Static task
static1
General
-
Target
PES6.exe
-
Size
20.9MB
-
MD5
0ed71620ae31dd478e7a4d016f39f86b
-
SHA1
c9bc3dc45f39fbea51b447d972bfcdbc57441567
-
SHA256
41a2554b6458da835152cd5c9918baf57ad101f53f957e41afe4f8368dc66dda
-
SHA512
e8d4bc276bdbd65615c59b867ac6ee450d581d63f86e90a29a5cf5c0b5dc28c0227a42d9e9bd35072f36c3f39c3f470a8220434429529a7cf1f81205bffe752f
-
SSDEEP
196608:6tw3zknkJF7qwpHu9GSEUJJRfkuWUQIERnl8X7iE472FaK+9rWJfgcQKV18U2q:EUq1GdUJJRfkxGSof+1ug9KV6
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource PES6.exe
Files
-
PES6.exe.exe windows:4 windows x86
ed97efef45539a7146865d52337a8816
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
d3d8
Direct3DCreate8
dinput8
DirectInput8Create
winmm
timeKillEvent
timeSetEvent
timeBeginPeriod
timeEndPeriod
timeGetTime
ws2_32
WSACleanup
gethostname
gethostbyname
recv
WSAGetLastError
connect
select
__WSAFDIsSet
send
inet_ntoa
getsockname
WSAAsyncGetHostByName
WSAStartup
ntohs
closesocket
htons
setsockopt
inet_addr
recvfrom
htonl
sendto
ioctlsocket
socket
bind
kernel32
SetPriorityClass
GetCurrentProcess
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
ReleaseMutex
WaitForSingleObject
GetLastError
SetLastError
CreateMutexA
CloseHandle
FindClose
FindFirstFileA
FindNextFileA
FileTimeToSystemTime
DeleteFileA
RemoveDirectoryA
GetFileAttributesA
GetDriveTypeA
GetModuleFileNameA
WideCharToMultiByte
GetFullPathNameA
SetCurrentDirectoryA
CreateDirectoryA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
RtlUnwind
HeapFree
HeapAlloc
GetProcAddress
ExitProcess
TerminateProcess
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
GetCurrentThreadId
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
VirtualQuery
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
VirtualAlloc
HeapReAlloc
IsBadWritePtr
HeapSize
SetUnhandledExceptionFilter
GetOEMCP
GetCPInfo
DeleteCriticalSection
LoadLibraryA
IsBadReadPtr
IsBadCodePtr
SetFilePointer
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
CreateFileA
VirtualProtect
GetSystemInfo
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetEndOfFile
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
IsProcessorFeaturePresent
GetFileSize
lstrcatA
GetProcessHeap
InterlockedDecrement
InterlockedIncrement
ResumeThread
SetThreadPriorityBoost
SetThreadPriority
CreateThread
OutputDebugStringA
GetOverlappedResult
CreateEventA
lstrlenA
GetThreadPriority
SuspendThread
PulseEvent
SetThreadAffinityMask
ResetEvent
GetLocalTime
SetEvent
WaitForMultipleObjects
CreateSemaphoreA
ReleaseSemaphore
GetProfileIntA
ExitThread
InitializeCriticalSection
RaiseException
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange
FreeLibrary
MulDiv
lstrcpyA
DebugBreak
SetConsoleTitleA
AllocConsole
lstrcmpiA
ReadFile
user32
BeginPaint
RegisterClassExA
LoadIconA
UpdateWindow
LoadCursorA
DispatchMessageA
TranslateMessage
PeekMessageA
ReleaseDC
GetDC
EnumDisplaySettingsA
ScreenToClient
GetKeyState
WindowFromPoint
GetCursorPos
GetActiveWindow
EndPaint
FindWindowA
PostMessageA
MessageBoxA
CreateWindowExA
UnregisterHotKey
RegisterHotKey
RegisterDeviceNotificationA
ShowCursor
UnregisterDeviceNotification
AdjustWindowRectEx
IsIconic
ShowWindow
SetWindowPos
SetWindowLongA
RedrawWindow
GetSystemMetrics
SetCursor
SetFocus
PostQuitMessage
InvalidateRect
MsgWaitForMultipleObjects
GetAsyncKeyState
GetKeyboardLayout
GetWindowRect
GetWindowLongA
GetClassLongA
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SystemParametersInfoA
SetForegroundWindow
SetRect
wsprintfA
PostThreadMessageA
RegisterWindowMessageA
GetQueueStatus
DefWindowProcA
CallWindowProcA
SendMessageA
gdi32
GetDeviceCaps
advapi32
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyA
RegSetValueExA
RegCreateKeyExA
shell32
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
ole32
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoFreeUnusedLibraries
CoInitialize
CoTaskMemFree
iphlpapi
GetBestRoute
GetNetworkParams
GetAdaptersInfo
GetIpForwardTable
SetIpForwardEntry
GetIpAddrTable
Sections
��V Size: 7.5MB - Virtual size: 7.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 280KB - Virtual size: 284KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2.9MB - Virtual size: 49.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data1 Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 12KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
age Size: 4.7MB - Virtual size: 4.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
agis Size: 1KB - Virtual size: 48KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
quod Size: 2.1MB - Virtual size: 2.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rld Size: 3.4MB - Virtual size: 16.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE