274902d14c407de1249fc1e7c9127d704bd6213f81c204b3fc5417718949b39f

Sharing

Copy URL

Twitter E-mail

General

Target

274902d14c407de1249fc1e7c9127d704bd6213f81c204b3fc5417718949b39f
Size

10.3MB
MD5

f235fb4c3b70255f81d851806b0c055d
SHA1

9d2a506d77d0ceb581e5bab4b776847a5c0a3fb4
SHA256

274902d14c407de1249fc1e7c9127d704bd6213f81c204b3fc5417718949b39f
SHA512

e4548eb6d06474cbb98c78790330fb3e9ec94f55ea5754e985a1ab32894858b6f4276fba545c36b077200a3a8f57549a4a7ca977d88c3f90f65f3dc702962cf5
SSDEEP

98304:703otjS3J47McAhv320BGyTUdOqP408FSumFKk1LUbIGVo28zClwoXp550sFDxk/:I3iPtzyMGp8qwqp5C8D+XuU6S3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
274902d14c407de1249fc1e7c9127d704bd6213f81c204b3fc5417718949b39f

Files

274902d14c407de1249fc1e7c9127d704bd6213f81c204b3fc5417718949b39f
.exe windows:6 windows x86

278e82436f50a996b2df1f63c2044238

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
HeapFree
GetProcessHeap
SwitchToThread
SetFilePointer
CreateThread
GetExitCodeThread
LocalFree
FormatMessageA
ReadFile
GetFileSize
QueryPerformanceFrequency
QueryPerformanceCounter
GetTempPathA
FindFirstFileExA
MoveFileA
GetPrivateProfileStringA
lstrlenA
GlobalFree
GetCurrentThread
CreateMutexA
ReleaseMutex
IsDebuggerPresent
DeleteFileA
CreateFileA
GetCurrentDirectoryA
K32GetModuleInformation
LoadLibraryW
LoadLibraryExW
LoadLibraryExA
VirtualQuery
SetEndOfFile
WriteConsoleW
HeapQueryInformation
HeapSize
CreateDirectoryW
OutputDebugStringW
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
GetThreadContext
GetThreadId
GetModuleFileNameA
FindNextFileA
FindFirstFileA
FindNextFileW
FindFirstFileExW
SetStdHandle
DeleteFileW
SetFileAttributesW
SetCurrentDirectoryW
FindClose
CreateProcessW
CreateProcessA
GetExitCodeProcess
HeapReAlloc
GetFileAttributesExW
SetConsoleCtrlHandler
FlushFileBuffers
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
GetStdHandle
GetModuleFileNameW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
CreateFileW
GetFullPathNameA
GetFullPathNameW
GetDriveTypeW
FreeLibraryAndExitThread
ResumeThread
ExitThread
GetModuleHandleExW
ExitProcess
InterlockedFlushSList
InterlockedPushEntrySList
RaiseException
RtlUnwind
GetThreadTimes
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
GetModuleHandleW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
InitializeCriticalSectionAndSpinCount
SetLastError
DecodePointer
EncodePointer
GetStringTypeW
FormatMessageW
CopyFileA
GetLocaleInfoA
CompareStringA
WideCharToMultiByte
lstrlenW
GlobalUnlock
GlobalLock
FreeLibrary
GetVersionExA
GetSystemDirectoryA
WinExec
GetCurrentThreadId
SetUnhandledExceptionFilter
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetSystemInfo
GetTempFileNameA
RemoveDirectoryA
CreateDirectoryA
AllocConsole
GlobalAlloc
SetFileAttributesA
K32GetModuleFileNameExA
K32EnumProcessModules
OpenProcess
VirtualProtect
SetThreadPriority
Sleep
CreateEventA
WaitForSingleObject
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
Module32Next
Module32First
ReadProcessMemory
GetCurrentProcessId
GetCurrentProcess
GetLastError
WriteFile
MultiByteToWideChar
GetTickCount
GetCurrentDirectoryW
Thread32Next
Thread32First
CreateToolhelp32Snapshot
CloseHandle
GetModuleHandleA
OutputDebugStringA
LoadLibraryA
GetProcAddress
GetTimeZoneInformation

