Static task
static1
Behavioral task
behavioral1
Sample
16f7de4aa952842035332b36d3a26bd081dd94c921fa83888b8115a18454d23d.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
16f7de4aa952842035332b36d3a26bd081dd94c921fa83888b8115a18454d23d.exe
Resource
win10v2004-20231023-en
General
-
Target
16f7de4aa952842035332b36d3a26bd081dd94c921fa83888b8115a18454d23d
-
Size
10.9MB
-
MD5
1e2ba746e9af9bc30db6a336d9c9e10b
-
SHA1
875b642f6763baff4e2f258d39ceaa4d8141f5f9
-
SHA256
16f7de4aa952842035332b36d3a26bd081dd94c921fa83888b8115a18454d23d
-
SHA512
9756b0721a52609687b2ce1cc8e3eca3374ff623298caadeac6944678edcd9ecfd4978c9a65fbe6e6e4573d64977f5550a2e29ed42356e9bd81d30e3566ce480
-
SSDEEP
98304:2YtO/oQxxvs/II8gtwZoftFhxj4ax4bjWKlMxPh1zgyjEh9TBYrGsl5ORvlbN2H2:2SO/1xxUAI8BK/Aax4jVlMpzc7LOZwm
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 16f7de4aa952842035332b36d3a26bd081dd94c921fa83888b8115a18454d23d
Files
-
16f7de4aa952842035332b36d3a26bd081dd94c921fa83888b8115a18454d23d.exe windows:6 windows x86 arch:x86
720c559e5d3580cc906bc3ca4d89a7ee
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
elementskill
?LearnCondition@ElementSkill@GNET@@SAHIAAULearnRequirement@2@H@Z
?GetAbilityPercent@ElementSkill@GNET@@SAHI@Z
?Condition@ElementSkill@GNET@@SAHIAAUUseRequirement@2@H@Z
?Destroy@ElementSkill@GNET@@QAEXXZ
?Create@ElementSkill@GNET@@SAPAV12@IH@Z
?SetLevel@ElementSkill@GNET@@SAHIH@Z
?GetEffect@ElementSkill@GNET@@SAPBDI@Z
?Query@VisibleState@GNET@@SAPBV12@HH@Z
?GetCommonCoolDown@ElementSkill@GNET@@SAHI@Z
?GetName@ElementSkill@GNET@@SAPB_WI@Z
?GetComboSkActivated@ElementSkill@GNET@@SAXABUComboSkillState@2@AAV?$vector@U?$pair@IH@std@@V?$allocator@U?$pair@IH@std@@@2@@std@@@Z
?SetAbility@ElementSkill@GNET@@SAHIH@Z
?LoadSkillData@ElementSkill@GNET@@SAXPAX@Z
?GoblinCondition@ElementSkill@GNET@@SAHIAAUGoblinUseRequirement@2@H@Z
?GetVersion@ElementSkill@GNET@@SAHXZ
?GetExecuteTime@ElementSkill@GNET@@SAHIH@Z
?GetNativeName@ElementSkill@GNET@@SAPBDI@Z
?GetRequiredBook@ElementSkill@GNET@@SAHIH@Z
?GetIcon@ElementSkill@GNET@@SAPBDI@Z
?NextSkill@ElementSkill@GNET@@SAII@Z
?GetComboSkPreSkill@ElementSkill@GNET@@SAHI@Z
?GetInherentSkills@ElementSkill@GNET@@SAABV?$vector@IV?$allocator@I@std@@@std@@H@Z
?InitStaticData@ElementSkill@GNET@@SAXXZ
?IsMovingSkill@ElementSkill@GNET@@SA_NI@Z
?GetAbility@ElementSkill@GNET@@SAHI@Z
?GetMaxAbility@ElementSkill@GNET@@SAHIH@Z
?GetRequiredLevel@ElementSkill@GNET@@SAHIH@Z
?GetRequiredRealmLevel@ElementSkill@GNET@@SAHIH@Z
?IsOverridden@ElementSkill@GNET@@SA_NI@Z
?GetType@ElementSkill@GNET@@SADI@Z
?IsGoblinSkill@ElementSkill@GNET@@SA_NI@Z
?Query@TeamState@GNET@@SAPBV12@H@Z
?GetRequiredSp@ElementSkill@GNET@@SAHIH@Z
?GetRequiredMoney@ElementSkill@GNET@@SAHIH@Z
?PetLearn@ElementSkill@GNET@@SAHIAAUPetRequirement@2@H@Z
?GoblinLearn@ElementSkill@GNET@@SAHIAAUGoblinRequirement@2@H@Z
immwrapper
?ReleaseImmEffect@AMImmWrapper@@QAE_NAAPAVAMImmEffect@@@Z
?Start@AMImmEffect@@QAE_NXZ
?LoadImmEffect@AMImmWrapper@@QAE_NPADPAPAVAMImmEffect@@@Z
?Stop@AMImmEffect@@QAE_NXZ
?Release@AMImmWrapper@@QAE_NXZ
?Init@AMImmWrapper@@QAE_NPAUHINSTANCE__@@PAUHWND__@@PAD2@Z
??1AMImmWrapper@@QAE@XZ
