95f699c9f31dc33074b337aac1f9947153b1d4f7c099a99d5b2580c7dd0b1e20

Sharing

Copy URL Twitter E-mail

General

Target

95f699c9f31dc33074b337aac1f9947153b1d4f7c099a99d5b2580c7dd0b1e20
Size

2.9MB
MD5

b4a92abbb81dd089c7dc2a530242248c
SHA1

9f59cea8c0cd691cd36f44140ee46ec8c42f55cb
SHA256

95f699c9f31dc33074b337aac1f9947153b1d4f7c099a99d5b2580c7dd0b1e20
SHA512

ee74731093c03dc14e079cd55039950d4ec05a620a526f9b27902f97e1daaa25c51b9d475007ff28ae95edb966efa0835f808947f139ae81e26d9da5ab537068
SSDEEP

49152:G6rx2qCMWSPxZia8kVHVetYdOCp+MrFju4TTEtzjaOVWkPHSSRmo:3N7HX1O5RZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
95f699c9f31dc33074b337aac1f9947153b1d4f7c099a99d5b2580c7dd0b1e20

Files

95f699c9f31dc33074b337aac1f9947153b1d4f7c099a99d5b2580c7dd0b1e20
.exe windows:5 windows x86

a447c6fdb814f2e1f0ca912602d5d29e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

soundlib

CreateSoundLib

winmm

timeGetTime

ss3dgfunc

_RotatePositionWithPivot@24
_CalcDistance@8
_TransformV3TOV4@16
_MatrixMultiply2@12
_SetInverseMatrix@8
_SetRotationYMatrix@8
_TransformVector3_VPTR2@16
_SetRotationXMatrix@8
_Normalize@8
_VECTOR3_MULEQU_FLOAT@8
_VECTOR3_ADD_VECTOR3@12
_WriteTGA@24
_COLORtoDWORD@16
_VECTOR3Length@4
_CrossProduct@12

wsock32

gethostbyname
inet_addr
WSAStartup
WSACleanup
closesocket
recv
send
connect
socket
ioctlsocket
htons

dinput8

DirectInput8Create

wininet

InternetOpenA
InternetReadFile
InternetCloseHandle
InternetConnectA
HttpOpenRequestA
InternetQueryDataAvailable
HttpSendRequestA

kernel32

GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
LoadLibraryW
GetTimeZoneInformation
OutputDebugStringA
GetLocalTime
OpenFile
CloseHandle
GetFileSize
IsDBCSLeadByte
GetModuleFileNameA
DeleteFileA
GetTickCount
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
WideCharToMultiByte
WaitForSingleObject
ReadFile
GetCurrentDirectoryA
CreatePipe
GetStartupInfoA
CreateProcessA
lstrlenA
SetCurrentDirectoryA
CreateToolhelp32Snapshot
Process32First
Module32First
Module32Next
Process32Next
lstrcmpA
lstrcpyA
FreeLibrary
LoadLibraryA
GetProcAddress
CreateFileA
CreateEventA
CreateThread
SetEvent
ResumeThread
GetThreadContext
GetLastError
OpenProcess
GetPriorityClass
GetLogicalDriveStringsA
lstrcmpiA
QueryDosDeviceA
lstrcatA
WaitForMultipleObjects
TerminateProcess
IsDebuggerPresent
InterlockedCompareExchange
GetModuleHandleA
CompareStringW
GetCurrentProcess
VerSetConditionMask
VerifyVersionInfoA
ExitProcess
GetProcessId
GetCurrentProcessId
DuplicateHandle
WriteFile
CreateDirectoryA
FindFirstFileA
GetLocaleInfoA
FindNextFileA
FindClose
FileTimeToSystemTime
MultiByteToWideChar
InterlockedExchange
SetUnhandledExceptionFilter
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
WritePrivateProfileStringA
GetPrivateProfileStringA
GetTempPathA
CopyFileA
SetFileAttributesA
GetVersionExA
GetSystemTime
InterlockedDecrement
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
IsProcessorFeaturePresent
SetFilePointer
GetConsoleMode
GetConsoleCP
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetLocaleInfoW
SetHandleCount
SetEnvironmentVariableA
InitializeCriticalSectionAndSpinCount
HeapSize
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
RtlUnwind
RaiseException
GetModuleFileNameW
GetStdHandle
GetFileType
WriteConsoleW
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetFileAttributesA
GetModuleHandleW
HeapReAlloc
ExitThread
FindFirstFileExA
FileTimeToLocalFileTime
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
InterlockedIncrement
EnumSystemLocalesA
SetEndOfFile
CreateFileW
IsValidLocale
GetStringTypeW
SetStdHandle
GetProcessHeap
RemoveDirectoryA
LocalFree
VirtualQuery
MulDiv

user32

EnumWindows
wsprintfA
SetRect
MessageBoxA
CharNextA
CharPrevA
PostMessageA
OpenClipboard
GetClientRect
SetCursor
LoadCursorFromFileA
DefWindowProcA
ShowCursor
UpdateWindow
ShowWindow
CreateWindowExA
GetSystemMetrics
RegisterClassExA
LoadIconA
DispatchMessageA
TranslateMessage
PeekMessageA
RegisterHotKey
FindWindowExA
FindWindowA
ReleaseDC
GetDC
ReleaseCapture
SetCapture
ScreenToClient
GetClipboardData
IsClipboardFormatAvailable
OffsetRect
GetCursorPos
GetWindowTextA
GetWindowThreadProcessId
CopyRect
CloseClipboard
SetClipboardData
EmptyClipboard

gdi32

GetStockObject
GetDeviceCaps
GetTextExtentPoint32A
SelectObject
CreateFontIndirectA
DeleteObject

advapi32

RegCloseKey
OpenProcessToken
RegOpenKeyExA
RegQueryInfoKeyA
GetTokenInformation
LookupAccountSidA
GetUserNameA
RegQueryValueExA

shell32

ShellExecuteA

ole32

CoFreeUnusedLibraries
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

VariantClear

freeimage

_FreeImage_GetBits@4
_FreeImage_ConvertTo16Bits565@4
_FreeImage_Load@12
_FreeImage_GetInfo@4
_FreeImage_Unload@4
_FreeImage_SaveJPEG@12

psapi

GetProcessImageFileNameA

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 221KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 693KB - Virtual size: 1000KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a447c6fdb814f2e1f0ca912602d5d29e

Headers

DLL Characteristics

File Characteristics

Imports

soundlib

winmm

ss3dgfunc

wsock32

dinput8

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

freeimage

psapi

iphlpapi

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 221KB - Virtual size: 221KB

.data Size: 693KB - Virtual size: 1000KB

.rsrc Size: 102KB - Virtual size: 101KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 221KB - Virtual size: 221KB

.data
Size: 693KB - Virtual size: 1000KB

.rsrc
Size: 102KB - Virtual size: 101KB