d1cb306d18f1f72c0c234d11e3554f30e66344e9cec8630fd488337cbd8194e8

Sharing

Copy URL Twitter E-mail

General

Target

d1cb306d18f1f72c0c234d11e3554f30e66344e9cec8630fd488337cbd8194e8
Size

4.9MB
MD5

f0a0f7d9b289ce2962e62333d434b274
SHA1

ade4f6e2e171308e9d505932e06cd603ddca1b75
SHA256

d1cb306d18f1f72c0c234d11e3554f30e66344e9cec8630fd488337cbd8194e8
SHA512

ab6660ca950ae1307da705134e0b9aab2653ddde944eadf497879f52fc0115b5c690011f374e910092bcb8c04a2bf86d50a251a0765701a1635c8baae3996a98
SSDEEP

49152:fmSgsyCwN70wsyWSghnIE6POYOv0xbaRV1l6YwwFLg2jZTsQmxH7gVCfXUS:lgz570byWSgdIpLOeaRtZ1ZYH7Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d1cb306d18f1f72c0c234d11e3554f30e66344e9cec8630fd488337cbd8194e8

Files

d1cb306d18f1f72c0c234d11e3554f30e66344e9cec8630fd488337cbd8194e8
.exe windows:4 windows x86

49f5593a3975eb61b5f15f639b85bbec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetConnectA
HttpSendRequestA
InternetCloseHandle
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
HttpOpenRequestA
InternetReadFile

d3d8

Direct3DCreate8

winmm

mmioAdvance
timeGetTime
mmioAscend
mmioRead
mmioDescend
mmioGetInfo
mmioCreateChunk
mmioSeek
mmioSetInfo
mmioWrite
mmioClose
mmioOpenA

imm32

ImmIsIME
ImmCreateContext
ImmDestroyContext
ImmGetConversionStatus
ImmSetConversionStatus
ImmAssociateContext
ImmGetCompositionStringA

dinput8

DirectInput8Create

dsound

ord11

wsock32

shutdown
closesocket
WSAGetLastError
setsockopt
WSACleanup
WSAAsyncSelect
socket
htons
ioctlsocket
connect
WSAStartup

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

ddraw

DirectDrawCreateEx
DirectDrawEnumerateExA

kernel32

HeapCreate
HeapDestroy
HeapReAlloc
HeapAlloc
SetFilePointer
GetFileType
GetOEMCP
UnhandledExceptionFilter
VirtualFree
GetTickCount
QueryPerformanceCounter
WinExec
QueryPerformanceFrequency
lstrcpynA
SetFileAttributesA
DeleteFileA
Sleep
GetLastError
CopyFileA
CreateDirectoryA
lstrlenA
GlobalMemoryStatus
GetVersionExA
CloseHandle
CreateEventA
SetEvent
ResetEvent
WaitForSingleObject
ExitThread
CreateThread
GetSystemInfo
SetCurrentDirectoryA
GetModuleFileNameA
IsDBCSLeadByte
MultiByteToWideChar
GetModuleHandleA
lstrcpyA
GlobalUnlock
GlobalLock
GlobalAlloc
LockResource
SizeofResource
LoadResource
FindResourceA
WideCharToMultiByte
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcatA
GetFileAttributesA
CreateFileA
GetFullPathNameA
OutputDebugStringA
VirtualAlloc
Process32Next
Process32First
CreateToolhelp32Snapshot
InitializeCriticalSection
DeleteCriticalSection
VirtualProtect
EnterCriticalSection
TerminateThread
WriteConsoleA
GetSystemTime
SetConsoleScreenBufferSize
GetStdHandle
SetConsoleTitleA
AllocConsole
ReleaseMutex
ResumeThread
SuspendThread
CreateMutexA
IsProcessorFeaturePresent
InterlockedIncrement
HeapValidate
GetProcessHeap
InterlockedDecrement
ReadFile
GetTempFileNameA
GetTempPathA
WriteFile
GetFileSize
MapViewOfFile
CreateFileMappingA
CreateFileW
UnmapViewOfFile
FindResourceW
HeapFree
OutputDebugStringW
FatalAppExitA
GetCPInfo
LCMapStringW
DebugBreak
LCMapStringA
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindNextFileA
FindFirstFileA
GetCurrentProcess
TerminateProcess
IsBadReadPtr
IsBadWritePtr
RaiseException
ExitProcess
RtlUnwind
InterlockedExchange
TlsAlloc
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
SetLastError
GetCurrentThread
GetCurrentProcessId
SetUnhandledExceptionFilter
SetHandleCount
VirtualQuery
FlushFileBuffers
GetTimeZoneInformation
GetCurrentDirectoryA
LeaveCriticalSection
GetACP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetConsoleCtrlHandler
GetTimeFormatA
GetDateFormatA
GetStringTypeA
GetStringTypeW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoW
OpenProcess
SetEndOfFile

