3858c0d81bb798a6b9ec37628f4ffc0e0aac85eb89de8e4a3c2502f4d27150e3

Sharing

Copy URL Twitter E-mail

General

Target

3858c0d81bb798a6b9ec37628f4ffc0e0aac85eb89de8e4a3c2502f4d27150e3
Size

5.2MB
MD5

6699e36e4f40b61047c89eb5c5b11b7a
SHA1

35e17ad8634631cea239354f3dff76b87e25ae73
SHA256

3858c0d81bb798a6b9ec37628f4ffc0e0aac85eb89de8e4a3c2502f4d27150e3
SHA512

f468af8b653b4b0503e3ee7870581f805b7bffff292fd1d2f601bf52bf33bf2c432423d4ae40daedee49ccc0a4bdf034adca35223db0c302299e17086924c446
SSDEEP

49152:R38Zir1tj2nxtBB5LFZfuABoxceStRwOzckb+L26iphi9Hbml:Z8ZianxtFLFZWn+ejnp26+Ail

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3858c0d81bb798a6b9ec37628f4ffc0e0aac85eb89de8e4a3c2502f4d27150e3

Files

3858c0d81bb798a6b9ec37628f4ffc0e0aac85eb89de8e4a3c2502f4d27150e3
.exe windows:4 windows x86 arch:x86

b62dc9644cc1f78a6e6f56d427f8bce6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

soundlib

CreateSoundLib

winmm

timeGetTime

ss3dgfunc

_CrossProduct@12
_COLORtoDWORD@16
_MatrixMultiply2@12
_TransformV3TOV4@16
_Normalize@8
_CalcDistance@8
_WriteTGA@24
_RotatePositionWithPivot@24
_SetRotationXMatrix@8
_SetRotationYMatrix@8
_TransformVector3_VPTR2@16
_SetInverseMatrix@8
_VECTOR3Length@4

wsock32

recv
WSAStartup
WSACleanup
gethostbyname
ioctlsocket
connect
inet_addr
send
socket
htons
closesocket

dinput8

DirectInput8Create

kernel32

CompareStringA
SetEndOfFile
CreateFileW
VirtualQuery
GetTimeZoneInformation
GetConsoleOutputCP
WriteConsoleA
RtlUnwind
GetSystemTimeAsFileTime
FindClose
FindNextFileA
DeleteFileA
RemoveDirectoryA
FindFirstFileA
CloseHandle
WriteProcessMemory
OpenProcess
GetCurrentProcessId
GetLastError
CreateDirectoryA
WaitForSingleObject
SetUnhandledExceptionFilter
lstrcpynA
GetModuleFileNameA
GetCurrentProcess
GetCurrentThreadId
CreateFileA
lstrcatA
GetProcAddress
LoadLibraryA
lstrcpyA
FormatMessageA
GetModuleHandleA
IsBadReadPtr
GetTickCount
Sleep
FreeLibrary
GetVersionExA
GetLocalTime
MultiByteToWideChar
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpiA
InterlockedDecrement
DeviceIoControl
IsDBCSLeadByte
lstrlenA
GetCurrentDirectoryA
MulDiv
OutputDebugStringA
QueryDosDeviceA
GetLogicalDriveStringsA
Process32Next
Process32First
CreateToolhelp32Snapshot
CompareStringW
Module32Next
Module32First
ReadFile
RaiseException
GlobalFree
GetSystemTime
CreateProcessA
GetTempPathA
CopyFileA
SetFileAttributesA
GetSystemDefaultLangID
LCMapStringA
WideCharToMultiByte
GetFileSize
OpenFile
lstrcmpA
SetCurrentDirectoryA
GetCommandLineA
GetLocaleInfoW
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
LoadLibraryW
DebugBreak
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
SetFilePointer
SetConsoleCtrlHandler
SetHandleCount
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
HeapReAlloc
VirtualAlloc
FatalAppExitA
VirtualFree
HeapCreate
InterlockedIncrement
HeapDestroy
HeapSize
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsAlloc
SetEnvironmentVariableA
LocalFree
lstrlenW
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
CreateThread
LeaveCriticalSection
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetProcessHeap
GetStartupInfoA
TlsGetValue
GetCPInfo
LCMapStringW
GetModuleFileNameW
GetStdHandle
GetFileType
WriteConsoleW
ExitProcess
GetFileAttributesA
FileTimeToSystemTime
FileTimeToLocalFileTime
ExitThread
WriteFile
SetStdHandle

user32

MessageBoxA
wsprintfA
ShowCursor
UpdateWindow
ShowWindow
CreateWindowExA
GetSystemMetrics
EndDialog
DefWindowProcA
SetCapture
ReleaseCapture
GetCursorPos
ScreenToClient
IsClipboardFormatAvailable
GetClipboardData
CharPrevA
GetDC
ReleaseDC
OffsetRect
SetCursor
LoadCursorFromFileA
CopyRect
GetClientRect
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SendMessageA
SetRect
PostMessageA
CharNextA
UnregisterHotKey
RegisterHotKey
PeekMessageA
TranslateMessage
DispatchMessageA
LoadIconA
RegisterClassExA

gdi32

AddFontResourceExA
GetDeviceCaps
SelectObject
GetTextExtentPoint32A
CreateFontIndirectA
DeleteObject
GetStockObject
RemoveFontResourceExA

advapi32

RegCloseKey
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA

shell32

ShellExecuteA

ole32

CoFreeUnusedLibraries
CoInitializeEx
CoCreateInstance
CoUninitialize
CoSetProxyBlanket
CoInitialize

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear
SetErrorInfo
VariantChangeType
CreateErrorInfo
GetErrorInfo

freeimage

_FreeImage_GetInfo@4
_FreeImage_ConvertTo16Bits565@4
_FreeImage_GetBits@4
_FreeImage_Unload@4
_FreeImage_Load@12
_FreeImage_SaveJPEG@12

iphlpapi

GetAdaptersInfo

psapi

GetProcessImageFileNameA

msvcrt

strncpy

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 952KB - Virtual size: 952KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b62dc9644cc1f78a6e6f56d427f8bce6

Headers

File Characteristics

Imports

soundlib

winmm

ss3dgfunc

wsock32

dinput8

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

freeimage

iphlpapi

psapi

msvcrt

Sections

.text Size: 4.3MB - Virtual size: 4.3MB

.sedata Size: 952KB - Virtual size: 952KB

.idata Size: 8KB - Virtual size: 8KB

.rsrc Size: 8KB - Virtual size: 8KB

.sedata Size: 4KB - Virtual size: 4KB

.text
Size: 4.3MB - Virtual size: 4.3MB

.sedata
Size: 952KB - Virtual size: 952KB

.idata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 8KB - Virtual size: 8KB

.sedata
Size: 4KB - Virtual size: 4KB