??0AMImmWrapper@@QAE@XZ
ftdriver
?CreateFTManager@@YAPAVIFTManager@@HHH@Z
speedtreert
?SetTime@CSpeedTreeRT@@SAXM@Z
?SetCamera@CSpeedTreeRT@@SAXPBM0@Z
?SetLightAttributes@CSpeedTreeRT@@SAXIPBM@Z
?SetLightState@CSpeedTreeRT@@SAXI_N@Z
?Authorize@CSpeedTreeRT@@SAXPBD@Z
??0STextures@CSpeedTreeRT@@QAE@XZ
??1SGeometry@CSpeedTreeRT@@QAE@XZ
??0SGeometry@CSpeedTreeRT@@QAE@XZ
?GetBoundingBox@CSpeedTreeRT@@QBEXPAM@Z
?SetTextureFlip@CSpeedTreeRT@@SAX_N@Z
??1STextures@CSpeedTreeRT@@QAE@XZ
?GetTextures@CSpeedTreeRT@@QBEXAAUSTextures@1@@Z
??0CSpeedTreeRT@@QAE@XZ
??1CSpeedTreeRT@@QAE@XZ
??2CSpeedTreeRT@@SAPAXI@Z
??3CSpeedTreeRT@@SAXPAX@Z
?Compute@CSpeedTreeRT@@QAE_NPBMI_N@Z
?MakeInstance@CSpeedTreeRT@@QAEPAV1@XZ
?LoadTree@CSpeedTreeRT@@QAE_NPBEI@Z
?GetTreeSize@CSpeedTreeRT@@QBEXAAM0@Z
?SetTreeSize@CSpeedTreeRT@@QAEXMM@Z
?SetTreePosition@CSpeedTreeRT@@QAEXMMM@Z
?SetBranchLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetLeafLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetFrondLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetLeafRockingState@CSpeedTreeRT@@QAEX_N@Z
?SetNumLeafRockingGroups@CSpeedTreeRT@@QAEXI@Z
?SetLeafWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetBranchWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetFrondWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetWindStrength@CSpeedTreeRT@@QAEMMMM@Z
?ComputeLodLevel@CSpeedTreeRT@@QAEXXZ
?SetLodLevel@CSpeedTreeRT@@QAEXM@Z
?SetDropToBillboard@CSpeedTreeRT@@SAX_N@Z
?SetLodLimits@CSpeedTreeRT@@QAEXMM@Z
?GetDiscreteLeafLodLevel@CSpeedTreeRT@@QBEGM@Z
?GetNumBranchLodLevels@CSpeedTreeRT@@QBEGXZ
?GetNumLeafLodLevels@CSpeedTreeRT@@QBEGXZ
?GetNumFrondLodLevels@CSpeedTreeRT@@QBEGXZ
?GetGeometry@CSpeedTreeRT@@QAEXAAUSGeometry@1@KFFF@Z
d3d9
Direct3DCreate9
d3dx9_43
D3DXVec3TransformCoord
D3DXGetImageInfoFromFileA
D3DXLoadSurfaceFromSurface
D3DXPlaneTransform
D3DXMatrixLookAtLH
D3DXMatrixShadow
D3DXSaveSurfaceToFileA
D3DXMatrixPerspectiveFovLH
D3DXCreateTextureFromFileInMemoryEx
D3DXVec4Transform
D3DXMatrixMultiply
D3DXMatrixRotationAxis
D3DXSaveTextureToFileA
D3DXGetImageInfoFromFileInMemory
D3DXCreateBuffer
D3DXAssembleShader
D3DXMatrixInverse
D3DXLoadSurfaceFromFileInMemory
D3DXMatrixOrthoOffCenterLH
dsound
ord11
wininet
HttpAddRequestHeadersA
HttpSendRequestA
HttpOpenRequestA
InternetReadFile
InternetCloseHandle
InternetOpenUrlW
InternetOpenA
HttpQueryInfoA
InternetConnectA
shlwapi
PathFindExtensionA
PathFileExistsA
PathAppendW
PathFileExistsW
StrToIntW
PathFindFileNameA
winmm
timeGetTime
ws2_32
__WSAFDIsSet
setsockopt
ioctlsocket
sendto
htons
recv
connect
ntohs
socket
bind
select
getsockname
inet_addr
WSAGetLastError
WSACleanup
WSAStartup
gethostbyname
inet_ntoa
closesocket
send
imm32
ImmGetDescriptionW
ImmNotifyIME
ImmSetCandidateWindow
ImmAssociateContext
ImmGetCompositionStringW
ImmGetDefaultIMEWnd
ImmGetConversionStatus
ImmGetCandidateListA
ImmGetIMEFileNameA
ImmGetOpenStatus
ImmSetCompositionStringW
ImmSetConversionStatus
ImmGetCompositionStringA
ImmGetCandidateListW
ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow
ImmGetProperty
ImmIsIME
ddraw
DirectDrawCreate
zlibwapi
ord26
ord2
ord46
