62342846d169f1f32efa5765a54f1763a8aea570c83f685bbb0389e6fc3cebfb

Sharing

Copy URL Twitter E-mail

General

Target

62342846d169f1f32efa5765a54f1763a8aea570c83f685bbb0389e6fc3cebfb
Size

2.6MB
MD5

088f183f953d840ba86440297c1159c7
SHA1

ae3e7cdbbdc44378a5f01985743a4cd38ceeef39
SHA256

62342846d169f1f32efa5765a54f1763a8aea570c83f685bbb0389e6fc3cebfb
SHA512

f00210fc70b46f3e34d40851158920cb901d4bffbb0d1c54c194379d2924e00d4f417939dec6337865e7b993a7bcba46de7569a74c9564b6449745c402406091
SSDEEP

49152:iWX/avp1uQojbuonsPoxPyuDZh5E5npuF+W:iWc1uQoji7r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
62342846d169f1f32efa5765a54f1763a8aea570c83f685bbb0389e6fc3cebfb

Files

62342846d169f1f32efa5765a54f1763a8aea570c83f685bbb0389e6fc3cebfb
.exe windows:6 windows x86

3b07ca2af4e587a22c96f797bf7f5c8e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileSizeEx
GetFileAttributesExW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetFileType
GetStdHandle
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
CreateDirectoryW
HeapSize
SetEndOfFile
WriteConsoleW
SetFilePointerEx
GetCurrentProcess
FindClose
FindNextFileA
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
ReadConsoleW
RtlUnwind
CreateFileW
HeapValidate
SwitchToThread
GetProcessHeap
HeapFree
HeapAlloc
GetTickCount
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetStringTypeW
LCMapStringEx
InitializeCriticalSectionEx
LocalFree
DecodePointer
EncodePointer
FormatMessageA
QueryPerformanceCounter
ReleaseSemaphore
DeleteCriticalSection
LeaveCriticalSection
GetTimeZoneInformation
HeapReAlloc
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
FindFirstFileA
GetOEMCP
EnterCriticalSection
InitializeCriticalSection
GetLocaleInfoA
CompareStringA
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
GlobalLock
GlobalUnlock
LoadLibraryA
GetProcAddress
FreeLibrary
GetVersionExA
GetSystemDirectoryA
GetModuleHandleA
WriteFile
SetFilePointer
ReadFile
GetFileSize
CreateFileA
SetUnhandledExceptionFilter
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetSystemInfo
GetLastError
CloseHandle
OutputDebugStringA
GetModuleFileNameA
CreateDirectoryA
Sleep
SetFileAttributesA
RaiseException

user32

MessageBoxA
CharNextExA
CharPrevExA
GetDC
ReleaseDC
DefWindowProcA
RegisterClassA
CreateWindowExA
IsWindow
DestroyWindow
MoveWindow
GetMenu
InvalidateRect
GetClientRect
PostQuitMessage
GetAsyncKeyState
GetCursorPos
ScreenToClient
FindWindowA
LoadIconA
SetWindowPos
SystemParametersInfoA
GetKeyState
LoadImageA
DestroyCursor
ShowCursor
SetCursor
ClientToScreen
SetCursorPos
SetCapture
ReleaseCapture
ChangeDisplaySettingsA
ShowWindow
GetCapture
GetSystemMetrics
SetRect
GetClipboardData
CloseClipboard
OpenClipboard
GetKeyboardLayout
GetKeyboardLayoutNameA
PeekMessageA
DispatchMessageA
TranslateMessage
GetMessageA
LoadCursorA
SetWindowLongA
GetWindowLongA
AdjustWindowRectEx