user32

GetAsyncKeyState
GetDC
ReleaseDC
BeginPaint
EndPaint
MessageBoxA
LoadStringA
GetSystemMetrics
ChangeDisplaySettingsA
ReleaseCapture
SetCapture
GetCapture
ShowWindow
FlashWindowEx
SetCursorPos
LoadImageA
DestroyCursor
SetCursor
DefWindowProcA
UnregisterClassA
RegisterClassExA
CreateWindowExA
IsWindow
DestroyWindow
MoveWindow
SetFocus
UpdateWindow
GetWindowLongA
SetWindowLongA
RegisterClassA
GetMenu
SetWindowTextA
GetWindowRect
AdjustWindowRectEx
LoadCursorA
GetMessageA
TranslateMessage
DispatchMessageA
GetKeyboardLayoutNameA
GetKeyboardLayout
OpenClipboard
CloseClipboard
GetClipboardData
CharNextW
PeekMessageA
CharNextExA
SystemParametersInfoA
InvalidateRect
GetClientRect
ClientToScreen
FillRect
SetRect
OffsetRect
PostQuitMessage
SetWindowPos
GetCursorPos
ScreenToClient
FindWindowA
LoadIconA
GetKeyState
ShowCursor
CharPrevExA

gdi32

CreateDIBSection
TextOutA
SetBkMode
StretchBlt
SetDIBitsToDevice
DeleteDC
CreateCompatibleDC
GetTextExtentPoint32A
PatBlt
DeleteObject
CreateSolidBrush
GetStockObject
EnumFontFamiliesExA
CreateFontIndirectA
GetCharABCWidthsFloatW
GetTextExtentPoint32W
SelectObject
SetBkColor
SetTextColor
TextOutW

ole32

CoCreateInstance
OleSetContainedObject
OleUninitialize
OleInitialize
CoGetClassObject
CoUninitialize
CoInitialize
CoInitializeEx

winmm

timeEndPeriod
timeBeginPeriod
timeGetDevCaps
timeGetTime

d3d9

Direct3DCreate9

d3dx9_43

D3DXVec3TransformCoord
D3DXMatrixRotationZ
D3DXMatrixMultiply
D3DXMatrixTranslation
D3DXCompileShader
D3DXMatrixRotationQuaternion
D3DXQuaternionRotationAxis
D3DXQuaternionMultiply
D3DXMatrixRotationYawPitchRoll
D3DXMatrixInverse
D3DXMatrixRotationX
D3DXMatrixTransformation
D3DXVec3TransformNormal
D3DXMatrixRotationAxis
D3DXVec4Transform
D3DXMatrixScaling
D3DXVec2Normalize
D3DXMatrixDeterminant
D3DXVec3Normalize
D3DXMatrixLookAtRH
D3DXVec3Project
D3DXVec3Unproject
D3DXCreateEffectFromFileA
D3DXMatrixPerspectiveFovRH
D3DXMatrixOrthoRH
D3DXMatrixOrthoOffCenterRH
D3DXCreateMatrixStack
D3DXCreateCylinder
D3DXCreateSphere
D3DXGetImageInfoFromFileInMemory
D3DXLoadSurfaceFromSurface
D3DXCreateTexture
D3DXCreateTextureFromFileInMemoryEx
D3DXGetFVFVertexSize
D3DXMatrixRotationY
D3DXPlaneNormalize
D3DXQuaternionRotationYawPitchRoll
D3DXVec3Transform
D3DXMatrixTranspose

python27

PyString_FromString
PyTuple_GetItem
PyList_New
PyList_Append
PyLong_AsLong
PyTuple_Size
PyDict_GetItemString
PyTuple_New
PyTuple_SetItem
PyLong_FromUnsignedLongLong
PyInt_FromLong
PyDict_Next
PyDict_Size
PyLong_FromLongLong
PyRun_SimpleStringFlags
PyString_InternFromString
PyObject_GetAttrString
PyObject_GetAttr
PyCallable_Check
PyLong_AsUnsignedLong
PyLong_AsLongLong
PyLong_AsUnsignedLongLong
PyFloat_AsDouble
PyString_AsString
PyErr_Clear
PyErr_BadArgument
PyErr_Print
PyExc_RuntimeError
PyNumber_Check
_Py_NoneStruct
PyDict_SetItemString
PyModule_GetDict
PyErr_Fetch
Py_Initialize
Py_InitializeDebug
Py_Finalize
PyErr_SetString
PyRun_StringFlags
PyEval_SetTrace
Py_FlushLine
PyImport_GetMagicNumber
PyImport_AddModule
PyImport_ImportModule
PyObject_AsCharBuffer
PyCode_Addr2Line
PyEval_EvalCode
Py_OptimizeFlag
PyCode_Type
PyUnicodeUCS2_DecodeUTF8
_PyLong_FromByteArray
PyFloat_FromDouble
PyComplex_FromCComplex
PyString_FromStringAndSize
PyList_SetItem
PyDict_New
PyDict_SetItem
PyErr_Occurred
PyErr_NoMemory
PyEval_GetRestricted
Py_InitModule4
PyModule_AddIntConstant
Py_BuildValue
PyInt_AsLong
PyObject_CallObject
PyCode_New
PyMarshal_ReadObjectFromString
_PyLong_New
_Py_EllipsisObject
PyExc_StopIteration
PyExc_EOFError
PyExc_ValueError
Py_SetProgramName

