f3ae87b305407aba7465be9eaa87e362afad26cc62babddc0d231cf7bca1861c

Sharing

Copy URL Twitter E-mail

General

Target

f3ae87b305407aba7465be9eaa87e362afad26cc62babddc0d231cf7bca1861c
Size

5.1MB
MD5

89e8d3d4e15dd4e32e1618dfbfb0208f
SHA1

4d81fa306c652993b0e76242c628ccf096afb2b2
SHA256

f3ae87b305407aba7465be9eaa87e362afad26cc62babddc0d231cf7bca1861c
SHA512

75931b2c5b68254f17d38c75086953a4e2371c6327d9ee75b7ad61547724931f37e2f762bf4e9fe005df97dc2f20c7a813742d3e824f8f592302a8c6a5836199
SSDEEP

98304:PNZzHHPi2d2zl8QX5yPyu3ohMYAAJUctqzYJduDQlK/sEwY1:Hn32zUrYhMYAxV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f3ae87b305407aba7465be9eaa87e362afad26cc62babddc0d231cf7bca1861c

Files

f3ae87b305407aba7465be9eaa87e362afad26cc62babddc0d231cf7bca1861c
.exe windows:6 windows x86 arch:x86

f293ecd475d761b5a2377c19fd7f280f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

imm32

ImmSetCompositionStringW
ImmGetCandidateListA
ImmGetConversionStatus
ImmSetConversionStatus
ImmGetCompositionStringA
ImmSimulateHotKey
ImmGetOpenStatus
ImmGetDescriptionW
ImmGetCandidateListW
ImmGetDefaultIMEWnd
ImmGetIMEFileNameA
ImmSetCompositionWindow
ImmNotifyIME
ImmGetCompositionStringW
ImmAssociateContext
ImmReleaseContext
ImmGetContext
ImmIsIME
ImmGetProperty
ImmGetVirtualKey
ImmSetOpenStatus
ImmSetCandidateWindow

ftdriver

?CreateFTManager@@YAPAVIFTManager@@HHH@Z

mediaplayer

?SetVideoCallBack@CMediaPlayer@SMediaPlayer@@QAEXP6A_NPAXPAEIN_N@Z0@Z
?SetVolume@CMediaPlayer@SMediaPlayer@@QAEXK@Z
?Release@CMediaPlayer@SMediaPlayer@@QAEXXZ
?Init@CMediaPlayer@SMediaPlayer@@QAE_NPBDPAUIDirectSound8@@@Z
??1CMediaPlayer@SMediaPlayer@@QAE@XZ
??0CMediaPlayer@SMediaPlayer@@QAE@XZ
?SetIsLoop@CMediaPlayer@SMediaPlayer@@QAEX_N@Z
?Stop@CMediaPlayer@SMediaPlayer@@QAE_NXZ
?Play@CMediaPlayer@SMediaPlayer@@QAE_NXZ

kernel32

CloseHandle
ResetEvent
CreateEventA
SetEvent
ReleaseSemaphore
CreateSemaphoreA
GetTickCount
CreateFileA
CancelIo
ReadDirectoryChangesW
GetProcAddress
LoadLibraryA
QueryPerformanceCounter
QueryPerformanceFrequency
IsDBCSLeadByteEx
TryEnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
OpenThread
SetThreadPriority
GetThreadPriority
SuspendThread
ResumeThread
GetThreadContext
FlushInstructionCache
GetSystemInfo
VirtualAlloc
VirtualFree
VirtualQuery
VirtualProtectEx
GetFileAttributesA
GetModuleHandleW
OutputDebugStringW
GetModuleFileNameA
WinExec
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
GetWindowsDirectoryA
GlobalUnlock
GlobalLock
LocalAlloc
GetLastError
WideCharToMultiByte
GlobalFree
VirtualProtect
IsDBCSLeadByte
GetVersionExA
lstrlenA
lstrlenW
CompareStringA
GetLocaleInfoA
ReleaseMutex
CreateMutexA
CreateEventW
ExitProcess
MultiByteToWideChar
GetLocalTime
GetCurrentThreadId
OutputDebugStringA
CreateDirectoryA
CreateThread
Sleep
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
DebugBreak
DeleteCriticalSection
LeaveCriticalSection
SystemTimeToFileTime
CreateFileW
FormatMessageA
SetFilePointer
ReadFile
EnterCriticalSection
InitializeCriticalSection
GetCurrentDirectoryA
GetModuleHandleA
GlobalAlloc

