c603c1a26e356898af6de4fc87ac548b

Sharing

Copy URL Twitter E-mail

General

Target

c603c1a26e356898af6de4fc87ac548b
Size

1.6MB
MD5

c603c1a26e356898af6de4fc87ac548b
SHA1

6c24a2e61cba607af0ff6dc9dc095f0fbc817ecf
SHA256

d2a4fb6b667ab387e367df2342ceb7a5735514674472958c9f29e79b4cafc62b
SHA512

18adf08c2bd11ff9eabe6f07ab46ecab002dcc56519b026f1401455ddc8be734b04e4bf742940b58459465f19470aa6c10182ed1add51a4d9e455b6bbf3e4b3c
SSDEEP

49152:1IQ/iEjiyMGM/FN5zlYvZCIGDmN/IFcYtOqzBl8zivs:1IQ/iEjHjM/bBaN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c603c1a26e356898af6de4fc87ac548b

Files

c603c1a26e356898af6de4fc87ac548b
.exe windows:4 windows x86 arch:x86

622417a9d8f6a7a2f1e261121b7b7df2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiInGetNumDevs
midiInOpen
joyGetDevCapsA
midiInStart
midiInGetDevCapsA
joyGetPosEx
midiInClose
timeEndPeriod
timeGetTime
timeBeginPeriod
joyGetNumDevs

wsock32

send
closesocket
socket
bind
recv
WSACleanup
sendto
setsockopt
htons
WSAGetLastError
ioctlsocket
ntohl
recvfrom
WSAStartup
connect
gethostname
inet_ntoa
gethostbyname

mss32

_AIL_set_sample_ms_position@8
_AIL_start_3D_sample@4
_AIL_end_sample@4
_AIL_enumerate_3D_providers@12
_AIL_set_sample_adpcm_block_size@8
_AIL_set_3D_position@16
_AIL_allocate_3D_sample_handle@4
_AIL_set_3D_sample_offset@8
_AIL_open_stream@12
_AIL_set_3D_sample_playback_rate@8
_AIL_end_3D_sample@4
_AIL_set_3D_sample_volume@8
_AIL_stop_3D_sample@4
_AIL_set_stream_ms_position@8
_AIL_open_3D_provider@4
_AIL_resume_3D_sample@4
_AIL_3D_position@16
_AIL_stream_status@4
_AIL_sample_playback_rate@4
_AIL_load_sample_buffer@16
_AIL_sample_volume_pan@12
_AIL_set_3D_sample_preference@12
_AIL_set_preference@8
_AIL_sample_ms_position@12
_AIL_release_sample_handle@4
_AIL_set_DirectSound_HWND@8
_AIL_3D_sample_length@4
_AIL_set_redist_directory@4
_AIL_sample_buffer_ready@4
_AIL_3D_sample_playback_rate@4
_AIL_close_3D_provider@4
_AIL_stream_playback_rate@4
_AIL_set_file_callbacks@16
_AIL_start_stream@4
_AIL_stream_volume_pan@12
_AIL_set_sample_type@12
_AIL_last_error@0
_AIL_set_stream_volume_pan@12
_AIL_set_3D_distance_factor@8
_AIL_3D_sample_volume@4
_AIL_pause_stream@8
_AIL_set_sample_address@12
_AIL_set_3D_sample_info@8
_AIL_start_sample@4
_AIL_process_digital_audio@24
_AIL_WAV_info@8
_AIL_set_stream_loop_count@8
_AIL_set_sample_playback_rate@8
_AIL_set_sample_loop_count@8
_AIL_set_3D_room_type@8
_AIL_stream_ms_position@12
_AIL_stop_sample@4
_AIL_init_sample@4
_AIL_allocate_sample_handle@4
_AIL_3D_sample_status@4
_AIL_resume_sample@4
_AIL_set_sample_reverb_levels@12
_AIL_3D_sample_offset@4
_AIL_shutdown@0
_AIL_set_sample_volume_pan@12
_AIL_close_stream@4
_AIL_set_3D_sample_loop_count@8
_AIL_set_stream_playback_rate@8
_AIL_sample_status@4
_AIL_3D_provider_attribute@12
_AIL_size_processed_digital_audio@16
_AIL_set_stream_reverb_levels@12
_AIL_set_3D_sample_distances@12
_AIL_open_digital_driver@16
_AIL_startup@0
_AIL_digital_CPU_percent@4
_AIL_set_3D_sample_effects_level@8
_AIL_set_3D_provider_preference@12
_AIL_set_digital_master_room_type@8
_AIL_sample_position@4
_AIL_minimum_sample_buffer_size@12

