5d75f7393248a816eb6c551bdc6dd099a90ae2dc946069d754beff82f188bf0f

Sharing

Copy URL Twitter E-mail

General

Target

5d75f7393248a816eb6c551bdc6dd099a90ae2dc946069d754beff82f188bf0f
Size

3.4MB
MD5

1793c2f68893a3bc69ea5250eea3ffc5
SHA1

482a02543e7c83d13d810359a7e74b141a7fea19
SHA256

5d75f7393248a816eb6c551bdc6dd099a90ae2dc946069d754beff82f188bf0f
SHA512

2263339f6afe713a2818276ca8699d794726406d3349b0d5ee4975462b6f63936a8a5a0a8fadc0b06b5d236205e22e5cf31363dd7de00dec8ea397cac4a31e9d
SSDEEP

49152:W6NNM0n1XtEG2iL+xlY2Dn38MZbb7qysvxqHeBsJ5t1vjKR0Zo4sGu:W6KFka3Dn384zWxqHeX4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5d75f7393248a816eb6c551bdc6dd099a90ae2dc946069d754beff82f188bf0f

Files

5d75f7393248a816eb6c551bdc6dd099a90ae2dc946069d754beff82f188bf0f
.exe windows:5 windows x86 arch:x86

230b94b77c3765497f9c0496894b0b21

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WakeConditionVariable
InitializeConditionVariable
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetExitCodeThread
GlobalFree
DeleteFileA
GetPrivateProfileStringA
lstrlenA
GetCurrentDirectoryA
MoveFileA
GetLocalTime
FindClose
FindNextFileA
FindFirstFileA
SetFileAttributesA
GetModuleFileNameA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetEvent
GetSystemInfo
GetCurrentDirectoryW
MultiByteToWideChar
Module32Next
Module32First
GetCurrentProcessId
GetLastError
FreeLibrary
WaitForSingleObject
LoadLibraryExA
WriteConsoleW
SetEndOfFile
HeapSize
CreateDirectoryW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WakeAllConditionVariable
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
HeapReAlloc
SetStdHandle
CreateProcessW
GetExitCodeProcess
GetFileAttributesExW
FlushFileBuffers
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
GetStdHandle
GetFileType
FreeLibraryAndExitThread
ExitThread
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RaiseException
InterlockedPushEntrySList
RtlUnwind
QueryPerformanceFrequency
WaitNamedPipeW
PeekNamedPipe
GetModuleFileNameW
SetLastError
GetSystemTimeAsFileTime
GetCurrentThreadId
GetStartupInfoW
IsDebuggerPresent
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
SleepConditionVariableCS
GetCommandLineW
SleepConditionVariableSRW
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
InitializeSListHead
GetCPInfo
GetTickCount
ReadProcessMemory
Process32Next
OpenProcess
Process32First
CreateToolhelp32Snapshot
GetModuleHandleA
GetProcAddress
GetCurrentProcess
TerminateProcess
CreateThread
Sleep
HeapFree
GetProcessHeap
LCMapStringEx
InitializeCriticalSectionEx
DecodePointer
EncodePointer
GetStringTypeW
CreateFileW
IsProcessorFeaturePresent
HeapValidate
QueryPerformanceCounter
ReleaseSemaphore
GetLocaleInfoA
CompareStringA
WideCharToMultiByte
lstrlenW
GlobalLock
GlobalUnlock
LoadLibraryA
GetVersionExA
GetSystemDirectoryA
WriteFile
ReadFile
OutputDebugStringA
WinExec
GetCurrentThread
SetUnhandledExceptionFilter
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetFileSize
GlobalAlloc
CreateDirectoryA
HeapAlloc
CloseHandle
DeviceIoControl
FindFirstFileExW
CreateFileA

