TVOThief[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

TVOThief.exe
Size

11.1MB
MD5

d0fdbc83241f5f27cd4b72c4044f4c1e
SHA1

a9839a049c7457dedd3ed02a67bd8d49d47dae4d
SHA256

32d39bae73c74602bbb61b59e38ae5e53f4d1da12527b97ceaab052ffc1f06e2
SHA512

2432f6a217d424ab560c1e4162c02c2d413483d50eb33bb1b3010a0b40eea2947e02575f80062d591b26d1880f3f7223e50bc8d9d82f386c600ef370c26573c1
SSDEEP

196608:NoHjwNMrG6S+F0MeitF4kpSfnlHrK/jHK7nP7reSvLn6yHsyCvSqk0oBbBAQzibV:NoHjwNMrG6S+F0MeitBpSflHrK/jHK7k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
TVOThief.exe

Files

TVOThief.exe
.exe windows x86

b019270aa463061ea3eff34362e24e1d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

hid

HidP_GetButtonCaps
HidP_GetCaps
HidD_GetProductString
HidP_GetValueCaps
HidP_MaxDataListLength
HidP_GetData
HidD_GetPreparsedData
HidD_FreePreparsedData
HidD_GetHidGuid

ws2_32

htonl
inet_addr
closesocket
WSACleanup
getsockname
connect
gethostbyname
htons
WSAStartup
WSAAsyncGetHostByName
WSACancelAsyncRequest
gethostbyaddr
getaddrinfo
freeaddrinfo
getpeername
getsockopt
send
recv
shutdown
listen
accept
ntohs
bind
recvfrom
sendto
__WSAFDIsSet
WSASetLastError
select
setsockopt
inet_ntoa
ioctlsocket
gethostname
socket
WSAGetLastError

kernel32

WriteFile
FindClose
DeleteFileW
RemoveDirectoryW
FindNextFileW
FindFirstFileW
GetModuleFileNameW
lstrcpynA
lstrcpyA
lstrcpynW
FreeLibrary
GetCommandLineW
GetProcAddress
LoadLibraryW
CancelIo
GetOverlappedResult
CreateEventW
ExpandEnvironmentStringsA
CreateMutexA
GetCurrentThreadId
RaiseException
GetCurrentProcess
GetModuleHandleA
GetSystemInfo
GlobalMemoryStatusEx
GetUserDefaultLangID
GetVersionExA
GetComputerNameW
LoadLibraryA
GetTempPathW
GetModuleHandleW
GetCurrentProcessId
SetUnhandledExceptionFilter
WaitForSingleObject
CreateThread
OutputDebugStringA
SetLastError
GetEnvironmentVariableA
GetFileAttributesA
GetModuleFileNameA
GetCurrentDirectoryA
ResumeThread
GetThreadContext
SuspendThread
GetCurrentThread
IsBadReadPtr
GetWindowsDirectoryA
GetFullPathNameW
CreateSemaphoreA
Sleep
WaitForSingleObjectEx
ReleaseSemaphore
InterlockedCompareExchange
SleepEx
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
SetThreadPriority
CreateEventA
GlobalAlloc
SetEvent
ResetEvent
FileTimeToDosDateTime
FileTimeToLocalFileTime
lstrlenA
GetFileTime
VirtualQuery
GlobalMemoryStatus
GetSystemTimeAsFileTime
MoveFileExW
CreateDirectoryW
SetErrorMode
WritePrivateProfileStringW
HeapAlloc
HeapReAlloc
HeapFree
RtlUnwind
EncodePointer
DecodePointer
ExitProcess
SetConsoleCtrlHandler
ExitThread
DuplicateHandle
GetCommandLineA
HeapSetInformation
GetStartupInfoW
GetStdHandle
HeapCreate
IsProcessorFeaturePresent
InterlockedIncrement
InterlockedDecrement
HeapSize
GetLocaleInfoW
UnhandledExceptionFilter
TerminateProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
InterlockedExchange
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetFileType
SetStdHandle
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CompareStringW
SetEnvironmentVariableA
CreateFileA
WriteConsoleW
GetProcessHeap
GetFullPathNameA
lstrcmpiA
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
VirtualFree
VirtualAlloc
GetProcessAffinityMask
OpenEventA
GetSystemDirectoryA
GetDateFormatA
GetTimeFormatA
CreateSemaphoreW
CreateMutexW
SignalObjectAndWait
ReleaseMutex
FlushConsoleInputBuffer
GetVersion
GetFileAttributesW
CreateProcessW
SetFileAttributesW
GlobalLock
GlobalUnlock
GetFileSize
ReadFile
CreateFileW
SetEndOfFile
SetFilePointer
CloseHandle
IsDebuggerPresent
WideCharToMultiByte
FormatMessageA
LocalFree
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
GetLastError
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
InterlockedExchangeAdd
FileTimeToSystemTime
GetFileInformationByHandle
PeekNamedPipe
GetDriveTypeA
FindFirstFileExA
GetTimeZoneInformation
ReadConsoleInputA
SetConsoleMode
GetCurrentDirectoryW
GetDriveTypeW
WaitForMultipleObjects
TerminateThread
SetThreadAffinityMask
HeapValidate
CopyFileW
HeapWalk

