20518939d8070c0e4f8472e91f49f44e36aac4879c92b9a92178f36e4c2521d1

Sharing

Copy URL Twitter E-mail

General

Target

20518939d8070c0e4f8472e91f49f44e36aac4879c92b9a92178f36e4c2521d1
Size

2.5MB
MD5

060e339f9f330fb035e0587de460760a
SHA1

64879d24e75c9738d29bf7c11d1ff0cf7be54de9
SHA256

20518939d8070c0e4f8472e91f49f44e36aac4879c92b9a92178f36e4c2521d1
SHA512

3f026580286bea45d0c5d8dc6b45bbcefe0509846853fd5bddd1f4139ebe8f2161524b3e5b084ca955e5b7fc1ad5ac5deda5e35ae85d933e2b52843dc55d301f
SSDEEP

49152:B7pDC/FHAnMdiwV7um3fURV0+cca4R9pyOJ/hHCs2fA86oZCXp:BmZCm3fUFa4RWC5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20518939d8070c0e4f8472e91f49f44e36aac4879c92b9a92178f36e4c2521d1

Files

20518939d8070c0e4f8472e91f49f44e36aac4879c92b9a92178f36e4c2521d1
.exe windows:5 windows x86

92c6f0fa2b89687f8cedb2a0a122a1af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

soundlib

CreateSoundLib

winmm

timeGetTime

ss3dgfunc

_CrossProduct@12
_CalcDistance@8
_TransformV3TOV4@16
_MatrixMultiply2@12
_SetInverseMatrix@8
_VECTOR3_ADD_VECTOR3@12
_VECTOR3_MULEQU_FLOAT@8
_Normalize@8
_VECTOR3Length@4
_COLORtoDWORD@16
_WriteTGA@24
_RotatePositionWithPivot@24
_SetRotationYMatrix@8
_SetRotationXMatrix@8
_TransformVector3_VPTR2@16

wsock32

gethostbyname
recv
send
WSAStartup
inet_addr
WSAGetLastError
WSACleanup
closesocket
htons
ioctlsocket
connect
socket

dinput8

DirectInput8Create

wininet

InternetCloseHandle
InternetReadFile
InternetQueryDataAvailable
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA

kernel32

IsProcessorFeaturePresent
EncodePointer
DecodePointer
InterlockedExchange
InterlockedCompareExchange
HeapSetInformation
GetStartupInfoW
UnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
RaiseException
LoadLibraryW
GetProcAddress
GetModuleHandleA
GetCurrentProcess
CloseHandle
VerSetConditionMask
VerifyVersionInfoA
ExitProcess
OpenProcess
GetProcessId
GetCurrentProcessId
DuplicateHandle
Sleep
CreateThread
FindFirstFileA
RemoveDirectoryA
DeleteFileA
FindNextFileA
FindClose
OpenEventA
HeapFree
CreateEventA
CreateDirectoryA
GetLastError
GetCurrentDirectoryA
SetUnhandledExceptionFilter
GetModuleFileNameA
LoadLibraryA
CreateFileA
GetCurrentThreadId
TerminateProcess
GetTickCount
ResumeThread
WaitForSingleObject
GetLocalTime
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcmpiA
lstrcpyA
OutputDebugStringA
IsDBCSLeadByte
lstrlenA
MulDiv
CreateToolhelp32Snapshot
Process32First
Process32Next
GetLogicalDriveStringsA
QueryDosDeviceA
lstrcatA
ReadFile
WriteFile
GlobalFree
GetSystemTime
WritePrivateProfileStringA
GetPrivateProfileStringA
GetTempPathA
CopyFileA
SetFileAttributesA
GetVersionExA
FreeLibrary
MultiByteToWideChar
GetFileSize
WideCharToMultiByte
OpenFile
lstrcmpA
SetCurrentDirectoryA
HeapAlloc
GetProcessHeap
GetModuleFileNameW
VirtualQuery
SetEvent

user32

ScreenToClient
DispatchMessageA
LoadIconA
RegisterClassExA
GetSystemMetrics
CreateWindowExA
ShowWindow
UpdateWindow
ShowCursor
DefWindowProcA
PostMessageA
SetRect
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetClientRect
CopyRect
LoadCursorFromFileA
SetCursor
OffsetRect
GetDC
ReleaseDC
CharNextA
wsprintfA
MessageBoxA
FindWindowA
FindWindowExA
PeekMessageA
ReleaseCapture
SetCapture
TranslateMessage
GetCursorPos
GetClipboardData
IsClipboardFormatAvailable
CharPrevA

gdi32

SelectObject
GetTextExtentPoint32A
GetStockObject
GetDeviceCaps
DeleteObject
CreateFontIndirectA

advapi32

RegCloseKey
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
OpenProcessToken
GetTokenInformation
LookupAccountSidA
GetUserNameA

shell32

ShellExecuteA

ole32

CoFreeUnusedLibraries
CoUninitialize
CoCreateInstance
CoInitialize

freeimage

_FreeImage_GetBits@4
_FreeImage_SaveJPEG@12
_FreeImage_Unload@4
_FreeImage_GetInfo@4
_FreeImage_ConvertTo16Bits565@4
_FreeImage_Load@12

msvcp100

?always_noconv@codecvt_base@std@@QBE_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
??Bid@locale@std@@QAEIXZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_BADOFF@std@@3_JB
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?uncaught_exception@std@@YA_NXZ
?flags@ios_base@std@@QBEHXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

msvcr100

atol
_unlock
__CxxFrameHandler3
strcpy
_strupr
exit
strncat
atof
fgets
ftell
fopen_s
??0bad_cast@std@@QAE@PBD@Z
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_CRT_RTC_INITW
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
ungetc
realloc
_access
_mkdir
_strnicmp
_findfirst64i32
_findnext64i32
_findclose
_beginthreadex
strcpy_s
sprintf_s
_lock_file
_unlock_file
memcpy_s
_fseeki64
fgetpos
fsetpos
setvbuf
fflush
??0bad_cast@std@@QAE@ABV01@@Z
_itoa
memset
memcpy
_CItan
_CIcos
_CIsin
_CxxThrowException
_CIsqrt
_CIatan2
isalpha
??3@YAXPAX@Z
sprintf
??2@YAPAXI@Z
??1exception@std@@UAE@XZ
malloc
_mbsnbicmp
free
_pgmptr
fopen
fscanf
fclose
fprintf
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
memmove
memchr
_time64
rand
fwrite
sscanf
fseek
fread
_purecall
??_V@YAXPAX@Z
srand
strncpy
atoi
_vsnprintf
_atoi64
_i64toa
vsprintf
printf
fgetc
feof
fputc
strrchr
strtok
strstr
strncmp
fputs
??1bad_cast@std@@UAE@XZ

iphlpapi

GetAdaptersInfo

psapi

GetProcessImageFileNameA

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 685KB - Virtual size: 947KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92c6f0fa2b89687f8cedb2a0a122a1af

Headers

DLL Characteristics

File Characteristics

Imports

soundlib

winmm

ss3dgfunc

wsock32

dinput8

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

freeimage

msvcp100

msvcr100

iphlpapi

psapi

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 172KB - Virtual size: 172KB

.data Size: 685KB - Virtual size: 947KB

.rsrc Size: 102KB - Virtual size: 101KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 172KB - Virtual size: 172KB

.data
Size: 685KB - Virtual size: 947KB

.rsrc
Size: 102KB - Virtual size: 101KB