imm32

ImmGetIMEFileNameA
ImmGetCandidateListW
ImmNotifyIME
ImmGetOpenStatus
ImmSetConversionStatus
ImmSetCompositionStringW
ImmGetCompositionStringW
ImmAssociateContext
ImmReleaseContext
ImmGetContext
ImmIsIME
ImmGetConversionStatus

devil

ilInit
ilBindImage
ilConvertImage
ilCopyPixels
ilDeleteImages
ilEnable
ilGenImages
ilGetInteger
ilLoad
ilOriginFunc
ilShutDown
ilSave
ilSetPixels
ilTexImage

discord_game_sdk

DiscordCreate

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

imagehlp

GetTimestampForLoadedLibrary
EnumerateLoadedModules
StackWalk

mss32

_AIL_release_sample_handle@4
_AIL_last_error@0
_AIL_stream_status@4
_AIL_set_sample_volume_pan@12
_AIL_stream_volume_levels@12
_AIL_set_stream_volume_levels@12
_AIL_pause_stream@8
_AIL_start_stream@4
_AIL_close_stream@4
_AIL_shutdown@0
_AIL_set_3D_orientation@28
_AIL_set_3D_velocity@20
_AIL_set_3D_position@16
_AIL_close_3D_listener@4
_AIL_set_sample_loop_count@8
_AIL_sample_status@4
_AIL_sample_volume_pan@12
_AIL_allocate_3D_sample_handle@4
_AIL_release_3D_sample_handle@4
_AIL_start_3D_sample@4
_AIL_stop_3D_sample@4
_AIL_resume_3D_sample@4
_AIL_end_3D_sample@4
_AIL_set_3D_sample_file@8
_AIL_start_sample@4
_AIL_set_3D_sample_loop_count@8
_AIL_3D_sample_status@4
_AIL_3D_sample_volume@4
_AIL_update_3D_position@8
_AIL_auto_update_3D_position@8
_AIL_minimum_sample_buffer_size@12
_AIL_sample_buffer_ready@4
_AIL_load_sample_buffer@16
_AIL_decompress_ADPCM@12
_AIL_file_type@8
_AIL_decompress_ASI@24
_AIL_WAV_info@8
_AIL_set_file_callbacks@16
_AIL_file_read@8
_AIL_mem_free_lock@4
_AIL_set_input_state@8
_AIL_open_input@4
_AIL_set_sample_playback_rate@8
_AIL_set_sample_type@12
_AIL_init_sample@4
_AIL_allocate_sample_handle@4
_AIL_set_redist_directory@4
_AIL_open_digital_driver@16
_AIL_startup@0
_AIL_mem_alloc_lock@4
_AIL_set_sample_file@12
_AIL_stop_sample@4
_AIL_resume_sample@4
_AIL_set_3D_sample_volume@8
_AIL_end_sample@4
_AIL_set_stream_loop_count@8
_AIL_open_3D_listener@4
_AIL_close_3D_provider@4
_AIL_open_3D_provider@4
_AIL_enumerate_3D_providers@12
_AIL_close_digital_driver@4
_AIL_open_stream@12