user32

EnumWindows
SendMessageA
SetForegroundWindow
ShowWindow
IsIconic
RegisterWindowMessageA
GetUserObjectInformationA
GetThreadDesktop
GetParent
SendMessageTimeoutA
GetWindowLongA
SetWindowPos
GetClientRect
CreateDialogParamA
SetWindowLongA
GetDlgItem
ChangeDisplaySettingsA
GetWindowPlacement
AdjustWindowRectEx
EnumDisplaySettingsA
GetDesktopWindow
UnregisterClassW
GetRawInputDeviceList
GetRawInputDeviceInfoW
GetRawInputData
RegisterRawInputDevices
wsprintfA
GetCursorPos
GetWindowRect
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
CreateWindowExW
DestroyWindow
OffsetRect
DefWindowProcW
DestroyCursor
LoadCursorA
SetCursor
GetSystemMetrics
GetDC
ReleaseDC
CreateIconIndirect
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW
wvsprintfA
MonitorFromWindow
GetCaretBlinkTime
PeekMessageA
GetMessageA
DispatchMessageA
ValidateRect
EnumDisplayDevicesA
EnumDisplayMonitors
GetMonitorInfoA
LoadImageA
DialogBoxParamA
IsDlgButtonChecked
CheckDlgButton
CreateDialogParamW
PeekMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjects
EnableWindow
SetWindowTextW
RegisterClassW
PostQuitMessage
SetWindowLongW
GetWindowLongW
SetCursorPos
IsWindowVisible
ScreenToClient
GetClipboardData
IsClipboardFormatAvailable
SetCapture
ReleaseCapture
UnregisterDeviceNotification
RegisterDeviceNotificationW
SystemParametersInfoW
ClientToScreen
GetAsyncKeyState
ClipCursor
ShowCursor
GetFocus
SetFocus
WindowFromPoint
RegisterClassExW
DialogBoxParamW
GetAncestor
LoadIconA
SendDlgItemMessageW
SetDlgItemTextA
SetDlgItemTextW
MessageBoxA
CopyRect
GetKeyState
EndDialog

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoCreateGuid
CoInitialize
CoUninitialize
CoSetProxyBlanket

shlwapi

PathFileExistsW
SHDeleteKeyA
PathCanonicalizeW
PathIsDirectoryW

advapi32

CryptGetHashParam
CryptImportKey
CryptVerifySignatureA
CryptDestroyKey
RegDeleteValueA
GetUserNameA
RegCreateKeyExW
RegQueryValueExW
CryptDestroyHash
CryptHashData
CryptReleaseContext
RegOpenKeyExW
RegSetValueExW
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegisterEventSourceA
ReportEventA
DeregisterEventSource
CryptCreateHash
CryptAcquireContextA

gdi32

SwapBuffers
GetObjectA
GetDeviceCaps
ChoosePixelFormat
SetPixelFormat
DeleteObject
CreateBitmap
CreateDIBSection

