SonicMania[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SonicMania.exe
Size

2.8MB
MD5

3a98c304b3fff915ddcf5ac985901362
SHA1

2660bbadf31b51a4727ab19299d12e112e9816b0
SHA256

bd8e8a208d551b6798bcc77648f77642653ebe0ba44beae555cd70f538663b9b
SHA512

66e00f754d4484278382bde5a0fac9627896f17c2771fd89d3da1f4d39ae1d308d87530d30397ade61b1d08dd05d38a647af15c48cefba7af0bfcd3538ed1de3
SSDEEP

49152:BYl/cSW0aD3gI8HJwTlp68y+UhYhnY8ODBdar72e4EkHAXjL7Tur1wY44+DyRE8u:BYa3gIjbmhLyR4EkHAXjL7Tur1wA+Inu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SonicMania.exe

Files

SonicMania.exe
.exe windows:5 windows x86

d3a707fff9b4ffb3bec8b1901ac8bc27

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AllocConsole
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WideCharToMultiByte
MultiByteToWideChar
FreeConsole
WaitForMultipleObjects
QueryPerformanceCounter
ReadFile
GetFileType
GetStdHandle
WaitForSingleObjectEx
FormatMessageA
VerifyVersionInfoA
GetSystemDirectoryA
VerSetConditionMask
SleepEx
InitializeCriticalSectionEx
SetLastError
GetLastError
GetTickCount64
QueryPerformanceFrequency
AttachConsole
GetModuleHandleA
OutputDebugStringW
FreeLibrary
PeekNamedPipe
GetCurrentProcessId
GetProcAddress
LoadLibraryA
Sleep
DeleteCriticalSection
CreateThread
CloseHandle
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GlobalMemoryStatusEx
ExpandEnvironmentStringsA
OutputDebugStringA

user32

PeekMessageA
PostQuitMessage
LoadIconA
CreateWindowExA
RedrawWindow
SetWindowLongA
ClientToScreen
GetMonitorInfoA
MonitorFromWindow
SetWindowPos
AdjustWindowRect
GetClientRect
MessageBoxA
LoadCursorA
RegisterDeviceNotificationA
RegisterClassA
DefWindowProcA
GetSystemMetrics
GetRawInputDeviceList
GetRawInputDeviceInfoA
UnregisterDeviceNotification
UpdateWindow
BeginPaint
EndPaint
DispatchMessageA
ScreenToClient
GetAsyncKeyState
MapVirtualKeyA
ShowCursor
GetCursorPos
GetRawInputData
RegisterRawInputDevices
ShowWindow

gdi32

GetStockObject

advapi32

CryptAcquireContextA
CryptImportKey
CryptDestroyKey
CryptReleaseContext
CryptGenRandom
CryptDestroyHash
CryptGetHashParam
CryptCreateHash
RegOpenKeyExW
RegQueryValueExW
CryptHashData
CryptEncrypt

ole32

CoCreateGuid
CoInitializeEx
CoCreateInstance
CoUninitialize

comctl32

ord17

winmm

timeGetTime

d3d9

Direct3DCreate9

xinput9_1_0

XInputGetState

steam_api

SteamAPI_GetHSteamPipe
SteamAPI_GetHSteamUser
SteamInternal_CreateInterface
SteamInternal_ContextInit
SteamAPI_Shutdown
SteamAPI_RegisterCallback
SteamAPI_RestartAppIfNecessary
SteamAPI_Init
SteamAPI_RunCallbacks
SteamAPI_RegisterCallResult
SteamAPI_UnregisterCallResult
SteamAPI_UnregisterCallback

ws2_32

WSAIoctl
ntohl
htonl
gethostname
ioctlsocket
sendto
recvfrom
listen
accept
freeaddrinfo
getaddrinfo
WSAStartup
WSACleanup
WSAGetLastError
socket
__WSAFDIsSet
select
WSASetLastError
recv
send
bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt

crypt32

CertFreeCertificateContext

wldap32

ord60
ord50
ord41
ord22
ord26
ord46
ord32
ord33
ord35
ord79
ord30
ord200
ord27
ord211
ord301
ord143

normaliz

IdnToAscii

msvcp140

??Bid@locale@std@@QAEIXZ
?_Incref@facet@locale@std@@UAEXXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
?widen@?$ctype@_W@std@@QBE_WD@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_BADOFF@std@@3_JB
?id@?$ctype@_W@std@@2V0locale@2@A
?uncaught_exception@std@@YA_NXZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Xbad_function_call@std@@YAXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PBX@Z
?_Xlength_error@std@@YAXPBD@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ

vcruntime140

memmove
__std_terminate
__CxxFrameHandler3
_except_handler4_common
_CxxThrowException
strrchr
memcpy
memset
_purecall
__std_exception_copy
__std_exception_destroy
memchr
strchr
strstr

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
fgets
fread
feof
fputs
ferror
fwrite
_lseeki64
fputc
fgetc
_set_fmode
__stdio_common_vsprintf
fflush
ftell
fseek
__p__commode
__acrt_iob_func
fclose
freopen
_read
_write
_close
_open
__stdio_common_vfprintf
fopen

api-ms-win-crt-time-l1-1-0

_gmtime64_s
_mktime64
_localtime64
_gmtime64
_time32
_time64
strftime

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_controlfp_s
terminate
_register_thread_local_exe_atexit_callback
_c_exit
_exit
exit
strerror
__sys_nerr
_beginthreadex
_getpid
_initterm
_get_narrow_winmain_command_line
_errno
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function

api-ms-win-crt-utility-l1-1-0

qsort
rand

api-ms-win-crt-math-l1-1-0

floor
_libm_sse2_asin_precise
_except1
_CIatan2
_libm_sse2_cos_precise
ldexp
__setusermatherr
_libm_sse2_sin_precise
_libm_sse2_exp_precise
_libm_sse2_sqrt_precise
_libm_sse2_log_precise
_libm_sse2_acos_precise
_libm_sse2_pow_precise

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
calloc
_set_new_mode
realloc
free

api-ms-win-crt-string-l1-1-0

_strdup
strncpy
strcpy_s
strtok
isgraph
isspace
isprint
tolower
islower
isupper
isalpha
isalnum
isdigit
isxdigit
strpbrk
strncmp

api-ms-win-crt-filesystem-l1-1-0

remove
_stat64
_fstat64

api-ms-win-crt-convert-l1-1-0

strtol
strtoll
atof
strtoul
atoi

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 8.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 225KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 188KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3a707fff9b4ffb3bec8b1901ac8bc27

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

comctl32

winmm

d3d9

xinput9_1_0

steam_api

ws2_32

crypt32

wldap32

normaliz

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 146KB - Virtual size: 148KB

.data Size: 13KB - Virtual size: 8.4MB

.gfids Size: 512B - Virtual size: 4KB

_RDATA Size: 4KB - Virtual size: 4KB

.rsrc Size: 225KB - Virtual size: 228KB

.reloc Size: 188KB - Virtual size: 192KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 146KB - Virtual size: 148KB

.data
Size: 13KB - Virtual size: 8.4MB

.gfids
Size: 512B - Virtual size: 4KB

_RDATA
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 225KB - Virtual size: 228KB

.reloc
Size: 188KB - Virtual size: 192KB