user32

ReleaseCapture
ChangeDisplaySettingsA
GetCapture
GetSystemMetrics
LoadStringA
CharPrevExA
SetCursorPos
SetCursor
CharNextExA
ShowCursor
DestroyCursor
LoadImageA
GetKeyState
FlashWindowEx
SystemParametersInfoA
SetWindowPos
LoadIconA
FindWindowA
ScreenToClient
GetCursorPos
PostQuitMessage
GetAsyncKeyState
SetRect
OffsetRect
ClientToScreen
PeekMessageA
ReleaseDC
FillRect
GetDC
CharNextW
InvalidateRect
GetWindowTextA
WindowFromPoint
SendMessageA
FindWindowExA
UnregisterClassA
DestroyWindow
IsWindow
MoveWindow
SetFocus
UpdateWindow
ShowWindow
GetClientRect
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
RegisterClassA
GetMenu
SetWindowTextA
AdjustWindowRectEx
GetWindowLongA
SetWindowLongA
LoadCursorA
GetMessageA
TranslateMessage
SetCapture
DispatchMessageA
GetKeyboardLayoutNameA
GetClipboardData
CloseClipboard
OpenClipboard
GetKeyboardLayout

gdi32

GetStockObject
EnumFontFamiliesExA
CreateCompatibleDC
StretchBlt
DeleteObject
CreateSolidBrush
DeleteDC
SetBkMode
CreateDIBSection
TextOutA
TextOutW
SetTextColor
SetBkColor
GetTextExtentPoint32A
SelectObject
GetTextExtentPoint32W
GetCharABCWidthsFloatW
CreateFontIndirectA

advapi32

FreeSid
CryptReleaseContext
CryptAcquireContextA
RegSetValueExW
RegCreateKeyExW
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessDeniedAce
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityInfo
CryptGenRandom

shell32

SHGetSpecialFolderPathA
ShellExecuteA

ole32

CoUninitialize
CoInitialize
CoInitializeEx
CoCreateInstance

winmm

timeEndPeriod
timeBeginPeriod
timeGetTime
timeGetDevCaps

d3d8

Direct3DCreate8

python27

PyDict_Next
PyString_InternFromString
PyObject_GetAttrString
PyLong_FromLongLong
PyCallable_Check
PyLong_AsLongLong
PyFloat_AsDouble
PyString_AsString
PyErr_Clear
PyErr_BadArgument
PyObject_CallObject
PyNumber_Check
_Py_NoneStruct
PyDict_SetItemString
PyModule_GetDict
PyErr_Fetch
Py_SetProgramName
Py_Initialize
Py_Finalize
PyRun_StringFlags
PyImport_AddModule
PyImport_ImportModule
Py_IncRef
PyLong_AsLong
PyDict_GetItemString
PyTuple_Size
PyString_FromString
PyInt_AsLong
PyTuple_GetItem
PyExc_RuntimeError
PyErr_SetString
PyModule_AddIntConstant
Py_InitModule4
PyList_Append
PyList_New
Py_BuildValue
PyTuple_SetItem
PyDict_Size
PyTuple_New
PyArg_ParseTuple
PyInt_FromLong
PyObject_GetAttr
PyErr_Print

iphlpapi

GetAdaptersInfo
GetPerAdapterInfo

libcef

cef_string_multimap_free
cef_string_multimap_alloc
cef_string_multimap_append
cef_string_multimap_value
cef_string_multimap_key
cef_string_multimap_size
cef_string_map_append
cef_string_map_value
cef_string_map_key
cef_string_map_size
cef_string_list_append
cef_string_list_value
cef_string_list_size
cef_browser_host_create_browser
cef_command_line_get_global
cef_string_map_free
cef_string_map_alloc
cef_v8context_get_current_context
cef_log
cef_api_hash
cef_string_utf8_to_utf16
cef_string_utf16_clear
cef_string_utf8_clear
cef_string_utf16_to_utf8
cef_string_utf16_cmp
cef_string_utf16_set
cef_string_userfree_utf16_free
cef_string_list_alloc
cef_string_list_free
cef_register_extension
cef_execute_process
cef_initialize
cef_shutdown
cef_run_message_loop

devil

ilTexImage
ilSave
ilInit
ilSetPixels
ilShutDown
ilDeleteImages
ilCopyPixels
ilGenImages
ilBindImage
ilEnable
ilOriginFunc
ilLoad
ilGetInteger
ilConvertImage

imm32

ImmGetOpenStatus
ImmSetConversionStatus
ImmGetConversionStatus
ImmGetCandidateListW
ImmSetCompositionStringW
ImmGetCompositionStringW
ImmAssociateContext
ImmReleaseContext
ImmGetContext
ImmIsIME
ImmGetIMEFileNameA
ImmNotifyIME

