Democracy4[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Democracy4.exe
Size

3.3MB
MD5

a8bdfc397d64488c237dcb68cd49e8bd
SHA1

bbe2a1d6806e679b90fdd85afdf43aed1f2532b6
SHA256

2c191833f6a3c328e78c9d97a3a3649296a46af8ddf3c4a0cd74691cf311b269
SHA512

f20aff42ee0ea9816695bfa22389b25add7b1ab4d7e098fbf4a6dfedc3138524c1e866e65bc7c80504919a11aa5bcaa9bca79afd5a0eea7526ba870ac6d8d61e
SSDEEP

49152:V2i3jfD3EcUydt5rWIcWBOI72VQvMWi/0vqYIht3jqS:V17zNWIjBOI6VQvMWi/Gq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Democracy4.exe

Files

Democracy4.exe
.exe windows:6 windows x86

eaba065c797f43b49bec7e66125af536

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

cairo

cairo_destroy
cairo_save
cairo_restore
cairo_set_operator
cairo_set_source_rgba
cairo_move_to
cairo_rectangle
cairo_paint
cairo_clip
cairo_status
cairo_surface_destroy
cairo_surface_status
cairo_surface_write_to_png
cairo_surface_flush
cairo_image_surface_create
cairo_format_stride_for_width
cairo_image_surface_create_for_data
cairo_image_surface_get_data
cairo_image_surface_get_width
cairo_image_surface_get_height
cairo_image_surface_get_stride
cairo_translate
cairo_scale
cairo_create

fontconfig

FcConfigSetCurrent
FcConfigDestroy
FcConfigCreate
FcConfigAppFontAddDir

glib-2.0

g_get_current_dir_utf8
g_free
g_strjoin

gobject-2.0

g_object_unref

pango-1.0

pango_layout_set_wrap
pango_layout_set_height
pango_layout_set_width
pango_layout_set_font_description
pango_layout_set_text
pango_layout_get_context
pango_context_set_font_map
pango_font_map_list_families
pango_font_family_get_name
pango_font_description_from_string
pango_font_description_get_size
pango_font_description_free
pango_layout_set_alignment
pango_layout_set_ellipsize
pango_layout_get_cursor_pos
pango_layout_move_cursor_visually
pango_layout_xy_to_index
pango_context_get_font_map
pango_layout_get_pixel_extents

pangocairo-1.0

pango_cairo_show_layout
pango_cairo_update_layout
pango_cairo_font_map_new_for_font_type
pango_cairo_create_layout

pangoft2-1.0

pango_fc_font_map_set_config

rsvg-2.0

rsvg_handle_get_dimensions
rsvg_handle_render_cairo
rsvg_handle_new_from_file

sdl2

SDL_AtomicSet
SDL_AtomicGet
SDL_PollEvent
SDL_EventState
SDL_Delay
SDL_Init
SDL_Quit
SDL_RWFromFile
SDL_MapRGB
SDL_FreeSurface
SDL_LoadBMP_RW
SDL_SetColorKey
SDL_GetNumVideoDisplays
SDL_GetNumDisplayModes
SDL_GetDisplayMode
SDL_GetDesktopDisplayMode
SDL_GetWindowDisplayIndex
SDL_CreateWindow
SDL_SetWindowIcon
SDL_GetWindowSize
SDL_RaiseWindow
SDL_SetWindowFullscreen
SDL_DestroyWindow
SDL_GL_SetAttribute
SDL_SetMainReady
SDL_GL_CreateContext
SDL_GL_MakeCurrent
SDL_GL_GetCurrentWindow
SDL_GL_GetDrawableSize
SDL_GL_SetSwapInterval
SDL_GL_SwapWindow
SDL_GL_DeleteContext
SDL_SetHintWithPriority
SDL_ShowSimpleMessageBox
SDL_GetRenderer
SDL_RenderGetLogicalSize
SDL_GetTicks
SDL_LockSurface
SDL_UnlockSurface
SDL_ConvertSurfaceFormat
SDL_GetKeyboardState
SDL_GetModState
SDL_GetMouseState
SDL_GetPerformanceCounter
SDL_GetPerformanceFrequency
SDL_CreateSystemCursor
SDL_SetCursor
SDL_CreateMutex
SDL_LockMutex
SDL_TryLockMutex
SDL_UnlockMutex
SDL_DestroyMutex
SDL_CreateThread
SDL_malloc
SDL_free
SDL_isspace
SDL_wcslen
SDL_iconv_string

glew32

__glewGetProgramiv
__glewGetProgramInfoLog
__glewDeleteShader
__glewDeleteProgram
__glewCreateShader
__glewCreateProgram
__glewCompileShader
__glewAttachShader
__GLEW_ARB_map_buffer_range
__GLEW_APPLE_flush_buffer_range
__glewMapBufferRange
__glewFlushMappedBufferRangeAPPLE
__glewBufferParameteriAPPLE
__glewUnmapBuffer
__glewMapBuffer
__glewGenBuffers
__glewDeleteBuffers
__glewBufferData
__GLEW_EXT_framebuffer_object
__GLEW_EXT_framebuffer_blit
__GLEW_EXT_draw_range_elements
__GLEW_ARB_framebuffer_object
__GLEW_ARB_draw_elements_base_vertex
__GLEW_VERSION_2_0
__glewGetShaderInfoLog
__glewUniform1f
__glewDeleteFramebuffersEXT
__glewCheckFramebufferStatusEXT
__glewBindFramebufferEXT
__glewBlitFramebufferEXT
__glewGenFramebuffers
__glewFramebufferTexture2D
__glewDeleteFramebuffers
__glewCheckFramebufferStatus
__glewBlitFramebuffer
__glewBindFramebuffer
__glewDrawRangeElementsBaseVertex
__glewDrawBuffers
__glewBindBuffer
__glewClientActiveTexture
__glewActiveTexture
__glewDrawRangeElements
_glewInit@0
__GLEW_EXT_texture_compression_s3tc
__glewCompressedTexImage2D
__glewUseProgram
__glewUniform2f
__glewUniform1i
__glewGetShaderiv
__glewGetUniformLocation
__glewLinkProgram
__glewGenFramebuffersEXT
__glewShaderSource
__glewFramebufferTexture2DEXT