user32

SetWindowLongA
LoadIconA
LoadCursorA
GetWindowLongA
SetWindowPos
InvalidateRect
DestroyWindow
CloseClipboard
SetFocus
LoadImageA
SendMessageA
GetWindowDC
GetClientRect
SetClassLongA
SetClipboardData
EmptyClipboard
DialogBoxParamA
PeekMessageA
DispatchMessageA
OpenClipboard
GetClipboardData
GetWindowTextA
GetWindowTextLengthA
GetParent
IsWindowVisible
GetWindowThreadProcessId
IsWindow
EnumWindows
ChangeDisplaySettingsA
FillRect
DrawTextA
DrawTextW
MessageBoxW
PostQuitMessage
TranslateMessage
SetCursor
DestroyCursor
GetDlgItemTextA
EndDialog
RegisterClassA
CreateWindowExA
DefWindowProcA
MoveWindow
GetDC
EnumDisplaySettingsA
CharNextA
GetKeyboardState
GetAsyncKeyState
GetKeyState
GetFocus
GetKeyboardLayout
GetCursorPos
GetWindowRect
SetRect
AdjustWindowRect
ShowCursor
PostMessageA
MessageBoxA
SetCursorPos

gdi32

CreateDIBSection
GetGlyphOutlineA
GetTextExtentPointA
CreateCompatibleBitmap
CreateFontIndirectA
BitBlt
SetBkColor
GetStockObject
CreateFontA
SelectObject
SetBkMode
SetTextColor
DeleteObject
TextOutA
StretchBlt
GetObjectA
DeleteDC
CreateCompatibleDC
GetTextMetricsA
GetTextExtentPoint32A

advapi32

RegQueryValueExA
RegEnumValueA
RegSetValueExA
RegCloseKey
RegOpenKeyA
RegOpenKeyExA

shell32

ShellExecuteA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

sdl

SDL_Init

ws2_32

WSARecv
WSASend

sdl_mixer

Mix_FadeInMusic
Mix_LoadMUS
Mix_FreeMusic
Mix_CloseAudio
Mix_FadeOutMusic
Mix_OpenAudio
Mix_QuerySpec
Mix_VolumeMusic
Mix_PlayingMusic
Mix_SetMusicCMD

netapi32

Netbios

psapi

GetModuleFileNameExA
EnumProcessModules

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 952KB - Virtual size: 951KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 9.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 288KB - Virtual size: 287KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49f5593a3975eb61b5f15f639b85bbec

Headers

File Characteristics

Imports

wininet

d3d8

winmm

imm32

dinput8

dsound

wsock32

version

ddraw

kernel32

user32

gdi32

advapi32

shell32

ole32

sdl

ws2_32

sdl_mixer

netapi32

psapi

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 952KB - Virtual size: 951KB

.data Size: 128KB - Virtual size: 9.1MB

.data1 Size: 4KB - Virtual size: 2KB

.rsrc Size: 24KB - Virtual size: 22KB

.reloc Size: 288KB - Virtual size: 287KB

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 952KB - Virtual size: 951KB

.data
Size: 128KB - Virtual size: 9.1MB

.data1
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 24KB - Virtual size: 22KB

.reloc
Size: 288KB - Virtual size: 287KB