imagehlp

StackWalk
GetTimestampForLoadedLibrary
EnumerateLoadedModules

shlwapi

PathFindFileNameA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

granny2

_GrannyGetWorldPose4x4@8
_GrannyFreeWorldPose@4
_GrannyNewWorldPose@4
_GrannyFindBoneByName@12
_GrannyGetMeshBindingToBoneIndices@4
_GrannyFreeMeshBinding@4
_GrannyNewMeshBinding@12
_GrannyFreeModelInstance@4
_GrannyInstantiateModel@4
_GrannyGetWorldPoseComposite4x4Array@4
_GrannyFreeLocalPose@4
_GrannyNewLocalPose@4
_GrannyUpdateModelMatrix@20
_GrannySampleModelAnimationsAccelerated@20
_GrannyFreeCompletedModelControls@4
_GrannySetModelClock@8
_GrannyGetSourceSkeleton@4
_GrannyGetFileInfo@4
_GrannyFreeFile@4
_GrannyFreeFileSection@8
_GrannyReadEntireFileFromMemory@8
_GrannyConvertSingleObject@20
_GrannyFindMatchingMember@16
_GrannyGetMaterialTextureByType@8
_GrannyMeshIsRigid@4
_GrannyGetWorldPoseComposite4x4@8
_GrannyFreeControl@4
_GrannyFreeControlOnceUnused@4
_GrannyPlayControlledAnimation@12
_GrannySetControlRawLocalClock@8
_GrannyCompleteControlAt@8
_GrannyControlIsComplete@4
_GrannyFreeControlIfComplete@4
_GrannyGetControlLoopCount@4
_GrannySetControlLoopCount@8
_GrannyGetControlSpeed@4
_GrannySetControlSpeed@8
_GrannyGetControlLocalDuration@4
_GrannySetControlEaseIn@8
_GrannyGetTotalTypeSize@4
_GrannySetControlEaseInCurve@28
_GrannySetControlEaseOut@8
_GrannyGetMeshTriangleGroupCount@4
_GrannyGetMeshTriangleGroups@4
_GrannyGetMeshVertexType@4
_GrannyCopyMeshVertices@12
_GrannyGetMeshVertices@4
_GrannyCopyMeshIndices@12
_GrannyNewMeshDeformer@16
_GrannyFreeMeshDeformer@4
_GrannyDeformVertices@24
GrannyPNT332VertexType
_GrannySetControlEaseOutCurve@28
_GrannyGetMeshIndexCount@4
_GrannyGetMeshVertexCount@4
_GrannyGetControlRawLocalClock@4

mss32

_AIL_resume_sample@4
_AIL_end_sample@4
_AIL_set_sample_volume_pan@12
_AIL_set_file_callbacks@16
_AIL_set_sample_loop_count@8
_AIL_sample_status@4
_AIL_sample_volume_pan@12
_AIL_allocate_3D_sample_handle@4
_AIL_release_3D_sample_handle@4
_AIL_start_3D_sample@4
_AIL_stop_3D_sample@4
_AIL_resume_3D_sample@4
_AIL_end_3D_sample@4
_AIL_set_3D_sample_file@8
_AIL_set_3D_sample_volume@8
_AIL_set_3D_sample_loop_count@8
_AIL_3D_sample_status@4
_AIL_3D_sample_volume@4
_AIL_auto_update_3D_position@8
_AIL_WAV_info@8
_AIL_decompress_ASI@24
_AIL_decompress_ADPCM@12
_AIL_file_type@8
_AIL_open_digital_driver@16
_AIL_mem_free_lock@4
_AIL_open_stream@12
_AIL_close_digital_driver@4
_AIL_enumerate_3D_providers@12
_AIL_open_3D_provider@4
_AIL_close_3D_provider@4
_AIL_open_3D_listener@4
_AIL_close_3D_listener@4
_AIL_set_3D_position@16
_AIL_set_3D_velocity@20
_AIL_set_3D_orientation@28
_AIL_startup@0
_AIL_shutdown@0
_AIL_set_redist_directory@4
_AIL_close_stream@4
_AIL_start_stream@4
_AIL_pause_stream@8
_AIL_set_stream_volume_levels@12
_AIL_stream_volume_levels@12
_AIL_set_stream_loop_count@8
_AIL_stream_status@4
_AIL_last_error@0
_AIL_allocate_sample_handle@4
_AIL_release_sample_handle@4
_AIL_init_sample@4
_AIL_set_sample_file@12
_AIL_start_sample@4
_AIL_stop_sample@4
_AIL_file_read@8