user32

GetAncestor
GetMenuBarInfo
GetGUIThreadInfo
GetWindow
EnumChildWindows
SetWindowLongW
GetWindowLongW
SetActiveWindow
GetActiveWindow
IsZoomed
IsIconic
PostMessageW
keybd_event
PeekMessageW
GetMessageW
GetCaretBlinkTime
IsWindowUnicode
GetFocus
IntersectRect
GetForegroundWindow
CharNextW
SendMessageW
GetClassNameA
EnumThreadWindows
GetParent
InvalidateRect
WindowFromDC
IsWindowVisible
SetWindowPos
CreateWindowExW
GetSysColor
GetWindowRect
GetWindowDC
IsWindow
GetWindowThreadProcessId
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
DefWindowProcW
FillRect
SetRect
EnumDisplaySettingsA
ChangeDisplaySettingsA
MessageBoxW
ReleaseDC
GetDC
FindWindowA
SendMessageA
MessageBoxA
GetKeyboardLayout
ScreenToClient
ClientToScreen
GetCursorPos
GetClientRect
ReleaseCapture
SetCapture
GetAsyncKeyState
DefWindowProcA
GetMessageA
GetKeyState
TranslateMessage
DispatchMessageA
PeekMessageA
PostQuitMessage
RegisterClassExA
CreateWindowExA
ShowWindow
MoveWindow
GetSystemMetrics
UpdateWindow
SetForegroundWindow
SetWindowTextA
AdjustWindowRect
SetCursor
LoadCursorA
LoadIconA
PostMessageA

gdi32

GetStockObject
SetMapMode
CreateDIBSection
SetBkColor
SetTextColor
SetTextAlign
GetDeviceCaps
CreateSolidBrush
SetPixel
TextOutA
BitBlt
CreateCompatibleBitmap
GetDIBits
GetObjectW
ExtTextOutW
CreateCompatibleDC
CreateFontA
DeleteDC
DeleteObject
GetTextExtentPoint32A
ExtTextOutA
SelectObject

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

ole32

CoInitialize
CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

VariantClear
SysFreeString

msvcp140

?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPBD@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Xout_of_range@std@@YAXPBD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z

winmm

timeGetTime

netapi32

Netbios

vcruntime140

__std_type_info_destroy_list
__current_exception_context
__current_exception
wcschr
memchr
strchr
__RTDynamicCast
__std_terminate
memmove
memcpy
_CxxThrowException
__std_exception_destroy
__std_exception_copy
_purecall
wcsstr
wcsrchr
strstr
strrchr
memset
__CxxFrameHandler3
longjmp
_setjmp3
_except_handler4_common

api-ms-win-crt-string-l1-1-0

_wcslwr
strcspn
isupper
wcscspn
isxdigit
ispunct
strpbrk
_wcsupr
islower
_strnicmp
_wcsicmp
_strupr
_strlwr
_strdup
strncpy
strcat_s
wcscpy_s
wcscat_s
strncat
iscntrl
wcsncat
isdigit
wcsncpy
toupper
strcpy_s
strncmp
tolower
_stricmp
strtok
isalpha
isspace
isalnum
strcoll

api-ms-win-crt-heap-l1-1-0

_callnewh
realloc
free
_set_new_mode
malloc
calloc

api-ms-win-crt-math-l1-1-0

ceil
_fpclass
_libm_sse2_acos_precise
_libm_sse2_sqrt_precise
_isnan
floor
ldexp
_libm_sse2_log_precise
_libm_sse2_tan_precise
_libm_sse2_exp_precise
_libm_sse2_atan_precise
_CIfmod
modf
__setusermatherr
_libm_sse2_sin_precise
_libm_sse2_asin_precise
_CIcosh
_CIsinh
_CItanh
_libm_sse2_log10_precise
frexp
_CIatan2
_except1
_libm_sse2_pow_precise
_libm_sse2_cos_precise