version
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA
glu32
gluDeleteTess
gluTessEndPolygon
gluTessProperty
gluNewTess
gluTessBeginContour
gluTessVertex
gluTessEndContour
gluTessBeginPolygon
gluTessCallback
kernel32
GetNativeSystemInfo
WaitForSingleObjectEx
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
ReadConsoleW
GetFullPathNameW
GetSystemTimeAsFileTime
EncodePointer
SetStdHandle
FlushFileBuffers
GetFileAttributesExW
HeapReAlloc
GetTimeZoneInformation
RemoveDirectoryW
HeapSize
GetExitCodeProcess
MoveFileExW
CreatePipe
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
TlsGetValue
TlsSetValue
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
InterlockedPopEntrySList
GetModuleFileNameA
EnterCriticalSection
GetCurrentProcess
GetModuleFileNameW
LeaveCriticalSection
CreateFileW
GetCurrentThreadId
GetLastError
GetCurrentThread
CloseHandle
LoadLibraryW
GetProcAddress
GetCurrentProcessId
FreeLibrary
lstrcpyW
IsBadReadPtr
GetTickCount
GetCommandLineA
TlsFree
InterlockedPushEntrySList
FindFirstFileW
FindNextFileW
FindClose
DeleteFileW
VirtualProtect
InitializeCriticalSection
WaitForSingleObject
GetModuleHandleA
LoadLibraryA
CreateThread
DeleteCriticalSection
Process32First
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
Process32Next
ReadProcessMemory
VirtualQueryEx
lstrlenA
GetVersionExW
Sleep
GetSystemInfo
GlobalMemoryStatus
HeapFree
HeapAlloc
GetProcessHeap
SystemTimeToFileTime
GetSystemTime
CreateFileA
GetModuleHandleW
FlushInstructionCache
CreateMutexW
ReleaseMutex
IsBadWritePtr
WritePrivateProfileStringW
GetPrivateProfileIntW
OutputDebugStringW
GlobalAlloc
GlobalLock
WideCharToMultiByte
GlobalUnlock
MultiByteToWideChar
DeleteFileA
InitializeCriticalSectionAndSpinCount
ExitThread
CreateEventW
SetEvent
RaiseException
GetCurrentDirectoryW
DecodePointer
InitializeCriticalSectionEx
FindFirstFileA
FindNextFileA
CreateDirectoryA
WritePrivateProfileStringA
GetPrivateProfileIntA
WaitForMultipleObjects
GetExitCodeThread
CopyFileA
ResetEvent
GetLocalTime
GetFileSize
ReadFile
GetCommandLineW
OutputDebugStringA
ResumeThread
ExitProcess
IsDebuggerPresent
WriteFile
CreateNamedPipeW
CreateMutexA
CreateProcessW
ConnectNamedPipe
GetDiskFreeSpaceA
SignalObjectAndWait
SetThreadPriority
SetThreadPriorityBoost
GetPrivateProfileStringW
GetCurrentDirectoryA
GetVersion
SetCurrentDirectoryA
SuspendThread
DuplicateHandle
GetPrivateProfileStringA
SetCurrentDirectoryW
OpenFile
ReleaseSemaphore
CreateSemaphoreW
SizeofResource
SetLastError
LoadResource
FindResourceW
QueueUserAPC
lstrcmpiW
lstrcmpW
MulDiv
LoadLibraryExW
QueryPerformanceFrequency
QueryPerformanceCounter
SetFilePointer
lstrlenW
IsDBCSLeadByteEx
GlobalSize
GlobalFree
GlobalReAlloc
WinExec
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
LocalAlloc
GetWindowsDirectoryA
IsDBCSLeadByte
GetLocaleInfoA
CompareStringA
GetVersionExA
VirtualFree
VirtualAlloc
FormatMessageA
LoadLibraryExA
RtlUnwind
GetModuleHandleExW
TlsAlloc
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CreateDirectoryW
FindFirstFileExW
FreeLibraryAndExitThread
VirtualQuery
SetEndOfFile
GetTempPathW
GetStdHandle
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
