7c89c22b89ea15e80a2f8024ef057e0c

Sharing

Copy URL Twitter E-mail

General

Target

7c89c22b89ea15e80a2f8024ef057e0c
Size

3.9MB
MD5

7c89c22b89ea15e80a2f8024ef057e0c
SHA1

b97874b15cb5530967ba24a2c495d23b7cebe8c6
SHA256

e635f12a65dd7a8fa9ba5ba019cee9391480b537a25f66bc0285fb51073118db
SHA512

db1ea7c3c2f63e522d5bd5d0c1275184630c44cb2393a8560c7abf8d77f0e350dd5ed3f7f06b3112dea4f6f4c38435484e356cdb0179d709e2011c67d0d22fac
SSDEEP

98304:HQKxz548cfD3OamnVqxZ5f5A2xLafzf2cq6loMDIc7vb8:Nxz5jMD3+acqoGcP8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7c89c22b89ea15e80a2f8024ef057e0c

Files

7c89c22b89ea15e80a2f8024ef057e0c
.exe windows:4 windows x86 arch:x86

dbfb2b9b8b904df25f95695cb80c1003

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyA
RegCloseKey
RegCreateKeyExA
RegOpenKeyA
RegSetValueExA
RegQueryValueExA

dinput8

DirectInput8Create

gdi32

EnumFontFamiliesA
AddFontResourceA
CreateDCA
CreateCompatibleBitmap
GetObjectA
SelectPalette
RealizePalette
GetDIBits
GetSystemPaletteEntries
CreatePalette
BitBlt
GetDeviceCaps
ExtTextOutA
GetTextExtentPoint32A
CreateDIBSection
SetTextColor
SetBkColor
SetTextAlign
SetMapMode
DeleteDC
CreateCompatibleDC
CreateFontA
SelectObject
DeleteObject
GetStockObject
SetBkMode
SetROP2

imm32

ImmIsIME
ImmGetContext
ImmSetStatusWindowPos
ImmReleaseContext
ImmAssociateContext

kernel32

InterlockedIncrement
InterlockedDecrement
GlobalUnlock
GlobalLock
GlobalReAlloc
GetTempFileNameA
CopyFileA
GetWindowsDirectoryA
SetThreadAffinityMask
GetCurrentThread
CreateMutexA
GlobalMemoryStatus
InterlockedExchange
GetLocaleInfoW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
SetStdHandle
GetStringTypeW
GetStringTypeA
IsBadCodePtr
FlushFileBuffers
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetVersionExA
GetOEMCP
GetACP
GetCPInfo
HeapSize
HeapReAlloc
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetSystemTimeAsFileTime
HeapAlloc
GetCommandLineA
GetStartupInfoA
MoveFileA
GetFileAttributesA
RaiseException
MultiByteToWideChar
GetTimeZoneInformation
GetCurrentProcess
ExitProcess
RtlUnwind
SetEndOfFile
GetVersion
IsBadReadPtr
GetSystemInfo
VirtualAlloc
VirtualFree
VirtualProtect
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapFree
LoadLibraryA
FreeLibrary
GetPrivateProfileIntA
GetPrivateProfileStringA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
FindNextFileA
WritePrivateProfileStringA
GetCurrentDirectoryA
CreateDirectoryA
FindFirstFileA
FindClose
lstrcpynA
Sleep
GetTickCount
lstrcpyA
GetLastError
lstrcatA
DeleteFileA
GetLocalTime
SetFilePointer
GetFileSize
GlobalAlloc
GlobalFree
GetModuleFileNameA
WriteFile
QueryPerformanceFrequency
QueryPerformanceCounter
MulDiv
CreateFileA
CloseHandle
lstrcmpA
lstrlenA
SetCurrentDirectoryA
ReadFile
lstrlenW
WideCharToMultiByte
GetModuleHandleA
TerminateProcess
GetProcAddress
GetSystemTime
CreateFileW
lstrcmpiA

oleaut32

SafeArrayCreate
VariantChangeType
VariantInit
SysAllocString
VariantClear
SafeArrayAccessData
SafeArrayUnaccessData
VariantCopy