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx

python27

Py_InitModule4
PyModule_AddIntConstant
PyTuple_Size
PyTuple_GetItem
PyDict_GetItemString
PyLong_AsLong
PyLong_FromLongLong
PyList_New
PyList_Append
PyDict_Size
PyDict_Next
PyInt_AsLong
PyErr_SetString
PyExc_RuntimeError
PyString_FromString
PyTuple_New
PyTuple_SetItem
Py_BuildValue
PyString_InternFromString
PyObject_GetAttrString
PyCallable_Check
PyLong_AsLongLong
PyFloat_AsDouble
PyString_AsString
PyErr_Clear
PyErr_BadArgument
PyErr_Print
PyObject_CallObject
PyNumber_Check
_Py_NoneStruct
PyDict_SetItemString
PyModule_GetDict
PyErr_Fetch
Py_SetProgramName
Py_Initialize
Py_Finalize
PyImport_ImportModule
PyObject_GetAttr
PyRun_StringFlags
PyImport_AddModule

devil

ilBindImage
ilLoad
ilSetPixels
ilInit
ilTexImage
ilGetInteger
ilDeleteImages
ilEnable
ilOriginFunc
ilConvertImage
ilCopyPixels
ilShutDown
ilGenImages
ilSave

winmm

timeGetTime
timeEndPeriod

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

mss32

_AIL_last_error@0
_AIL_set_redist_directory@4
_AIL_shutdown@0
_AIL_startup@0
_AIL_set_3D_orientation@28
_AIL_close_3D_listener@4
_AIL_open_3D_listener@4
_AIL_close_3D_provider@4
_AIL_open_3D_provider@4
_AIL_enumerate_3D_providers@12
_AIL_close_digital_driver@4
_AIL_open_stream@12
_AIL_open_digital_driver@16
_AIL_stream_status@4
_AIL_set_stream_loop_count@8
_AIL_stream_volume_levels@12
_AIL_set_stream_volume_levels@12
_AIL_pause_stream@8
_AIL_start_stream@4
_AIL_close_stream@4
_AIL_auto_update_3D_position@8
_AIL_set_3D_velocity@20
_AIL_set_3D_position@16
_AIL_3D_sample_volume@4
_AIL_3D_sample_status@4
_AIL_set_3D_sample_loop_count@8
_AIL_set_3D_sample_volume@8
_AIL_set_3D_sample_file@8
_AIL_end_3D_sample@4
_AIL_resume_3D_sample@4
_AIL_stop_3D_sample@4
_AIL_start_3D_sample@4
_AIL_release_3D_sample_handle@4
_AIL_allocate_3D_sample_handle@4
_AIL_sample_volume_pan@12
_AIL_sample_status@4
_AIL_set_sample_loop_count@8
_AIL_set_sample_volume_pan@12
_AIL_end_sample@4
_AIL_resume_sample@4
_AIL_stop_sample@4
_AIL_start_sample@4
_AIL_set_sample_file@12
_AIL_mem_free_lock@4
_AIL_file_read@8
_AIL_set_file_callbacks@16
_AIL_WAV_info@8
_AIL_decompress_ADPCM@12
_AIL_file_type@8
_AIL_decompress_ASI@24
_AIL_allocate_sample_handle@4
_AIL_release_sample_handle@4
_AIL_init_sample@4

imm32

ImmGetOpenStatus
ImmSetConversionStatus
ImmGetConversionStatus
ImmGetCandidateListW
ImmGetCompositionStringW
ImmAssociateContext
ImmReleaseContext
ImmGetContext
ImmIsIME
ImmGetIMEFileNameA
ImmNotifyIME