GetFileAttributesA
EnumSystemLocalesW
WriteConsoleW
user32
GetCapture
SetForegroundWindow
UpdateWindow
LoadCursorW
AdjustWindowRect
MoveWindow
RegisterClassExW
GetSystemMetrics
CreateWindowExW
DefWindowProcW
ReleaseDC
GetDC
GetAncestor
RegisterWindowMessageW
GetParent
GetClassInfoExW
GetDesktopWindow
KillTimer
GetDlgItem
CharNextW
SetFocus
CreateAcceleratorTableW
GetSysColor
IsChild
DestroyAcceleratorTable
SetWindowLongA
RedrawWindow
SetTimer
InvalidateRgn
FillRect
keybd_event
DestroyWindow
GetFocus
CallWindowProcW
GetMessageW
GetWindowTextLengthW
SendMessageA
IntersectRect
SetRect
DestroyCursor
LoadCursorFromFileA
RegisterClipboardFormatW
GetClipboardData
CreateCaret
GetKeyboardLayout
SetCapture
IsWindowUnicode
EnumThreadWindows
GetWindowDC
CreateWindowExA
WindowFromDC
GetCaretBlinkTime
PostMessageA
ReleaseCapture
IsWindowEnabled
FindWindowW
GetClassNameW
IsZoomed
IsIconic
GetWindowTextW
GetActiveWindow
GetClientRect
PostMessageW
ClientToScreen
GetKeyState
OpenClipboard
CloseClipboard
EmptyClipboard
SetClipboardData
ScreenToClient
GetCursorPos
PostQuitMessage
EnumWindows
GetWindowRect
GetWindowThreadProcessId
GetWindow
GetClassNameA
GetWindowTextA
GetTopWindow
wsprintfW
MessageBoxW
LoadIconW
ChangeDisplaySettingsW
DispatchMessageW
PeekMessageW
MessageBoxA
GetForegroundWindow
SetCaretPos
SetWindowPos
IsWindowVisible
GetWindowLongW
IsWindow
GetMenuBarInfo
UnregisterClassW
SendMessageW
EnumChildWindows
SetActiveWindow
SetCursorPos
SetCursor
GetGUIThreadInfo
BeginPaint
EndPaint
SetWindowTextW
AdjustWindowRectEx
TranslateMessage
GetAsyncKeyState
InvalidateRect
SetWindowLongW
ShowWindow
gdi32
CreateDIBSection
CreateSolidBrush
DeleteDC
GetDeviceCaps
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
ExtTextOutW
SetTextAlign
SetBkColor
SetTextColor
GetObjectW
GetTextExtentPoint32W
CreateFontW
TextOutA
EnumFontFamiliesExW
CreateFontIndirectW
PtInRegion
CreatePolygonRgn
GetGlyphOutlineW
CreateEllipticRgn
GetDIBits
DeleteObject
GetStockObject
SetMapMode
BitBlt
advapi32
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExA
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
OpenThreadToken
shell32
SHOpenFolderAndSelectItems
ShellExecuteA
Shell_NotifyIconW
ShellExecuteW
ShellExecuteExA
SHGetFolderPathW
ole32
OleUninitialize
CLSIDFromProgID
CoTaskMemAlloc
CoCreateInstance
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize
CoTaskMemRealloc
CLSIDFromString
CoInitializeEx
CoGetClassObject
CoUninitialize
CoInitialize
OleLockRunning
CoTaskMemFree
oleaut32
LoadRegTypeLi
VariantInit
LoadTypeLi
OleCreateFontIndirect
SysAllocString
VariantCopy
DispCallFunc
SysStringLen
SysFreeString
VariantClear
VarUI4FromStr
SysAllocStringLen
urlmon
URLDownloadToFileW
Sections
.text Size: 8.4MB - Virtual size: 8.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 274KB - Virtual size: 433KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_RDATA Size: 156KB - Virtual size: 155KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 32KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 560KB - Virtual size: 560KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