cf133d563099186e1e9259edb42525048ba0fdfb9eaec99f2ae6adb2cca4de24

Sharing

Copy URL

Twitter E-mail

General

Target

cf133d563099186e1e9259edb42525048ba0fdfb9eaec99f2ae6adb2cca4de24
Size

7.0MB
MD5

dbe8d058edadad1611925ff598fb9540
SHA1

501eb35befaa5b37326dd6539301a5c2af3e2fc7
SHA256

cf133d563099186e1e9259edb42525048ba0fdfb9eaec99f2ae6adb2cca4de24
SHA512

f50e87b4f5b15bd27d9a1ae312bf8a2c604ed412fe12630ac52f0914bb472f8d71cc27ce6562f17863d7f434732381d61d0870cfab0e4bc2d3b6b547c537b730
SSDEEP

49152:uSM2RWnOQ3pjPp9fA1qs+sWQ21CNAjYbzVUQMDvDB/Ae:KnOQ39PA1qsCQ/AjqVMDF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf133d563099186e1e9259edb42525048ba0fdfb9eaec99f2ae6adb2cca4de24

Files

cf133d563099186e1e9259edb42525048ba0fdfb9eaec99f2ae6adb2cca4de24
.exe windows:5 windows x86

6b9299fdbe61bbb46709bc34109ffc29

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

soundlib

CreateSoundLib

ss3dgfunc

_TransformVector3_VPTR2@16
_SetRotationYMatrix@8
_SetRotationXMatrix@8
_TransformV3TOV4@16
_WriteTGA@24
_COLORtoDWORD@16
_CrossProduct@12
_MatrixMultiply2@12
_RotatePositionWithPivot@24
_CalcDistance@8
_VECTOR3Length@4
_Normalize@8
_SetInverseMatrix@8

wsock32

WSACleanup
inet_addr
socket
gethostbyname
htons
connect
send
recv
closesocket
WSAStartup
gethostname
ioctlsocket

dinput8

DirectInput8Create

wininet

InternetConnectA
InternetCloseHandle
FtpPutFileA
InternetOpenA

kernel32

LoadLibraryA
GetVersionExA
MultiByteToWideChar
IsDBCSLeadByte
DeleteFileA
WideCharToMultiByte
GetCurrentProcessId
CreateThread
GetTickCount
WriteFile
CreateFileA
FindClose
FindNextFileA
RemoveDirectoryA
FindFirstFileA
GetPrivateProfileStringA
Sleep
GetCurrentThreadId
GlobalDeleteAtom
GlobalAddAtomA
GlobalFindAtomA
CreateDirectoryA
GetSystemDefaultLCID
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
GetModuleHandleA
lstrlenA
lstrlenW
GetLastError
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetStartupInfoW
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
LocalFree
FormatMessageA
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
GetProcAddress
lstrcmpA
FlushInstructionCache
GetCurrentProcess
SetLastError
GetDriveTypeA
Module32Next
CheckRemoteDebuggerPresent
SetUnhandledExceptionFilter
lstrcpynA
lstrcatA
lstrcpyA
IsBadReadPtr
GetCurrentDirectoryA
CopyFileA
GetWindowsDirectoryA
OutputDebugStringA
ReadFile
GlobalFree
GetSystemTime
DeviceIoControl
GetFileSize
OpenFile
LCMapStringA
InterlockedExchange
InterlockedCompareExchange
SetCurrentDirectoryA
WritePrivateProfileStringA
DecodePointer
EncodePointer
UnhandledExceptionFilter
IsProcessorFeaturePresent
HeapFree
HeapAlloc
GetProcessHeap
GetModuleFileNameW
VirtualQuery
QueryPerformanceCounter
GetSystemTimeAsFileTime
WaitForSingleObject
SetEvent
OpenEventA
OutputDebugStringW
InterlockedPushEntrySList
FreeLibrary
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
Process32First
GetModuleFileNameA
Module32First
GetFullPathNameA
Process32Next
CloseHandle
GetLocalTime
IsDebuggerPresent
LoadLibraryW
RaiseException
HeapSetInformation
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
UnmapViewOfFile
GetSystemInfo
MapViewOfFile
CreateFileMappingA
GetCurrentThread
OpenFileMappingA
SizeofResource

user32

DispatchMessageW
GetMessageA
GetMessageW
GetCursorPos
IsClipboardFormatAvailable
GetClipboardData
GetActiveWindow
GetTopWindow
GetWindowThreadProcessId
CharPrevA
OffsetRect
SetCursor
LoadCursorFromFileA
CopyRect
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetRect
ExitWindowsEx
CallWindowProcA
DestroyWindow
GetDlgItem
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
ScreenToClient
ClientToScreen
MoveWindow
CreateAcceleratorTableA
IsWindowUnicode
GetParent
GetClassNameA
RedrawWindow
GetClientRect
BeginPaint
FillRect
EndPaint
IsWindow
IsChild
SetFocus
GetFocus
GetWindow
GetSysColor
DestroyAcceleratorTable
GetDC
ReleaseDC
SendMessageA
CreateWindowExA
SetWindowPos
ShowWindow
UpdateWindow
ShowCursor
LoadIconA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
GetWindowLongA
SetWindowLongA
DefWindowProcA
RegisterWindowMessageA
GetClassInfoExA
LoadCursorA
RegisterClassExA
CharNextA
GetSystemMetrics
RegisterHotKey
UnregisterHotKey
PeekMessageA
TranslateMessage
DispatchMessageA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
MessageBoxA
wsprintfA
MsgWaitForMultipleObjectsEx
UnregisterClassA
GetWindowRect
PostMessageA
GetDesktopWindow

