a43282ed713e003d265af3c98fb78bb519827928c0f2b7c0d43231d9cffafcc3

Sharing

Copy URL Twitter E-mail

General

Target

a43282ed713e003d265af3c98fb78bb519827928c0f2b7c0d43231d9cffafcc3
Size

1.2MB
MD5

21f2678df2d59bcebbc8a5a8bfc3d85b
SHA1

b8f4482a65fa690346d83e1c105848c3daddb26c
SHA256

a43282ed713e003d265af3c98fb78bb519827928c0f2b7c0d43231d9cffafcc3
SHA512

533e7b3efde39badd2d9d7405767dcf3ffa986a5dfa89f4fa2af3a9e3dc0e0f14c4a11abbf34d536cd4c40c147572d4023c78b120bbeeb800ec6566e13cb21a3
SSDEEP

24576:KCOiRRMC0O3iZmVWxN2EkhYAQL60R/uYT4gbgc8TAb:QCpSZmWxZAQL60R/5TV8Ub

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a43282ed713e003d265af3c98fb78bb519827928c0f2b7c0d43231d9cffafcc3

Files

a43282ed713e003d265af3c98fb78bb519827928c0f2b7c0d43231d9cffafcc3
.exe windows:5 windows x86

5e61a018d8da139cfa2042b06e7d18bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ddraw

DirectDrawCreate

dsound

ord1

winmm

mmioDescend
mmioAscend
timeGetTime
mciSendCommandA
mmioRead
mmioClose
mmioOpenA

dinput

DirectInputCreateA

wsock32

closesocket
WSAGetLastError
recv
send
WSAStartup
select
__WSAFDIsSet
WSACleanup
setsockopt
inet_ntoa
htons
connect
socket
ioctlsocket
gethostbyname

lua51

luaL_addlstring
luaL_buffinit
luaL_addvalue
luaL_error
luaL_prepbuffer
lua_pushinteger
luaL_register
lua_pushnumber
lua_pushstring
luaL_checkinteger
luaL_checklstring
lua_pushvalue
lua_type
luaL_ref
lua_getfield
lua_settop
lua_pushcclosure
lua_isnumber
luaL_loadstring
luaL_newstate
lua_tonumber
lua_tolstring
lua_isstring
lua_call
lua_remove
lua_gettop
lua_gc
lua_pcall
luaL_loadfile
lua_insert
luaL_checknumber
luaL_openlibs

kernel32

LCMapStringW
CompareStringW
GetStringTypeW
GetStdHandle
GetFileType
CreateFileW
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
RaiseException
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
SetLastError
TerminateProcess
OpenProcess
GetLastError
CloseHandle
ExitProcess
CreateProcessA
VirtualProtect
VirtualFree
GetCurrentProcess
VirtualAlloc
GetCurrentThreadId
WriteFile
SetFilePointer
UnmapViewOfFile
GetProcAddress
GetModuleHandleW
GetFileAttributesExW
LoadLibraryExW
GetTickCount
FindNextFileA
FindClose
lstrcatA
lstrcpyA
IsDBCSLeadByte
GetCurrentDirectoryA
GlobalLock
GlobalUnlock
HeapFree
CreateFileA
HeapAlloc
GetLocalTime
GetProcessHeap
ReadFile
ReleaseMutex
Sleep
CreateThread
CreateDirectoryA
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
Process32First
SetErrorMode
CreateMutexA
GetACP
CreateToolhelp32Snapshot
QueryPerformanceFrequency
Process32Next
CreateFileMappingA
GetCurrentProcessId
OpenFileMappingA
MapViewOfFile
IsDebuggerPresent
GetComputerNameA
DeleteFileA
OutputDebugStringA
QueryPerformanceCounter
WaitForMultipleObjects
ExitThread
CreateEventA
HeapDestroy
HeapCreate
GetSystemInfo
GetStartupInfoW
DecodePointer
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetConsoleMode
ReadConsoleW
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetTimeZoneInformation
FindFirstFileA
CreateDirectoryW
DeleteFileW
FindFirstFileExA
SetStdHandle
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
HeapSize
HeapReAlloc
SetEndOfFile
FreeLibrary

user32

OffsetRect
DispatchMessageW
SetWindowLongA
SetWindowsHookExA
ChangeDisplaySettingsA
MessageBoxA
GetMessageW
CallNextHookEx
AdjustWindowRectEx
GetDC
GetKeyboardLayout
wsprintfA
GetClipboardData
GetAsyncKeyState
SetWindowPos
DestroyWindow
LoadCursorA
DispatchMessageA
ShowWindow
GetKeyState
RegisterClassA
CloseClipboard
OpenClipboard
UnhookWindowsHookEx
DefWindowProcA
CreateWindowExA
TranslateMessage
LoadIconA
GetClientRect
PeekMessageA
SetRect
PostQuitMessage
UpdateWindow
ReleaseDC
SetWindowTextA
SetTimer
ShowCursor
PostMessageA
ClientToScreen

gdi32

CreateCompatibleDC
SetTextColor
SetBkMode
SelectObject
GetDIBits
CreateCompatibleBitmap
BitBlt
CreateDCA
AddFontResourceA
GetDeviceCaps
GetStockObject
GetTextExtentPoint32A
DeleteDC
CreateFontA
DeleteObject
TextOutA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteA

vmprotectsdk32

VMProtectIsVirtualMachinePresent
VMProtectIsDebuggerPresent

netapi32

Netbios

psapi

GetModuleFileNameExA
EnumProcessModules
EnumProcesses

libeay32

ord339

imm32

ImmAssociateContext
ImmCreateContext
ImmSetOpenStatus
ImmGetOpenStatus
ImmGetProperty
ImmIsIME
ImmGetConversionStatus
ImmGetDescriptionA
ImmDestroyContext

Sections

.text
Size: 880KB - Virtual size: 880KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 183.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mydata
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5e61a018d8da139cfa2042b06e7d18bd

Headers

DLL Characteristics

File Characteristics

Imports

ddraw

dsound

winmm

dinput

wsock32

lua51

kernel32

user32

gdi32

advapi32

shell32

vmprotectsdk32

netapi32

psapi

libeay32

imm32

Sections

.text Size: 880KB - Virtual size: 880KB

.rdata Size: 159KB - Virtual size: 159KB

.data Size: 71KB - Virtual size: 183.4MB

.mydata Size: 512B - Virtual size: 1B

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 82KB - Virtual size: 82KB

.text
Size: 880KB - Virtual size: 880KB

.rdata
Size: 159KB - Virtual size: 159KB

.data
Size: 71KB - Virtual size: 183.4MB

.mydata
Size: 512B - Virtual size: 1B

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 82KB - Virtual size: 82KB