PeekMessageA
TranslateMessage
DispatchMessageA
LoadIconA
RegisterClassExA
DefWindowProcA
GetSystemMetrics
CreateWindowExA
ShowWindow
UpdateWindow
ShowCursor
FindWindowExA
FindWindowA
GetDC
ReleaseDC
SetCapture
ReleaseCapture
GetCursorPos
ScreenToClient
GetClipboardData
OffsetRect
EnumWindows
IsClipboardFormatAvailable
GetWindowThreadProcessId
CopyRect
OpenClipboard
EmptyClipboard
SetClipboardData

gdi32

GetStockObject
GetDeviceCaps
SelectObject
GetTextExtentPoint32A
CreateFontIndirectA
DeleteObject

advapi32

LookupAccountSidA
GetTokenInformation
RegCloseKey
RegQueryValueExA
OpenProcessToken
GetUserNameA
RegOpenKeyExA
RegQueryInfoKeyA

shell32

ShellExecuteA

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoFreeUnusedLibraries

oleaut32

VariantClear

freeimage

_FreeImage_GetInfo@4
_FreeImage_Unload@4
_FreeImage_GetBits@4
_FreeImage_ConvertTo16Bits565@4
_FreeImage_Load@12
_FreeImage_SaveJPEG@12

psapi

GetProcessImageFileNameA

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 225KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 698KB - Virtual size: 1000KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14d2e3afd9c86852d609ce684661635d

Headers

DLL Characteristics

File Characteristics

Imports

soundlib

winmm

ss3dgfunc

wsock32

dinput8

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

freeimage

psapi

iphlpapi

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 225KB - Virtual size: 224KB

.data Size: 698KB - Virtual size: 1000KB

.rsrc Size: 102KB - Virtual size: 101KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 225KB - Virtual size: 224KB

.data
Size: 698KB - Virtual size: 1000KB

.rsrc
Size: 102KB - Virtual size: 101KB