d521ab64c74b39ff4ee2e12feebc919686789bbc2003ad3e8608dc3f7e58c7f3

Sharing

Copy URL

Twitter E-mail

General

Target

d521ab64c74b39ff4ee2e12feebc919686789bbc2003ad3e8608dc3f7e58c7f3
Size

2.8MB
MD5

5c09a46cd72338bfe5dda8b909a48292
SHA1

7bba74bce8a019b71a352d9f9755f669b35f288a
SHA256

d521ab64c74b39ff4ee2e12feebc919686789bbc2003ad3e8608dc3f7e58c7f3
SHA512

ee64a3d58b0653826edd5ce1a09209d1e3d1be62ffde00e0ac30e8d5b0533ac26b4b5f34ac6768fb575606956e29237af24d389edee3a5b15bed31c848310b0e
SSDEEP

49152:5PK+GrkOqCayKi3uGRQFu8tWiVXCmrdfwH9Z9EXnfAmKSWSeSK6x7l+OwHfJ0/iz:pW0dueiz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d521ab64c74b39ff4ee2e12feebc919686789bbc2003ad3e8608dc3f7e58c7f3

Files

d521ab64c74b39ff4ee2e12feebc919686789bbc2003ad3e8608dc3f7e58c7f3
.exe windows:5 windows x86

2ce1e53a08f00d313ad31d85d21c72e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

soundlib

CreateSoundLib

winmm

timeGetTime

ss3dgfunc

_SetRotationXMatrix@8
_RotatePositionWithPivot@24
_WriteTGA@24
_VECTOR3Length@4
_SetRotationYMatrix@8
_SetInverseMatrix@8
_TransformV3TOV4@16
_MatrixMultiply2@12
_CalcDistance@8
_CrossProduct@12
_TransformVector3_VPTR2@16
_Normalize@8
_COLORtoDWORD@16

wsock32

gethostname
inet_addr
WSAStartup
socket
htons
connect
send
closesocket
ntohl
gethostbyname
WSAGetLastError
ioctlsocket

dinput8

DirectInput8Create

wininet

InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetQueryDataAvailable
InternetReadFile
InternetCloseHandle

kernel32

VirtualQuery
GetProcessHeap
HeapAlloc
GetProcAddress
GetModuleHandleA
GetComputerNameExA
CloseHandle
VirtualFree
ReadFile
VirtualAlloc
GetFileSize
CreateFileA
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenThread
Thread32Next
Thread32First
GetCurrentProcessId
MultiByteToWideChar
DeleteFileA
FindClose
FindNextFileA
RemoveDirectoryA
FindFirstFileA
GetLastError
CreateFileMappingA
FileTimeToSystemTime
GetCurrentDirectoryA
GetWindowsDirectoryA
GetThreadContext
ReadProcessMemory
GetCurrentProcess
GetProcessId
OpenProcess
CreateThread
CreateDirectoryA
FormatMessageA
lstrcpyA
IsBadReadPtr
GetCurrentThreadId
lstrcatA
LoadLibraryA
GetModuleFileNameA
SetUnhandledExceptionFilter
lstrcpynA
GetTickCount
Sleep
GlobalFree
WriteFile
GlobalAlloc
LocalAlloc
GetLocalTime
IsDBCSLeadByte
lstrlenA
MulDiv
OutputDebugStringA
ExitProcess
FreeLibrary
GlobalUnlock
GlobalLock
GetSystemTime
GetVersionExA
GetSystemDefaultLangID
WideCharToMultiByte
LCMapStringA
OpenFile
lstrcmpA
SetCurrentDirectoryA
TerminateProcess
SetFilePointer
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileAttributesA
SetFileTime
GetFileInformationByHandle
MapViewOfFile
UnmapViewOfFile
HeapFree
DebugBreak
RaiseException
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
GetModuleFileNameW