api-ms-win-crt-stdio-l1-1-0

fflush
__stdio_common_vsprintf_p
_set_fmode
fseek
fclose
ftell
fwrite
__stdio_common_vfprintf_p
__stdio_common_vfprintf_s
fopen
fread
__stdio_common_vswprintf_s
ungetc
__stdio_common_vswprintf_p
__stdio_common_vsnwprintf_s
__stdio_common_vfwscanf
__stdio_common_vfwprintf_p
__stdio_common_vfprintf
__stdio_common_vfwprintf_s
__stdio_common_vsnprintf_s
getc
__stdio_common_vswscanf
__stdio_common_vfwprintf
_fseeki64
__stdio_common_vsprintf
__acrt_iob_func
_ftelli64
_chsize_s
_fileno
tmpnam
feof
ferror
fputc
__stdio_common_vsscanf
__stdio_common_vfscanf
tmpfile
setvbuf
_popen
_pclose
clearerr
fputs
fgets
__stdio_common_vsprintf_s
__p__commode
__stdio_common_vswprintf
freopen

api-ms-win-crt-filesystem-l1-1-0

remove
_access
rename
_fstat64i32
_stat64i32

api-ms-win-crt-convert-l1-1-0

_wtof
atoi
_wtoi
strtoul
strtod
atof

api-ms-win-crt-utility-l1-1-0

qsort
srand
rand

api-ms-win-crt-time-l1-1-0

_difftime64
_localtime64
_gmtime64
_mktime64
strftime
_time64
clock

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_initialize_onexit_table
_configure_narrow_argv
_seh_filter_dll
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
terminate
_seh_filter_exe
_set_app_type
strerror
_get_narrow_winmain_command_line
_initterm
_initterm_e
_exit
_wassert
_c_exit
_register_thread_local_exe_atexit_callback
exit
perror
_errno
system
_controlfp_s
_invalid_parameter_noinfo_noreturn
_register_onexit_function

api-ms-win-crt-conio-l1-1-0

__conio_common_vcwprintf

api-ms-win-crt-multibyte-l1-1-0

_mbsnbcmp
_mbscmp
_mbsnbcpy

api-ms-win-crt-locale-l1-1-0

setlocale
_configthreadlocale
localeconv

d3d9

Direct3DCreate9

d3dx9_43

D3DXMatrixRotationQuaternion
D3DXCompileShader
D3DXAssembleShader
D3DXCreateBuffer
D3DXGetShaderConstantTable
D3DXCreateEffectCompiler
D3DXMatrixOrthoOffCenterLH
D3DXSaveVolumeToFileA
D3DXSaveSurfaceToFileA
D3DXCreateEffectEx
D3DXSaveTextureToFileA
D3DXCreateVolumeTextureFromFileInMemoryEx
D3DXCreateCubeTextureFromFileInMemoryEx
D3DXCreateTextureFromFileInMemoryEx
D3DXGetImageInfoFromFileInMemory
D3DXMatrixRotationAxis
D3DXMatrixMultiply
D3DXVec3TransformCoord
D3DXMatrixPerspectiveFovLH
D3DXSaveTextureToFileInMemory
D3DXMatrixLookAtLH
D3DXLoadSurfaceFromSurface
D3DXPlaneTransform
D3DXQuaternionRotationMatrix
D3DXLoadSurfaceFromFileInMemory

shlwapi

PathFindExtensionA
PathCanonicalizeA
PathIsDirectoryA
PathFileExistsA

physxloader

NxReleasePhysicsSDK
NxGetCookingLib
NxGetPhysicsSDKAllocator
NxGetUtilLib
NxCreatePhysicsSDK

api-ms-win-crt-environment-l1-1-0

getenv

dsound

ord11

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 658KB - Virtual size: 657KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 282KB - Virtual size: 18.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f293ecd475d761b5a2377c19fd7f280f

Headers

DLL Characteristics

File Characteristics

Imports

version

imm32

ftdriver

mediaplayer

kernel32

user32

gdi32

advapi32

ole32

oleaut32

msvcp140

winmm

netapi32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-conio-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-locale-l1-1-0

d3d9

d3dx9_43

shlwapi

physxloader

api-ms-win-crt-environment-l1-1-0

dsound

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.rdata Size: 658KB - Virtual size: 657KB

.data Size: 282KB - Virtual size: 18.4MB

_RDATA Size: 512B - Virtual size: 48B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 188KB - Virtual size: 188KB

.text
Size: 4.0MB - Virtual size: 4.0MB

.rdata
Size: 658KB - Virtual size: 657KB

.data
Size: 282KB - Virtual size: 18.4MB

_RDATA
Size: 512B - Virtual size: 48B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 188KB - Virtual size: 188KB