shell32

ShellExecuteA

user32

ChangeDisplaySettingsA
EnumDisplaySettingsA
AdjustWindowRect
FlashWindow
RegisterClassExA
LoadIconA
DispatchMessageA
SetRect
PtInRect
ReleaseDC
SetForegroundWindow
InvalidateRect
ScreenToClient
GetDoubleClickTime
IsRectEmpty
CopyRect
UnregisterClassA
GetPropA
SetPropA
TranslateMessage
PeekMessageA
GetDC
SendMessageA
SetWindowLongA
CreateWindowExA
GetKeyboardLayout
CallWindowProcA
SetFocus
RemovePropA
MoveWindow
GetWindowTextA
CharLowerA
wsprintfA
MessageBoxA
GetActiveWindow
DefWindowProcA
GetClientRect
PostQuitMessage
ShowCursor
GetCursorPos
SetRectEmpty
EqualRect
GetAsyncKeyState
SetCursorPos
ClientToScreen
GetParent
SetCursor
GetCursor
DestroyWindow
ClipCursor
GetWindowRect
ShowWindow
UpdateWindow
GetSystemMetrics
EndPaint
BeginPaint
RegisterClassA
SetActiveWindow
LoadCursorA
SetWindowTextA
GetClassInfoA

secur32

SecDeleteUserModeContext

winmm

timeGetTime

wsock32

inet_ntoa
gethostbyname
ntohl
htonl
send
ntohs
ioctlsocket
gethostname
inet_addr
htons
socket
WSAGetLastError
setsockopt
connect
WSAAsyncSelect
closesocket
WSACleanup
WSAStartup
recv

d3d8

Direct3DCreate8

mss32

_AIL_shutdown@0
_AIL_set_redist_directory@4
_AIL_startup@0
_AIL_quick_startup@20
_AIL_quick_handles@12
_AIL_set_digital_master_room_type@8
_AIL_set_DirectSound_HWND@8
_AIL_enumerate_3D_providers@12
_AIL_open_3D_provider@4
_AIL_open_3D_listener@4
_AIL_set_3D_orientation@28
_AIL_set_3D_sample_loop_count@8
_AIL_set_3D_position@16
_AIL_quick_set_volume@12
_AIL_quick_halt@4
_AIL_end_3D_sample@4
_AIL_pause_stream@8
_AIL_set_3D_sample_volume@8
_AIL_set_stream_volume_levels@12
_AIL_quick_play@8
_AIL_set_stream_position@8
_AIL_start_stream@4
_AIL_quick_status@4
_AIL_3D_sample_status@4
_AIL_stream_status@4
_AIL_file_read@8
_AIL_file_type@8
_AIL_decompress_ASI@24
_AIL_WAV_info@8
_AIL_decompress_ADPCM@12
_AIL_quick_load_mem@8
_AIL_allocate_3D_sample_handle@4
_AIL_set_3D_sample_file@8
_AIL_open_stream@12
_AIL_set_stream_loop_count@8
_AIL_mem_free_lock@4
_AIL_quick_unload@4
_AIL_release_3D_sample_handle@4
_AIL_close_stream@4
_AIL_start_3D_sample@4

ole32

CoInitialize
CLSIDFromString
CoCreateInstance
CoUninitialize

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 246KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 135KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zero
Size: - Virtual size: 4.3MB

.as_0001
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zero
Size: - Virtual size: 1.3MB

.as_0002
Size: 114KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zero
Size: - Virtual size: 8KB

.as_0003
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dbfb2b9b8b904df25f95695cb80c1003

Headers

File Characteristics

Imports

advapi32

dinput8

gdi32

imm32

kernel32

oleaut32

shell32

user32

secur32

winmm

wsock32

d3d8

mss32

ole32

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.data Size: 246KB - Virtual size: 248KB

Size: 135KB - Virtual size: 1.6MB

.rsrc Size: 28KB - Virtual size: 28KB

.idata Size: 7KB - Virtual size: 8KB

.zero Size: - Virtual size: 4.3MB

.as_0001 Size: 512B - Virtual size: 4KB

.zero Size: - Virtual size: 1.3MB

.as_0002 Size: 114KB - Virtual size: 120KB

.zero Size: - Virtual size: 8KB

.as_0003 Size: 32KB - Virtual size: 32KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.data
Size: 246KB - Virtual size: 248KB

.rsrc
Size: 28KB - Virtual size: 28KB

.idata
Size: 7KB - Virtual size: 8KB

.zero
Size: - Virtual size: 4.3MB

.as_0001
Size: 512B - Virtual size: 4KB

.zero
Size: - Virtual size: 1.3MB

.as_0002
Size: 114KB - Virtual size: 120KB

.zero
Size: - Virtual size: 8KB

.as_0003
Size: 32KB - Virtual size: 32KB