quake2[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

quake2.exe
Size

348KB
MD5

9f5bf44c2f82a7b07edb1a856dde02ec
SHA1

96ad2e8376cec6993a8edbf4227f2e5a1102e3c5
SHA256

0039dc489aa9799f6bb8217a856a65c94569d8c6feb3717e2c50c6e3776d678b
SHA512

56359daede5cab7ffb0ec1e993f7d7ed781129f63cd5e19a340ab0679c17deab9495f87e6136e4918ccf539c2b84e1fd6e185a5ed28d086bf18dc462bd74f619
SSDEEP

6144:1QLV0VhSapkgtHOnvwCSmJYzT2omrKSlgjOZCy0a2FrpZ/3Ln:8IpttHWsNGhrlGyyFrr/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
quake2.exe

Files

quake2.exe
.exe windows:4 windows x86

ce0be820156b8498c7c69a98f77c085d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

joyGetDevCapsA
joyGetPosEx
mciSendCommandA
timeGetTime
waveOutClose
joyGetNumDevs
waveOutReset
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutWrite
timeEndPeriod
waveOutOpen
timeBeginPeriod

wsock32

sendto
ntohs
htons
WSAGetLastError
recvfrom
setsockopt
closesocket
bind
select
inet_ntoa
socket
WSAStartup
ioctlsocket
gethostbyname

kernel32

FlushFileBuffers
SetEnvironmentVariableW
SetEndOfFile
SetEnvironmentVariableA
GetOEMCP
GetACP
CompareStringW
CompareStringA
GetCPInfo
CreateFileA
SetStdHandle
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
GetProcAddress
LoadLibraryA
GetStdHandle
CloseHandle
CreateEventA
SetEvent
WaitForMultipleObjects
MapViewOfFile
UnmapViewOfFile
GetConsoleScreenBufferInfo
ReadConsoleOutputCharacterA
WriteConsoleInputA
SetConsoleScreenBufferSize
SetConsoleWindowInfo
GetLargestConsoleWindowSize
VirtualAlloc
GetLastError
VirtualFree
FreeLibrary
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FreeConsole
GetDriveTypeA
SetErrorMode
AllocConsole
GetVersionExA
GetNumberOfConsoleInputEvents
WriteFile
ReadConsoleInputA
GlobalSize
Sleep
OutputDebugStringA
CreateDirectoryA
FindFirstFileA
SetHandleCount
WideCharToMultiByte
GetFileType
ReadFile
SetFilePointer
RaiseException
TlsGetValue
SetLastError
TlsAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
IsBadWritePtr
HeapReAlloc
HeapCreate
HeapDestroy
UnhandledExceptionFilter
FindNextFileA
GetVersion
GetCommandLineA
GetModuleFileNameA
GetModuleHandleA
GetFullPathNameA
HeapFree
HeapAlloc
RtlUnwind
MoveFileA
CreateThread
GetCurrentThreadId
TlsSetValue
ExitThread
InterlockedDecrement
InterlockedIncrement
GetEnvironmentVariableA
GetTimeZoneInformation
GetStartupInfoA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
DeleteFileA
GetSystemTime
GetLocalTime
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentDirectoryA

user32

DefWindowProcA
MoveWindow
SetWindowLongA
UnregisterHotKey
RegisterWindowMessageA
GetWindowLongA
RegisterHotKey
ShowWindow
SetForegroundWindow
OpenClipboard
GetClipboardData
CloseClipboard
PeekMessageA
DispatchMessageA
GetMessageA
TranslateMessage
MessageBoxA
GetCursorPos
ReleaseCapture
SystemParametersInfoA
SetCapture
GetWindowRect
SetCursorPos
SetRect
ClipCursor
ShowCursor
GetSystemMetrics
AdjustWindowRect

Sections

.text
Size: 272KB - Virtual size: 271KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 7.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce0be820156b8498c7c69a98f77c085d

Headers

File Characteristics

Imports

winmm

wsock32

kernel32

user32

Sections

.text Size: 272KB - Virtual size: 271KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 60KB - Virtual size: 7.2MB

.rsrc Size: 4KB - Virtual size: 928B

.text
Size: 272KB - Virtual size: 271KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 60KB - Virtual size: 7.2MB

.rsrc
Size: 4KB - Virtual size: 928B