shell32

ShellExecuteW
CommandLineToArgvW
SHGetFolderPathW

opengl32

glIsTexture
glGetTexParameteriv
glTexSubImage2D
glPixelStorei
glCopyTexSubImage2D
glDrawBuffer
glReadBuffer
glDrawArrays
wglDeleteContext
glBegin
glVertex3f
glNormal3f
glColor4f
glEnd
glHint
glLightModelf
glLoadIdentity
glMaterialfv
glMaterialf
glReadPixels
glFinish
glFogi
glFogf
glFogfv
glLightModelfv
glLightf
glLightfv
glTexGeni
glTexGenfv
glTexEnvfv
glScissor
glViewport
glColor4fv
glLightModeli
glColorMaterial
glGetFloatv
glMultMatrixf
glMatrixMode
glPolygonMode
glFrontFace
glClearColor
glClearDepth
glClearStencil
glClear
glIsEnabled
glStencilFunc
glStencilOp
glStencilMask
glDepthFunc
glDepthMask
glCullFace
glPolygonOffset
glColorMask
glDisable
glBlendFunc
glEnable
glAlphaFunc
glTexEnvi
glTexEnvf
glDisableClientState
glEnableClientState
glColorPointer
glVertexPointer
glNormalPointer
glTexCoordPointer
glDrawElements
glGetString
glGetError
glDeleteTextures
glGenTextures
glBindTexture
glTexParameteri
glTexImage2D
wglGetProcAddress
glGetIntegerv
wglShareLists
wglGetCurrentDC
wglGetCurrentContext
wglMakeCurrent
wglCreateContext
glLoadMatrixf

winmm

waveInOpen
waveInStart
waveInGetDevCapsW
waveInGetDevCapsA
waveInUnprepareHeader
waveInPrepareHeader
waveInAddBuffer
waveOutGetPosition
waveOutReset
waveOutWrite
waveInClose
waveOutOpen
waveOutClose
waveOutGetDevCapsW
waveOutGetDevCapsA
waveOutGetNumDevs
waveInGetNumDevs
timeBeginPeriod
timeEndPeriod
timeGetTime
waveInReset
waveOutUnprepareHeader
waveOutPrepareHeader

oleaut32

SysStringLen
SysAllocString
VariantChangeType
VariantClear
VariantInit
SysFreeString

msacm32

acmStreamConvert
acmStreamUnprepareHeader
acmFormatSuggest
acmStreamOpen
acmStreamSize
acmStreamPrepareHeader

imm32

ImmReleaseContext
ImmSetOpenStatus
ImmGetConversionStatus
ImmGetCompositionStringW
ImmAssociateContextEx
ImmAssociateContext
ImmGetContext
ImmSetCompositionStringW

