spice64[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

spice64.exe
Size

2.4MB
MD5

c08849b9766d80b163d0046476273295
SHA1

5aee1cc8dc6cf978add559f15b1a6632a3a0454d
SHA256

049a122666c7685aa36696b806c1d8484c1a4d479979136e42f3bafa83da23a2
SHA512

107217f1c2b676c2348a18742745266e6153108a534556f1c9cdb462879754ebd980bc52f4096823ded7a3150caee55b6a96d12deb35ed9ab1be73b7997361c6
SSDEEP

49152:+zglVvijB1ecq1JEwLLzvQF1E6zLajbOEi0mW:9VvSmZ1ZcLajXm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
spice64.exe

Files

spice64.exe
.exe windows:4 windows x64

d038ed78151658bf945ab65f71f2db7f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
GetUserNameA

comctl32

InitCommonControlsEx

comdlg32

CommDlgExtendedError
GetSaveFileNameA

d3d9

Direct3DCreate9

gdi32

CreateFontA
CreateSolidBrush
DeleteObject
GetStockObject
SelectObject
SetBkMode
SetTextColor

hid

HidD_FreePreparsedData
HidD_GetAttributes
HidD_GetHidGuid
HidD_GetManufacturerString
HidD_GetPreparsedData
HidD_GetProductString
HidD_SetOutputReport
HidP_GetButtonCaps
HidP_GetCaps
HidP_GetUsageValue
HidP_GetUsageValueArray
HidP_GetUsages
HidP_GetValueCaps
HidP_SetUsageValue
HidP_SetUsages
HidP_UnsetUsages

iphlpapi

GetIpForwardTable

kernel32

AddVectoredExceptionHandler
CancelIo
CloseHandle
CreateEventA
CreateFileA
CreateFileMappingA
CreateFileW
CreateSemaphoreA
DeleteCriticalSection
DeleteFileA
DuplicateHandle
EnterCriticalSection
FindResourceA
FormatMessageA
FreeLibrary
GetCommState
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentVariableA
GetFileAttributesA
GetHandleInformation
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetOverlappedResult
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
GetVersionExA
GlobalAddAtomA
GlobalMemoryStatusEx
HeapAlloc
HeapFree
HeapReAlloc
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryW
LoadResource
LocalFree
LockResource
MapViewOfFile
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
RaiseException
ReadFile
ReadProcessMemory
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetCommState
SetCommTimeouts
SetDllDirectoryA
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetLastError
SetPriorityClass
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
__C_specific_handler
lstrcmpA
lstrlenA

msvcrt

___lc_codepage_func
___mb_cur_max_func
__doserrno
__getmainargs
__initenv
__iob_func
__lconv_init
__pioinfo
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthreadex
_cexit
_endthreadex
_errno
_filelengthi64
_fileno
_fmode
_fstat64
_gmtime64
_initterm
_localtime64
_lock
_lseeki64
_mkdir
_onexit
_setjmp
_snprintf
_stat64
_strdup
_strnicmp
_time64
_ultoa
_unlock
_vsnprintf
_write
abort
calloc
exit
fclose
ferror
fflush
fgetc
fgetpos
fopen
fprintf
fputc
fputs
fread
free
frexp
fseek
fsetpos
ftell
fwrite
getc
getenv
getwc
isalpha
islower
isspace
isupper
iswctype
isxdigit
localeconv
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
printf
putc
putwc
raise
rand
realloc
rewind
setlocale
setvbuf
signal
sprintf
strcat
strchr
strcmp
strcoll
strcpy
strerror
strftime
strlen
strncmp
strncpy
strtol
strtoul
strxfrm
system
tolower
towlower
towupper
ungetc
ungetwc
vfprintf
wcscmp
wcscoll
wcsftime
wcslen
wcsncmp
wcsstr
wcsxfrm
_write
_wcsnicmp
_wcsicmp
_strnicmp
_stricmp
_strdup
_read
_getpid
_fileno
_fdopen

ole32

IIDFromString

psapi

GetModuleInformation
GetProcessMemoryInfo

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceRegistryPropertyA

shlwapi

PathRemoveFileSpecA
SHAutoComplete

user32

BeginPaint
CallNextHookEx
CallWindowProcA
ClipCursor
CreateWindowExA
DefWindowProcA
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawTextA
EnableWindow
EndDialog
EndPaint
EnumDesktopWindows
FillRect
GetAsyncKeyState
GetCursorPos
GetDesktopWindow
GetForegroundWindow
GetKeyNameTextA
GetKeyState
GetMessageA
GetRawInputData
GetRawInputDeviceInfoA
GetRawInputDeviceList
GetSystemMetrics
GetThreadDesktop
GetWindowLongA
GetWindowLongPtrA
GetWindowLongPtrW
GetWindowRect
GetWindowTextA
IsDialogMessageA
LoadCursorA
LoadIconA
MapVirtualKeyA
MessageBoxA
PeekMessageA
PostMessageA
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassA
RegisterClassExA
RegisterDeviceNotificationW
RegisterRawInputDevices
ScreenToClient
SendMessageA
SetCursorPos
SetLayeredWindowAttributes
SetPropA
SetWindowLongA
SetWindowLongPtrA
SetWindowLongPtrW
SetWindowPos
SetWindowTextA
SetWindowsHookExA
ShowCursor
ShowWindow
TranslateMessage
UnregisterClassA
UnregisterDeviceNotification
UpdateWindow
wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

winmm

midiInClose
midiInGetDevCapsA
midiInGetNumDevs
midiInOpen
midiInReset
midiInStart

winscard

SCardConnectA
SCardDisconnect
SCardEstablishContext
SCardFreeMemory
SCardGetStatusChangeA
SCardListReadersA
SCardStatusA
SCardTransmit
g_rgSCardT0Pci
g_rgSCardT1Pci

ws2_32

WSAAddressToStringA
WSACleanup
WSAGetLastError
WSAStartup
accept
bind
closesocket
htons
inet_addr
inet_ntoa
listen
recv
send
setsockopt
socket

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d038ed78151658bf945ab65f71f2db7f

Headers

File Characteristics

Imports

advapi32

comctl32

comdlg32

d3d9

gdi32

hid

iphlpapi

kernel32

msvcrt

ole32

psapi

setupapi

shlwapi

user32

version

winmm

winscard

ws2_32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.data Size: 40KB - Virtual size: 39KB

.rdata Size: 172KB - Virtual size: 172KB

.pdata Size: 72KB - Virtual size: 71KB

.xdata Size: 121KB - Virtual size: 120KB

.bss Size: - Virtual size: 15KB

.idata Size: 14KB - Virtual size: 13KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 163KB - Virtual size: 163KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 40KB - Virtual size: 39KB

.rdata
Size: 172KB - Virtual size: 172KB

.pdata
Size: 72KB - Virtual size: 71KB

.xdata
Size: 121KB - Virtual size: 120KB

.bss
Size: - Virtual size: 15KB

.idata
Size: 14KB - Virtual size: 13KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 163KB - Virtual size: 163KB