gdi32

GetDIBits
GetObjectA
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
CreateDCA
GetStockObject
CreateFontIndirectA
DeleteDC
DeleteObject
CreateSolidBrush
AddFontResourceA
BitBlt

advapi32

CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
OpenThreadToken
RevertToSelf
SetThreadToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyA
RegCreateKeyA
RegQueryValueExA
RegQueryInfoKeyW
CryptAcquireContextA
CryptCreateHash
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
RegSetValueExA
OpenProcessToken

shell32

ShellExecuteA

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
OleUninitialize
CreateStreamOnHGlobal
OleInitialize
CoInitialize
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
StringFromGUID2
OleLockRunning
CoUninitialize
CoInitializeSecurity
CoReleaseMarshalData
CoMarshalInterface
CoUnmarshalInterface
CoRevokeClassObject
CoRegisterClassObject
CoInitializeEx
CoSetProxyBlanket
CoFreeUnusedLibraries

oleaut32

VarUI4FromStr
SysAllocStringLen
SysStringLen
SysAllocString
VariantInit
VariantClear
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
CreateErrorInfo
SysFreeString
GetErrorInfo
VariantChangeType
SetErrorInfo
SafeArrayGetDim

freeimage

_FreeImage_ConvertTo16Bits565@4
_FreeImage_GetInfo@4
_FreeImage_GetBits@4
_FreeImage_Load@12
_FreeImage_SaveJPEG@12
_FreeImage_Unload@4

msvcp100d

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?good@ios_base@std@@QBE_NXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_DebugHeapTag_func@std@@YAABU_DebugHeapTag_t@1@XZ
?width@ios_base@std@@QAE_J_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Swap_all@_Container_base12@std@@QAEXAAU12@@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Xlength_error@std@@YAXPBD@Z
??0_Container_base12@std@@QAE@XZ
??1_Container_base12@std@@QAE@XZ
?_Orphan_all@_Container_base12@std@@QAEXXZ
?_Getpfirst@_Container_base12@std@@QBEPAPAU_Iterator_base12@2@XZ
?_Debug_message@std@@YAXPB_W0I@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?uncaught_exception@std@@YA_NXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_BADOFF@std@@3_JB
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bid@locale@std@@QAEIXZ
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
??3@YAXPAXABU_DebugHeapTag_t@std@@PADH@Z
??2@YAPAXIABU_DebugHeapTag_t@std@@PADH@Z

msvcr100

_recalloc
_lock_file
strstr
_mbsnbcpy_s
_mbsstr
_resetstkoflw
_execl
strtok
feof
fgets
printf
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
fflush
setvbuf
fsetpos
_fseeki64
fgetpos
fgetc
memcpy_s
ungetc
fputc
_unlock_file
strlen
fopen_s
fseek
ftell
malloc
fread
free
fclose
strcat
sprintf
strcmp
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
fscanf
srand
_time64
fabs
sscanf
strncpy
wcsncmp
atan2
_snprintf
strrchr
_atoi64
_i64toa
vsprintf
_wassert
sqrt
strncmp
floor
atol
_vsnprintf
atof
strncat
cos
_strupr
tan
_mbstok
_mbsrchr
_CRT_RTC_INITW
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_except_handler4_common
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
remove
system
fprintf
fopen
rand
atoi
fwrite
_purecall
sprintf_s
strcpy
_chdir
_fullpath
_findclose
_findnext64i32
_findfirst64i32
memmove
strtok_s
strcpy_s
wcslen
memchr
memcmp
exit
sin
calloc
__CxxFrameHandler3
??3@YAXPAX@Z
??2@YAPAXI@Z
memset
memcpy
??_V@YAXPAX@Z
_invalid_parameter
_CxxThrowException

msvcr100d

_mkdir
_wcsicmp
wcsncpy_s
wcscpy_s
_snwprintf_s
_vsnwprintf_s
_vsnprintf_s
wcscpy
_CrtDbgReport
_errno
_snprintf_s
memmove_s
_memccpy
_access
_strlwr
_CrtDbgReportW
_itoa
_getcwd

winmm

timeGetTime

Sections

.textbss
Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 473KB - Virtual size: 472KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 795KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b9299fdbe61bbb46709bc34109ffc29

Headers

DLL Characteristics

File Characteristics

Imports

soundlib

ss3dgfunc

wsock32

dinput8

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

freeimage

msvcp100d

msvcr100

msvcr100d

winmm

Sections

.textbss Size: - Virtual size: 2.6MB

.text Size: 5.5MB - Virtual size: 5.5MB

.rdata Size: 473KB - Virtual size: 472KB

.data Size: 795KB - Virtual size: 2.0MB

.idata Size: 19KB - Virtual size: 18KB

.rsrc Size: 51KB - Virtual size: 50KB

.reloc Size: 235KB - Virtual size: 234KB

.textbss
Size: - Virtual size: 2.6MB

.text
Size: 5.5MB - Virtual size: 5.5MB

.rdata
Size: 473KB - Virtual size: 472KB

.data
Size: 795KB - Virtual size: 2.0MB

.idata
Size: 19KB - Virtual size: 18KB

.rsrc
Size: 51KB - Virtual size: 50KB

.reloc
Size: 235KB - Virtual size: 234KB