dnsapi

DnsQuery_A
DnsFree

iphlpapi

GetIpAddrTable

winhttp

WinHttpGetIEProxyConfigForCurrentUser

Exports

Exports

??$Transfer@V?$StreamedBinaryRead@$00@@@AnimationEvent@@QAEXAAV?$StreamedBinaryRead@$00@@@Z
??$Transfer@V?$StreamedBinaryRead@$00@@@Behaviour@@QAEXAAV?$StreamedBinaryRead@$00@@@Z
??$Transfer@V?$StreamedBinaryRead@$00@@@Component@Unity@@QAEXAAV?$StreamedBinaryRead@$00@@@Z
??$Transfer@V?$StreamedBinaryRead@$00@@@GameObject@Unity@@QAEXAAV?$StreamedBinaryRead@$00@@@Z
??$Transfer@V?$StreamedBinaryRead@$00@@@GlobalGameManager@@QAEXAAV?$StreamedBinaryRead@$00@@@Z
??$Transfer@V?$StreamedBinaryRead@$00@@@LevelGameManager@@QAEXAAV?$StreamedBinaryRead@$00@@@Z
??$Transfer@V?$StreamedBinaryRead@$00@@@NamedObject@@QAEXAAV?$StreamedBinaryRead@$00@@@Z
??$Transfer@V?$StreamedBinaryRead@$00@@@Object@@IAEXAAV?$StreamedBinaryRead@$00@@@Z
??$Transfer@V?$StreamedBinaryRead@$00@@@Renderer@@QAEXAAV?$StreamedBinaryRead@$00@@@Z
??$Transfer@V?$StreamedBinaryRead@$0A@@@@AnimationEvent@@QAEXAAV?$StreamedBinaryRead@$0A@@@@Z
??$Transfer@V?$StreamedBinaryRead@$0A@@@@Behaviour@@QAEXAAV?$StreamedBinaryRead@$0A@@@@Z
??$Transfer@V?$StreamedBinaryRead@$0A@@@@Component@Unity@@QAEXAAV?$StreamedBinaryRead@$0A@@@@Z
??$Transfer@V?$StreamedBinaryRead@$0A@@@@GameObject@Unity@@QAEXAAV?$StreamedBinaryRead@$0A@@@@Z
??$Transfer@V?$StreamedBinaryRead@$0A@@@@GlobalGameManager@@QAEXAAV?$StreamedBinaryRead@$0A@@@@Z
??$Transfer@V?$StreamedBinaryRead@$0A@@@@LevelGameManager@@QAEXAAV?$StreamedBinaryRead@$0A@@@@Z
??$Transfer@V?$StreamedBinaryRead@$0A@@@@NamedObject@@QAEXAAV?$StreamedBinaryRead@$0A@@@@Z
??$Transfer@V?$StreamedBinaryRead@$0A@@@@Object@@IAEXAAV?$StreamedBinaryRead@$0A@@@@Z
??$Transfer@V?$StreamedBinaryRead@$0A@@@@Renderer@@QAEXAAV?$StreamedBinaryRead@$0A@@@@Z
??$Transfer@V?$StreamedBinaryWrite@$0A@@@@AnimationEvent@@QAEXAAV?$StreamedBinaryWrite@$0A@@@@Z
??$Transfer@V?$StreamedBinaryWrite@$0A@@@@Behaviour@@QAEXAAV?$StreamedBinaryWrite@$0A@@@@Z
??$Transfer@V?$StreamedBinaryWrite@$0A@@@@Component@Unity@@QAEXAAV?$StreamedBinaryWrite@$0A@@@@Z
??$Transfer@V?$StreamedBinaryWrite@$0A@@@@GameObject@Unity@@QAEXAAV?$StreamedBinaryWrite@$0A@@@@Z
??$Transfer@V?$StreamedBinaryWrite@$0A@@@@GlobalGameManager@@QAEXAAV?$StreamedBinaryWrite@$0A@@@@Z
??$Transfer@V?$StreamedBinaryWrite@$0A@@@@LevelGameManager@@QAEXAAV?$StreamedBinaryWrite@$0A@@@@Z
??$Transfer@V?$StreamedBinaryWrite@$0A@@@@NamedObject@@QAEXAAV?$StreamedBinaryWrite@$0A@@@@Z
??$Transfer@V?$StreamedBinaryWrite@$0A@@@@Object@@IAEXAAV?$StreamedBinaryWrite@$0A@@@@Z
??$Transfer@V?$StreamedBinaryWrite@$0A@@@@Renderer@@QAEXAAV?$StreamedBinaryWrite@$0A@@@@Z
??$Transfer@VProxyTransfer@@@AnimationEvent@@QAEXAAVProxyTransfer@@@Z
??$Transfer@VProxyTransfer@@@Behaviour@@QAEXAAVProxyTransfer@@@Z
??$Transfer@VProxyTransfer@@@Component@Unity@@QAEXAAVProxyTransfer@@@Z
??$Transfer@VProxyTransfer@@@GameObject@Unity@@QAEXAAVProxyTransfer@@@Z
??$Transfer@VProxyTransfer@@@GlobalGameManager@@QAEXAAVProxyTransfer@@@Z