ddraw

DirectDrawEnumerateExA
DirectDrawCreateEx

kernel32

GetUserDefaultLCID
GetCPInfo
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
RaiseException
VirtualQuery
GetSystemInfo
VirtualProtect
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
RtlUnwind
GetTimeZoneInformation
SetFilePointer
GetFileType
GetStdHandle
SetHandleCount
FlushFileBuffers
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
FatalAppExitA
DeleteCriticalSection
LCMapStringW
MultiByteToWideChar
GetLocaleInfoW
GetLocaleInfoA
TlsAlloc
GetCurrentThread
TlsGetValue
TlsSetValue
SetLastError
TlsFree
GetCommandLineA
GetStartupInfoA
HeapReAlloc
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
TerminateProcess
ExitProcess
GetFullPathNameA
CreateDirectoryA
FindNextFileA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
MoveFileA
GetSystemDirectoryA
GetCurrentProcessId
CloseHandle
SetConsoleCtrlHandler
GetTempPathA
DeleteFileA
MulDiv
EnumSystemLocalesA
IsValidLocale
SetEnvironmentVariableW
IsValidCodePage
GetACP
GetOEMCP
CompareStringA
CompareStringW
SetEnvironmentVariableA
InitializeCriticalSection
SetStdHandle
GetTickCount
LCMapStringA
SetEndOfFile
GetVersionExA
Module32Next
CreateToolhelp32Snapshot
GetCurrentDirectoryA
GetModuleFileNameA
SetUnhandledExceptionFilter
WideCharToMultiByte
IsBadCodePtr
GetCurrentThreadId
GetFileAttributesA
SetFileAttributesA
FreeLibrary
GetProcAddress
LoadLibraryA
GlobalMemoryStatus
QueryPerformanceCounter
Sleep
GetModuleHandleA
QueryPerformanceFrequency
CreateFileA
SetErrorMode
GlobalSize
GlobalLock
WaitForSingleObject
SetThreadExecutionState
IsBadReadPtr
FormatMessageA
WriteFile
GetDriveTypeA
OpenProcess
CreateProcessA
ReadFile
GlobalUnlock
Module32First
GetLastError
CopyFileA
GetTempFileNameA

user32

MapVirtualKeyA
SystemParametersInfoA
MoveWindow
EnumDisplaySettingsA
SetForegroundWindow
UnregisterHotKey
RegisterWindowMessageA
EnumThreadWindows
ChangeDisplaySettingsA
GetDesktopWindow
ReleaseDC
GetWindowLongA
SetWindowLongA
GetWindowTextA
GetDC
CreateWindowExA
MessageBoxA
DestroyWindow
GetSystemMetrics
ReleaseCapture
ClipCursor
GetCursorPos
SetCursorPos
ShowCursor
SetCapture
GetWindowRect
OpenClipboard
DispatchMessageA
ShowWindow
PeekMessageA
GetClipboardData
GetForegroundWindow
TranslateMessage
SetFocus
wsprintfA
CloseClipboard
GetMessageA
RegisterClassA
LoadCursorA
UpdateWindow
LoadImageA
SetWindowPos
DefWindowProcA
SendMessageA
LoadIconA
AdjustWindowRect
CallWindowProcA
CloseWindow
SetWindowTextA
InvalidateRect
PostQuitMessage
SetTimer
RegisterHotKey

gdi32

SetDeviceGammaRamp
ChoosePixelFormat
DeleteDC
DescribePixelFormat
CreateSolidBrush
SetBkColor
GetDeviceCaps
CreateFontA
SetTextColor
GetDeviceGammaRamp
SwapBuffers
SetPixelFormat

advapi32

RegCreateKeyA
GetUserNameA
RegSetValueExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey

shell32

ShellExecuteA

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 52KB - Virtual size: 22.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

622417a9d8f6a7a2f1e261121b7b7df2

Headers

File Characteristics

Imports

winmm

wsock32

mss32

ddraw

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 204KB - Virtual size: 203KB

.data Size: 52KB - Virtual size: 22.8MB

.rsrc Size: 76KB - Virtual size: 76KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 204KB - Virtual size: 203KB

.data
Size: 52KB - Virtual size: 22.8MB

.rsrc
Size: 76KB - Virtual size: 76KB