speedtreert

?GetCollisionObject@CSpeedTreeRT@@QAEXIAAW4ECollisionObjectType@1@PAM1@Z
?GetCollisionObjectCount@CSpeedTreeRT@@QAEIXZ
?GetBoundingBox@CSpeedTreeRT@@QBEXPAM@Z
?GetCurrentError@CSpeedTreeRT@@SAPBDXZ
?SetTextureFlip@CSpeedTreeRT@@SAX_N@Z
?GetTextures@CSpeedTreeRT@@QBEXAAUSTextures@1@@Z
?GetGeometry@CSpeedTreeRT@@QAEXAAUSGeometry@1@KFFF@Z
?GetNumFrondLodLevels@CSpeedTreeRT@@QBEGXZ
?GetNumLeafLodLevels@CSpeedTreeRT@@QBEGXZ
?GetNumBranchLodLevels@CSpeedTreeRT@@QBEGXZ
?SetDropToBillboard@CSpeedTreeRT@@SAX_N@Z
?SetFrondWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetBranchWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetLeafWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetNumLeafRockingGroups@CSpeedTreeRT@@QAEXI@Z
?SetLeafRockingState@CSpeedTreeRT@@QAEX_N@Z
?GetFrondMaterial@CSpeedTreeRT@@QBEPBMXZ
?GetLeafMaterial@CSpeedTreeRT@@QBEPBMXZ
?GetBranchMaterial@CSpeedTreeRT@@QBEPBMXZ
?GetLeafLightingAdjustment@CSpeedTreeRT@@QBEMXZ
?SetFrondLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetLeafLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetBranchLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetTreePosition@CSpeedTreeRT@@QAEXMMM@Z
?GetTreePosition@CSpeedTreeRT@@QBEPBMXZ
?SetTreeSize@CSpeedTreeRT@@QAEXMM@Z
?LoadTree@CSpeedTreeRT@@QAE_NPBEI@Z
?LoadTree@CSpeedTreeRT@@QAE_NPBD@Z
?DeleteTransientData@CSpeedTreeRT@@QAEXXZ
?MakeInstance@CSpeedTreeRT@@QAEPAV1@XZ
?Compute@CSpeedTreeRT@@QAE_NPBMI_N@Z
??3CSpeedTreeRT@@SAXPAX@Z
??2CSpeedTreeRT@@SAPAXI@Z
??1CSpeedTreeRT@@QAE@XZ
??0CSpeedTreeRT@@QAE@XZ
??1STextures@CSpeedTreeRT@@QAE@XZ
??0STextures@CSpeedTreeRT@@QAE@XZ
??1SGeometry@CSpeedTreeRT@@QAE@XZ
??0SGeometry@CSpeedTreeRT@@QAE@XZ
?SetCamera@CSpeedTreeRT@@SAXPBM0@Z
?SetLightAttributes@CSpeedTreeRT@@SAXIPBM@Z
?SetLightState@CSpeedTreeRT@@SAXI_N@Z
?SetNumWindMatrices@CSpeedTreeRT@@SAXI@Z
?SetWindStrength@CSpeedTreeRT@@QAEMMMM@Z
?SetTime@CSpeedTreeRT@@SAXM@Z

dinput8

DirectInput8Create

ws2_32

send
socket
WSAGetLastError
recv
WSACleanup
htonl
htons
inet_addr
ntohl
ntohs
gethostbyname
gethostname
select
ioctlsocket
__WSAFDIsSet
closesocket
WSAStartup
connect

ddraw

DirectDrawCreate

advapi32

CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathA

oleaut32

SysFreeString
VariantClear
VariantInit
SafeArrayAccessData
SafeArrayDestroy
SafeArrayCreate
SysAllocString

Exports

Exports

AmdPowerXpressRequestHighPerformance
GetHorsePathNameByMode
LoadGameNPC
LoadPythonPlayerSettingsModuleLibrary
NvOptimusEnablement
PythonPlayerSettingsModuleLibRegisterFunctions
PythonPlayerSettingsModuleLibRegisterVariables

Sections

.text
Size: 7.4MB - Virtual size: 7.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 198KB - Virtual size: 578KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 351KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

278e82436f50a996b2df1f63c2044238

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

ole32

winmm

d3d9

d3dx9_43

python27

imm32

devil

discord_game_sdk

version

imagehlp

mss32

speedtreert

dinput8

ws2_32

ddraw

advapi32

shell32

oleaut32

Exports

Exports

Sections

.text Size: 7.4MB - Virtual size: 7.4MB

.rdata Size: 2.1MB - Virtual size: 2.1MB

.data Size: 198KB - Virtual size: 578KB

.idata Size: 20KB - Virtual size: 20KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 214KB - Virtual size: 213KB

.reloc Size: 351KB - Virtual size: 351KB

.text
Size: 7.4MB - Virtual size: 7.4MB

.rdata
Size: 2.1MB - Virtual size: 2.1MB

.data
Size: 198KB - Virtual size: 578KB

.idata
Size: 20KB - Virtual size: 20KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 214KB - Virtual size: 213KB

.reloc
Size: 351KB - Virtual size: 351KB