user32

GetDC
GetSystemMetrics
ReleaseDC
GetDesktopWindow
SetCapture
ReleaseCapture
GetCursorPos
ScreenToClient
IsClipboardFormatAvailable
GetClipboardData
GetActiveWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
CharNextA
CharPrevA
OffsetRect
SetCursor
LoadCursorFromFileA
CopyRect
GetClientRect
SendMessageA
SetRect
GetWindowRect
MapWindowPoints
FindWindowExA
IsWindowVisible
GetParent
GetWindowTextLengthA
GetWindowInfo
PostMessageA
MessageBoxA
PeekMessageA
TranslateMessage
DispatchMessageA
LoadIconA
RegisterClassExA
DefWindowProcA
CreateWindowExA
ShowWindow
UpdateWindow
ShowCursor
GetForegroundWindow
GetWindowThreadProcessId
EndDialog
wsprintfA

gdi32

SelectObject
GetDeviceCaps
CreateFontIndirectA
CreateDCA
StretchBlt
GetObjectA
GetDIBits
GetStockObject
CreateCompatibleDC
BitBlt
GetTextExtentPoint32A
CreateCompatibleBitmap
DeleteObject

advapi32

AllocateAndInitializeSid
CheckTokenMembership
GetUserNameA
FreeSid

shell32

ShellExecuteA

ole32

CoCreateInstance
CoFreeUnusedLibraries
CoUninitialize
CoInitialize

freeimage

_FreeImage_Load@12
_FreeImage_SaveJPEG@12
_FreeImage_GetBits@4
_FreeImage_ConvertTo16Bits565@4
_FreeImage_Unload@4
_FreeImage_GetInfo@4

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

bugtrap

BT_InstallSehFilter
BT_SetFlags
BT_SetSupportServer
BT_SetSupportURL
BT_SetSupportEMail
BT_SetAppName

shlwapi

StrStrIA

gdiplus

GdipGetImageEncodersSize
GdipCloneImage
GdipGetImageEncoders
GdiplusStartup
GdipFree
GdipAlloc
GdipDisposeImage
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP

iphlpapi

SendARP
GetAdaptersInfo

msvcr90

printf
fputs
strncmp
strstr
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_invalid_parameter_noinfo
_CIsqrt
strtok
vsprintf
_i64toa
_atoi64
_CIatan2
strncpy
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
fread
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_itoa
_CRT_RTC_INITW
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
sscanf
atoi
rand
_time64
srand
??2@YAPAXI@Z
_purecall
_invoke_watson
_controlfp_s
calloc
_mbsicmp
strcpy
_wassert
_cexit
ftell
fseek
vsprintf_s
memmove
atol
sprintf_s
_mbsstr
feof
fgetc
fgets
atof
strncat
isalpha
_CIcos
_CIsin
_strupr
memmove_s
_CItan
_configthreadlocale
_mbsnbcpy
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
_snprintf
strrchr
realloc
fopen
fscanf
fclose
fprintf
_CxxThrowException
__CxxFrameHandler3
??_V@YAXPAX@Z
??3@YAXPAX@Z
memcpy
malloc
free
sprintf
memset
fwrite
__getmainargs
_unlock

urlmon

URLDownloadToFileA

Exports

Exports

?GetPrivateClient@@YAKXZ

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 225KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 690KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ce1e53a08f00d313ad31d85d21c72e2

Headers

DLL Characteristics

File Characteristics

Imports

soundlib

winmm

ss3dgfunc

wsock32

dinput8

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

freeimage

msvcp90

bugtrap

shlwapi

gdiplus

iphlpapi

msvcr90

urlmon

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 225KB - Virtual size: 224KB

.data Size: 690KB - Virtual size: 1.0MB

.vmp0 Size: 172KB - Virtual size: 172KB

.rsrc Size: 90KB - Virtual size: 89KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 225KB - Virtual size: 224KB

.data
Size: 690KB - Virtual size: 1.0MB

.vmp0
Size: 172KB - Virtual size: 172KB

.rsrc
Size: 90KB - Virtual size: 89KB