??$Transfer@VProxyTransfer@@@LevelGameManager@@QAEXAAVProxyTransfer@@@Z
??$Transfer@VProxyTransfer@@@NamedObject@@QAEXAAVProxyTransfer@@@Z
??$Transfer@VProxyTransfer@@@Object@@IAEXAAVProxyTransfer@@@Z
??$Transfer@VProxyTransfer@@@Renderer@@QAEXAAVProxyTransfer@@@Z
??$Transfer@VRemapPPtrTransfer@@@AnimationEvent@@QAEXAAVRemapPPtrTransfer@@@Z
??$Transfer@VRemapPPtrTransfer@@@Behaviour@@QAEXAAVRemapPPtrTransfer@@@Z
??$Transfer@VRemapPPtrTransfer@@@Component@Unity@@QAEXAAVRemapPPtrTransfer@@@Z
??$Transfer@VRemapPPtrTransfer@@@GameObject@Unity@@QAEXAAVRemapPPtrTransfer@@@Z
??$Transfer@VRemapPPtrTransfer@@@GlobalGameManager@@QAEXAAVRemapPPtrTransfer@@@Z
??$Transfer@VRemapPPtrTransfer@@@LevelGameManager@@QAEXAAVRemapPPtrTransfer@@@Z
??$Transfer@VRemapPPtrTransfer@@@NamedObject@@QAEXAAVRemapPPtrTransfer@@@Z
??$Transfer@VRemapPPtrTransfer@@@Object@@IAEXAAVRemapPPtrTransfer@@@Z
??$Transfer@VRemapPPtrTransfer@@@Renderer@@QAEXAAVRemapPPtrTransfer@@@Z
??$Transfer@VSafeBinaryRead@@@AnimationEvent@@QAEXAAVSafeBinaryRead@@@Z
??$Transfer@VSafeBinaryRead@@@Behaviour@@QAEXAAVSafeBinaryRead@@@Z
??$Transfer@VSafeBinaryRead@@@Component@Unity@@QAEXAAVSafeBinaryRead@@@Z
??$Transfer@VSafeBinaryRead@@@GameObject@Unity@@QAEXAAVSafeBinaryRead@@@Z
??$Transfer@VSafeBinaryRead@@@GlobalGameManager@@QAEXAAVSafeBinaryRead@@@Z
??$Transfer@VSafeBinaryRead@@@LevelGameManager@@QAEXAAVSafeBinaryRead@@@Z
??$Transfer@VSafeBinaryRead@@@NamedObject@@QAEXAAVSafeBinaryRead@@@Z
??$Transfer@VSafeBinaryRead@@@Object@@IAEXAAVSafeBinaryRead@@@Z
??$Transfer@VSafeBinaryRead@@@Renderer@@QAEXAAVSafeBinaryRead@@@Z
AgPmDestroySourceConnection
AgPmEventEnabled
AgPmEventLoggingEnabled
AgPmSubmitEvent
AmdPowerXpressRequestHighPerformance
NvOptimusEnablement
NxCreateCoreSDK

Sections

.text
Size: 8.4MB - Virtual size: 8.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 185KB - Virtual size: 817KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.trace
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 553KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 371KB - Virtual size: 371KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b019270aa463061ea3eff34362e24e1d

Headers

DLL Characteristics

File Characteristics

Imports

hid

ws2_32

kernel32

user32

version

ole32

shlwapi

advapi32

gdi32

shell32

opengl32

winmm

oleaut32

msacm32

imm32

dnsapi

iphlpapi

winhttp

Exports

Exports

Sections

.text Size: 8.4MB - Virtual size: 8.4MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 185KB - Virtual size: 817KB

.trace Size: 5KB - Virtual size: 5KB

_RDATA Size: 1KB - Virtual size: 1KB

.rsrc Size: 553KB - Virtual size: 552KB

.reloc Size: 371KB - Virtual size: 371KB

.text
Size: 8.4MB - Virtual size: 8.4MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 185KB - Virtual size: 817KB

.trace
Size: 5KB - Virtual size: 5KB

_RDATA
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 553KB - Virtual size: 552KB

.reloc
Size: 371KB - Virtual size: 371KB