8bdeea93b1968902268e365f19427d97f4582ce51532a5b8c3fe30119915ac71

Sharing

Copy URL Twitter E-mail

General

Target

8bdeea93b1968902268e365f19427d97f4582ce51532a5b8c3fe30119915ac71
Size

1.3MB
MD5

29835eb198b383f11ae7f8a9809a7563
SHA1

ea53456273e6968552771be5c757e8d37a8fabdd
SHA256

8bdeea93b1968902268e365f19427d97f4582ce51532a5b8c3fe30119915ac71
SHA512

5d69e5e2a53e2e7726ce88acaf5e7b592825d282b0a7b12e1336db2473b9a8c9066d317551ca34bc2542b06c8857be4fa873a2f301fbba0f4d0c4e6bbced9a24
SSDEEP

24576:zZPgA09VKZftqwq8WVK7Uyw9YykZKFhEc8vjf89CfQT3JgNgU2RBli:9o9VIG8ahj9aLU9mQTo2Ra

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8bdeea93b1968902268e365f19427d97f4582ce51532a5b8c3fe30119915ac71

Files

8bdeea93b1968902268e365f19427d97f4582ce51532a5b8c3fe30119915ac71
.exe windows:6 windows x86

7af784ce5111e7f3a92be17db3225068

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ddraw

DirectDrawCreate

dsound

ord1

winmm

mmioClose
mmioAscend
timeGetTime
mciSendCommandA
mmioRead
mmioOpenA
mmioDescend

dinput

DirectInputCreateA

wsock32

WSAGetLastError
recv
send
WSAStartup
select
closesocket
__WSAFDIsSet
WSACleanup
setsockopt
inet_ntoa
htons
connect
socket
ioctlsocket
gethostbyname

lua51

luaL_checknumber
luaL_addvalue
luaL_error
luaL_prepbuffer
lua_pushinteger
luaL_register
lua_pushnumber
lua_pushstring
luaL_checkinteger
luaL_checklstring
luaL_buffinit
lua_pushvalue
lua_pushcclosure
lua_isnumber
luaL_loadstring
lua_type
luaL_newstate
lua_tonumber
lua_tolstring
lua_isstring
lua_call
lua_remove
lua_gettop
lua_getfield
lua_gc
lua_pcall
lua_settop
luaL_openlibs
luaL_addlstring
lua_insert

kernel32

ReadConsoleW
GetConsoleMode
LCMapStringW
CompareStringW
GetStdHandle
GetModuleFileNameW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
CreateFileW
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
RaiseException
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
SetLastError
TerminateProcess
GetLastError
CloseHandle
ExitProcess
CreateProcessA
VirtualProtect
VirtualFree
GetCurrentProcess
VirtualAlloc
GetCurrentThreadId
WriteFile
UnmapViewOfFile
FindNextFileW
GetModuleHandleW
FreeLibrary
FlushFileBuffers
GetTickCount
FindFirstFileA
FindNextFileA
FindClose
lstrcatA
lstrcpyA
IsDBCSLeadByte
GetCurrentDirectoryA
LCMapStringA
GlobalLock
GlobalUnlock
HeapFree
CreateFileA
HeapAlloc
GetProcessHeap
ReadFile
ReleaseMutex
Sleep
CreateThread
CreateDirectoryA
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
SetErrorMode
CreateMutexA
GetACP
QueryPerformanceFrequency
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
GetComputerNameA
DeleteFileA
QueryPerformanceCounter
WaitForMultipleObjects
ExitThread
CreateEventA
HeapDestroy
HeapCreate
GetSystemInfo
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
GetTimeZoneInformation
CreateDirectoryW
GetCurrentDirectoryW
SetStdHandle
GetFileAttributesExW
DeleteFileW
LoadLibraryExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
FindFirstFileExW
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetStringTypeW
HeapSize
HeapReAlloc
SetEndOfFile
WriteConsoleW
GetProcAddress
DecodePointer

user32

ShowWindow
OffsetRect
SetWindowPos
GetDC
DestroyWindow
SetWindowTextA
DispatchMessageA
GetAsyncKeyState
wsprintfA
GetClipboardData
CloseClipboard
OpenClipboard
AdjustWindowRectEx
LoadCursorA
GetKeyboardLayout
GetKeyState
ClientToScreen
ShowCursor
SetWindowLongA
ChangeDisplaySettingsA
MessageBoxA
RegisterClassA
DefWindowProcA
CreateWindowExA
TranslateMessage
LoadIconA
GetClientRect
PeekMessageA
SetRect
PostQuitMessage
UpdateWindow
ReleaseDC
PostMessageA

gdi32

CreateCompatibleDC
TextOutA
DeleteObject
GetTextExtentPoint32A
GetDeviceCaps
GetStockObject
CreateFontA
SetTextColor
SetBkMode
CreateDCA
SelectObject

advapi32

RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA

vmprotectsdk32

VMProtectBegin
VMProtectDecryptStringA
VMProtectEnd

netapi32

Netbios

libeay32

ord339

imm32

ImmAssociateContext
ImmCreateContext
ImmSetOpenStatus
ImmGetOpenStatus
ImmGetProperty
ImmIsIME
ImmGetConversionStatus
ImmGetDescriptionA
ImmGetCompositionStringA
ImmGetCandidateListA
ImmDestroyContext

Sections

.text
Size: 1020KB - Virtual size: 1019KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 104.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7af784ce5111e7f3a92be17db3225068

Headers

DLL Characteristics

File Characteristics

Imports

ddraw

dsound

winmm

dinput

wsock32

lua51

kernel32

user32

gdi32

advapi32

shell32

vmprotectsdk32

netapi32

libeay32

imm32

Sections

.text Size: 1020KB - Virtual size: 1019KB

.rdata Size: 94KB - Virtual size: 94KB

.data Size: 100KB - Virtual size: 104.0MB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 77KB - Virtual size: 76KB

.text
Size: 1020KB - Virtual size: 1019KB

.rdata
Size: 94KB - Virtual size: 94KB

.data
Size: 100KB - Virtual size: 104.0MB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 77KB - Virtual size: 76KB