5733850b52aa5d079c827c92789a5052c755e0db9b0153369b4cef3cb2b01ee0

Sharing

Copy URL Twitter E-mail

General

Target

5733850b52aa5d079c827c92789a5052c755e0db9b0153369b4cef3cb2b01ee0
Size

3.7MB
MD5

c3dd3bb80bb198191f59030946fff8b5
SHA1

0d8fef7064bcd97d2961b48be574f98b04c295c5
SHA256

5733850b52aa5d079c827c92789a5052c755e0db9b0153369b4cef3cb2b01ee0
SHA512

36befa11fef834f38c8ed322562d1519c354fd9cbec6517128ad83868c650a778ade83fbbc047c6c34ea200d6994cda1680717aaaeb42c4b32461b414fb9a2d3
SSDEEP

49152:hWDRutc1BCA8D5xBTvkICtfZVVlhNj8Bi8QUz1yZxni8kqJgKsXQiDjrJ5jTaplt:hsj/CxBTvkdthVnjUifU1N8RfGxqb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5733850b52aa5d079c827c92789a5052c755e0db9b0153369b4cef3cb2b01ee0

Files

5733850b52aa5d079c827c92789a5052c755e0db9b0153369b4cef3cb2b01ee0
.exe windows:6 windows x86

eced54c247ab40d197a15e5af8f0c5f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
GetProcessHeap
SwitchToThread
SetFilePointer
LocalFree
FormatMessageA
Module32First
CreateToolhelp32Snapshot
ReadProcessMemory
GetCurrentProcessId
GetCurrentProcess
GetLastError
CloseHandle
GetCurrentDirectoryA
FindNextFileA
FindFirstFileA
FindClose
HeapAlloc
SetFileAttributesA
GetSystemInfo
Sleep
WaitForSingleObject
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetTickCount
WriteConsoleW
WriteFile
HeapSize
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
SetStdHandle
GetTimeZoneInformation
CreateProcessW
GetExitCodeProcess
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
GetStdHandle
GetModuleFileNameW
GetFileType
ExitProcess
GetModuleHandleExW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
InterlockedPushEntrySList
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
TerminateProcess
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReadFile
GetFileSize
CreateFileA
QueryPerformanceFrequency
QueryPerformanceCounter
GetPrivateProfileStringA
lstrlenA
GlobalFree
SetEndOfFile
InitializeCriticalSection
GetModuleFileNameA
IsProcessorFeaturePresent
HeapValidate
GetCPInfo
LCMapStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
GetStringTypeW
GetFileInformationByHandleEx
GetModuleHandleW
GetCurrentDirectoryW
Module32Next
AreFileApisANSI
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
CreateFileW
CreateDirectoryW
GetLocaleInfoEx
ReleaseSemaphore
GetLocaleInfoA
CompareStringA
WideCharToMultiByte
lstrlenW
GlobalLock
GlobalUnlock
FreeLibrary
GetVersionExA
GetSystemDirectoryA
GetModuleHandleA
OutputDebugStringA
LoadLibraryA
MultiByteToWideChar
GetProcAddress
GetCurrentThreadId
SetUnhandledExceptionFilter
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
CreateDirectoryA
GlobalAlloc
GetSystemTime

user32

RegisterClassExA
UnregisterClassA
DefWindowProcA
GetWindowRect
AdjustWindowRectEx
LoadCursorA
GetMessageA
TranslateMessage
IsWindow
GetKeyboardLayoutNameA
MoveWindow
OpenClipboard
CloseClipboard
GetClipboardData
CharNextW
CharNextExA
CharPrevExA
CreateWindowExA
DispatchMessageA
MessageBoxA
LoadStringA
IsIconic
ChangeDisplaySettingsA
ReleaseCapture
DestroyWindow
SetFocus
UpdateWindow
GetWindowLongA
SetWindowLongA
RegisterClassA
GetMenu
GetKeyboardLayout
GetAsyncKeyState
SetCapture
GetCapture
ShowWindow
SetCursorPos
LoadImageA
DestroyCursor
SetCursor
ShowCursor
GetKeyState
SystemParametersInfoA
LoadIconA
FindWindowA
ScreenToClient
GetCursorPos
SetWindowPos
PostQuitMessage
OffsetRect
SetRect
FillRect
ClientToScreen
GetClientRect
InvalidateRect
ReleaseDC
GetDC
PeekMessageA
GetSystemMetrics

gdi32

EnumFontFamiliesExA
CreateFontIndirectA
GetCharABCWidthsFloatW
GetTextExtentPoint32W
SelectObject
SetBkColor
SetTextColor
TextOutW
CreateCompatibleDC
DeleteDC
SetBkMode
CreateDIBSection
StretchBlt
DeleteObject
CreateSolidBrush
TextOutA
GetTextExtentPoint32A
GetStockObject

shell32

SHGetSpecialFolderPathA
SHGetKnownFolderPath

ole32

OleSetContainedObject
OleUninitialize
OleInitialize
CoGetClassObject
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
CoInitializeEx

winmm

timeEndPeriod
timeGetDevCaps
timeGetTime
timeBeginPeriod

d3d8

Direct3DCreate8

python27

PyTuple_Size
PyDict_GetItemString
PyTuple_New
PyTuple_SetItem
PyLong_AsLong
PyDict_SetItemString
PyInt_FromLong
PyDict_Next
PyDict_Size
PyLong_AsLongLong
PyDict_New
PyList_New
PyTuple_GetItem
PyString_FromString
PyInt_AsLong
PyModule_AddStringConstant
PyImport_ImportModule
PyString_InternFromString
PyObject_GetAttrString
PyCallable_Check
PyFloat_AsDouble
PyString_AsString
PyErr_Clear
PyErr_BadArgument
PyExc_RuntimeError
PyErr_SetString
PyModule_AddIntConstant
Py_InitModule4
Py_BuildValue
PyErr_Print
PyObject_CallObject
PyNumber_Check
_Py_NoneStruct
PyModule_GetDict
PyErr_Fetch
Py_SetProgramName
Py_Initialize
Py_Finalize
PyRun_StringFlags
PyImport_AddModule
PyList_Append
PyObject_GetAttr

imm32

ImmGetOpenStatus
ImmSetConversionStatus
ImmGetConversionStatus
ImmGetCandidateListW
ImmSetCompositionStringW
ImmNotifyIME
ImmAssociateContext
ImmReleaseContext
ImmGetContext
ImmIsIME
ImmGetIMEFileNameA
ImmGetCompositionStringW

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

dinput8

DirectInput8Create

ws2_32

send
socket
WSAGetLastError
WSAStartup
WSACleanup
recv
htons
inet_addr
gethostbyname
ioctlsocket
connect
select
closesocket
__WSAFDIsSet

ddraw

DirectDrawCreate

mss32

_AIL_open_stream@12
_AIL_close_digital_driver@4
_AIL_enumerate_3D_providers@12
_AIL_open_3D_provider@4
_AIL_close_3D_provider@4
_AIL_open_3D_listener@4
_AIL_close_3D_listener@4
_AIL_set_3D_position@16
_AIL_set_3D_velocity@20
_AIL_set_3D_orientation@28
_AIL_startup@0
_AIL_shutdown@0
_AIL_set_redist_directory@4
_AIL_close_stream@4
_AIL_stop_sample@4
_AIL_start_stream@4
_AIL_open_digital_driver@16
_AIL_pause_stream@8
_AIL_set_stream_volume_levels@12
_AIL_file_type@8
_AIL_decompress_ASI@24
_AIL_WAV_info@8
_AIL_set_file_callbacks@16
_AIL_file_read@8
_AIL_mem_free_lock@4
_AIL_decompress_ADPCM@12
_AIL_stream_volume_levels@12
_AIL_set_stream_loop_count@8
_AIL_stream_status@4
_AIL_last_error@0
_AIL_allocate_sample_handle@4
_AIL_release_sample_handle@4
_AIL_init_sample@4
_AIL_set_sample_file@12
_AIL_start_sample@4
_AIL_resume_sample@4
_AIL_end_sample@4
_AIL_set_sample_volume_pan@12
_AIL_set_sample_loop_count@8
_AIL_sample_status@4
_AIL_sample_volume_pan@12
_AIL_allocate_3D_sample_handle@4
_AIL_release_3D_sample_handle@4
_AIL_start_3D_sample@4
_AIL_stop_3D_sample@4
_AIL_resume_3D_sample@4
_AIL_end_3D_sample@4
_AIL_auto_update_3D_position@8
_AIL_3D_sample_volume@4
_AIL_3D_sample_status@4
_AIL_set_3D_sample_loop_count@8
_AIL_set_3D_sample_volume@8
_AIL_set_3D_sample_file@8

advapi32

RegOpenKeyA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

oleaut32

VariantInit
SysAllocString
VariantClear
SysFreeString

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 528KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 158KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eced54c247ab40d197a15e5af8f0c5f8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

winmm

d3d8

python27

imm32

version

dinput8

ws2_32

ddraw

mss32

advapi32

oleaut32

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 528KB - Virtual size: 528KB

.data Size: 158KB - Virtual size: 1.1MB

.data1 Size: 2KB - Virtual size: 2KB

.rsrc Size: 177KB - Virtual size: 176KB

.reloc Size: 130KB - Virtual size: 130KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 528KB - Virtual size: 528KB

.data
Size: 158KB - Virtual size: 1.1MB

.data1
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 177KB - Virtual size: 176KB

.reloc
Size: 130KB - Virtual size: 130KB