irrklang

?createIrrKlangDevice@irrklang@@YAPAVISoundEngine@1@W4E_SOUND_OUTPUT_DRIVER@1@HPBD1@Z

steam_api

SteamAPI_GetHSteamUser
SteamInternal_ContextInit
SteamAPI_UnregisterCallback
SteamAPI_UnregisterCallResult
SteamAPI_RunCallbacks
SteamAPI_RegisterCallback
SteamAPI_RegisterCallResult
SteamAPI_Init
SteamAPI_Shutdown
SteamInternal_FindOrCreateUserInterface

turbojpeg

tjDestroy
tjDecompressHeader2
tjGetErrorStr
tjDecompress2
tjInitDecompress

opengl32

glTexSubImage2D
glTexParameteri
glTexParameterf
glGetTexImage
glGenTextures
glDeleteTextures
glViewport
glVertexPointer
glTexImage2D
glTexEnvi
glTexEnvf
glTexCoordPointer
glShadeModel
glReadPixels
glReadBuffer
glPolygonMode
glPixelStorei
glOrtho
glMatrixMode
glLoadIdentity
glGetTexLevelParameteriv
glGetString
glGetIntegerv
glGetError
glEnableClientState
glEnable
glDrawElements
glDrawBuffer
glDrawArrays
glDisableClientState
glDisable
glCopyTexSubImage2D
glClearColor
glClear
glBlendFunc
glBindTexture
glAlphaFunc
glColorPointer

winmm

timeGetTime

wininet

HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetReadFile
InternetConnectA
InternetCloseHandle
InternetOpenA

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
MultiByteToWideChar
GetSystemTime
OutputDebugStringA
GetCommandLineW
GetModuleFileNameA
GetLastError
DeleteFileW
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetFileSize
RemoveDirectoryW
LocalFree
FormatMessageA
WideCharToMultiByte
LocalAlloc
CloseHandle
WriteFile
CreateFileW
GetUserDefaultLangID
GetVersionExA
FindClose
CreateDirectoryW
ExitProcess
GetModuleHandleA
GetProcAddress
SetCurrentDirectoryA
DeleteFileA
DebugBreak
GetLocalTime
GetModuleFileNameW
Sleep

user32

OffsetRect
InflateRect
EqualRect
IsRectEmpty
CopyRect
SetRectEmpty
GetSystemMetrics
IntersectRect
SetProcessDPIAware
PostQuitMessage
MessageBoxA
EndDialog
DialogBoxParamA
PtInRect
SetRect

shell32

SHGetFolderPathW
ShellExecuteExA
ShellExecuteW

advapi32

GetUserNameA

msvcp120

?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?_Random_device@std@@YAIXZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
?_BADOFF@std@@3_JB
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z

msvcr120

setlocale
_controlfp_s
realloc
qsort
rewind
fopen_s
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
isdigit
_CIatan2
towupper
isalnum
_libm_sse2_log_precise
_wfopen
_errno
roundf
strtok
strncpy
floor
_stricmp
_open_osfhandle
tolower
iswspace
sprintf
_fdopen
_libm_sse2_atan_precise
setvbuf
srand
rand
ftell
fseek
fread
memset
fflush
atoi
_libm_sse2_sqrt_precise
_libm_sse2_sin_precise
_libm_sse2_cos_precise
feof
??_V@YAXPAX@Z
malloc
free
_snprintf
vsprintf_s
fputs
atof
_invoke_watson
fprintf
strstr
fwrite
fprintf_s
fopen
fgets
fclose
memchr
strcpy_s
ceil
memcpy
__CxxFrameHandler3
_CxxThrowException
sprintf_s
memmove
??3@YAXPAX@Z
??2@YAPAXI@Z
_purecall
__crtSetUnhandledExceptionFilter
_except_handler4_common
_commode
_fmode
_acmdln
_libm_sse2_pow_precise
strchr
ldexp
strncmp
strtol
_beginthreadex
_endthreadex
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_vsnprintf
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_except1
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
__getmainargs
__set_app_type
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_ismbblead
_cexit
_exit
exit

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 411KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 977KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eaba065c797f43b49bec7e66125af536

Headers

DLL Characteristics

File Characteristics

Imports

cairo

fontconfig

glib-2.0

gobject-2.0

pango-1.0

pangocairo-1.0

pangoft2-1.0

rsvg-2.0

sdl2

glew32

irrklang

steam_api

turbojpeg

opengl32

winmm

wininet

kernel32

user32

shell32

advapi32

msvcp120

msvcr120

Exports

Exports

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 411KB - Virtual size: 411KB

.data Size: 48KB - Virtual size: 977KB

.rsrc Size: 30KB - Virtual size: 30KB

.reloc Size: 218KB - Virtual size: 217KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 411KB - Virtual size: 411KB

.data
Size: 48KB - Virtual size: 977KB

.rsrc
Size: 30KB - Virtual size: 30KB

.reloc
Size: 218KB - Virtual size: 217KB