speedtreert

?GetTextures@CSpeedTreeRT@@QBEXAAUSTextures@1@@Z
?SetTextureFlip@CSpeedTreeRT@@SAX_N@Z
?GetCurrentError@CSpeedTreeRT@@SAPBDXZ
?GetBoundingBox@CSpeedTreeRT@@QBEXPAM@Z
?GetGeometry@CSpeedTreeRT@@QAEXAAUSGeometry@1@KFFF@Z
?GetCollisionObject@CSpeedTreeRT@@QAEXIAAW4ECollisionObjectType@1@PAM1@Z
?GetNumBranchLodLevels@CSpeedTreeRT@@QBEGXZ
?SetLodLevel@CSpeedTreeRT@@QAEXM@Z
?ComputeLodLevel@CSpeedTreeRT@@QAEXXZ
?GetNumFrondLodLevels@CSpeedTreeRT@@QBEGXZ
?GetCollisionObjectCount@CSpeedTreeRT@@QAEIXZ
?SetLodLimits@CSpeedTreeRT@@QAEXMM@Z
?SetWindStrength@CSpeedTreeRT@@QAEMMMM@Z
?SetLocalMatrices@CSpeedTreeRT@@QAEXII@Z
?SetNumWindMatrices@CSpeedTreeRT@@SAXI@Z
?SetLightState@CSpeedTreeRT@@SAXI_N@Z
?SetLightAttributes@CSpeedTreeRT@@SAXIPBM@Z
?SetCamera@CSpeedTreeRT@@SAXPBM0@Z
??0SGeometry@CSpeedTreeRT@@QAE@XZ
??1SGeometry@CSpeedTreeRT@@QAE@XZ
??0STextures@CSpeedTreeRT@@QAE@XZ
??1STextures@CSpeedTreeRT@@QAE@XZ
??0CSpeedTreeRT@@QAE@XZ
??1CSpeedTreeRT@@QAE@XZ
??2CSpeedTreeRT@@SAPAXI@Z
??3CSpeedTreeRT@@SAXPAX@Z
?Compute@CSpeedTreeRT@@QAE_NPBMI_N@Z
?GetNumLeafLodLevels@CSpeedTreeRT@@QBEGXZ
?SetTime@CSpeedTreeRT@@SAXM@Z
?SetDropToBillboard@CSpeedTreeRT@@SAX_N@Z
?SetFrondWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetBranchWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetLeafWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetNumLeafRockingGroups@CSpeedTreeRT@@QAEXI@Z
?SetLeafRockingState@CSpeedTreeRT@@QAEX_N@Z
?GetFrondMaterial@CSpeedTreeRT@@QBEPBMXZ
?GetLeafMaterial@CSpeedTreeRT@@QBEPBMXZ
?GetBranchMaterial@CSpeedTreeRT@@QBEPBMXZ
?SetFrondLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetLeafLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetBranchLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetTreePosition@CSpeedTreeRT@@QAEXMMM@Z
?GetTreePosition@CSpeedTreeRT@@QBEPBMXZ
?SetTreeSize@CSpeedTreeRT@@QAEXMM@Z
?LoadTree@CSpeedTreeRT@@QAE_NPBEI@Z
?LoadTree@CSpeedTreeRT@@QAE_NPBD@Z
?MakeInstance@CSpeedTreeRT@@QAEPAV1@XZ

dinput8

DirectInput8Create

ws2_32

WSAGetLastError
WSAStartup
WSACleanup
send
htons
inet_addr
select
ioctlsocket
connect
closesocket
socket
recv
__WSAFDIsSet
gethostbyname

d3d8

Direct3DCreate8

gdi32

GetTextExtentPoint32W
GetCharABCWidthsFloatW
DeleteObject
CreateFontIndirectA
GetStockObject
EnumFontFamiliesExA
SetBkColor
TextOutW
CreateCompatibleDC
DeleteDC
SetBkMode
CreateDIBSection
TextOutA
SelectObject
GetTextExtentPoint32A
SetTextColor

advapi32

RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 295KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 134KB - Virtual size: 399KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 233KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b07ca2af4e587a22c96f797bf7f5c8e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

python27

devil

winmm

version

mss32

imm32

speedtreert

dinput8

ws2_32

d3d8

gdi32

advapi32

shell32

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 295KB - Virtual size: 294KB

.data Size: 134KB - Virtual size: 399KB

.data1 Size: 2KB - Virtual size: 2KB

.rsrc Size: 233KB - Virtual size: 232KB

.reloc Size: 86KB - Virtual size: 85KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 295KB - Virtual size: 294KB

.data
Size: 134KB - Virtual size: 399KB

.data1
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 233KB - Virtual size: 232KB

.reloc
Size: 86KB - Virtual size: 85KB