speedtreert

?GetGeometry@CSpeedTreeRT@@QAEXAAUSGeometry@1@KFFF@Z
?GetNumFrondLodLevels@CSpeedTreeRT@@QBEGXZ
?GetNumLeafLodLevels@CSpeedTreeRT@@QBEGXZ
?GetNumBranchLodLevels@CSpeedTreeRT@@QBEGXZ
?GetCurrentError@CSpeedTreeRT@@SAPBDXZ
?SetLodLimits@CSpeedTreeRT@@QAEXMM@Z
?SetDropToBillboard@CSpeedTreeRT@@SAX_N@Z
?SetLodLevel@CSpeedTreeRT@@QAEXM@Z
?ComputeLodLevel@CSpeedTreeRT@@QAEXXZ
?SetLocalMatrices@CSpeedTreeRT@@QAEXII@Z
?SetFrondWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetBranchWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetLeafWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetNumLeafRockingGroups@CSpeedTreeRT@@QAEXI@Z
?SetLeafRockingState@CSpeedTreeRT@@QAEX_N@Z
?GetFrondMaterial@CSpeedTreeRT@@QBEPBMXZ
?GetLeafMaterial@CSpeedTreeRT@@QBEPBMXZ
?GetBranchMaterial@CSpeedTreeRT@@QBEPBMXZ
?SetFrondLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?GetTextures@CSpeedTreeRT@@QBEXAAUSTextures@1@@Z
?SetBranchLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetTreePosition@CSpeedTreeRT@@QAEXMMM@Z
?SetTreeSize@CSpeedTreeRT@@QAEXMM@Z
?LoadTree@CSpeedTreeRT@@QAE_NPBEI@Z
?LoadTree@CSpeedTreeRT@@QAE_NPBD@Z
?MakeInstance@CSpeedTreeRT@@QAEPAV1@XZ
?Compute@CSpeedTreeRT@@QAE_NPBMI_N@Z
??3CSpeedTreeRT@@SAXPAX@Z
??2CSpeedTreeRT@@SAPAXI@Z
??1CSpeedTreeRT@@QAE@XZ
??0CSpeedTreeRT@@QAE@XZ
??1STextures@CSpeedTreeRT@@QAE@XZ
??0STextures@CSpeedTreeRT@@QAE@XZ
??1SGeometry@CSpeedTreeRT@@QAE@XZ
??0SGeometry@CSpeedTreeRT@@QAE@XZ
?SetCamera@CSpeedTreeRT@@SAXPBM0@Z
?SetLightAttributes@CSpeedTreeRT@@SAXIPBM@Z
?GetCollisionObjectCount@CSpeedTreeRT@@QAEIXZ
?GetCollisionObject@CSpeedTreeRT@@QAEXIAAW4ECollisionObjectType@1@PAM1@Z
?GetBoundingBox@CSpeedTreeRT@@QBEXPAM@Z
?SetTextureFlip@CSpeedTreeRT@@SAX_N@Z
?SetLightState@CSpeedTreeRT@@SAXI_N@Z
?SetNumWindMatrices@CSpeedTreeRT@@SAXI@Z
?SetWindStrength@CSpeedTreeRT@@QAEMMMM@Z
?SetTime@CSpeedTreeRT@@SAXM@Z
?SetLeafLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?GetTreePosition@CSpeedTreeRT@@QBEPBMXZ

dinput8

DirectInput8Create

ws2_32

gethostbyname
htons
ioctlsocket
connect
closesocket
__WSAFDIsSet
inet_addr
socket
WSACleanup
WSAGetLastError
WSAStartup
send
select
sendto
recv

ddraw

DirectDrawCreate

oleaut32

SysFreeString
VariantClear

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 482KB - Virtual size: 482KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 190KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.msvcjmc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

230b94b77c3765497f9c0496894b0b21

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

winmm

d3d8

python27

iphlpapi

libcef

devil

imm32

imagehlp

shlwapi

version

granny2

mss32

speedtreert

dinput8

ws2_32

ddraw

oleaut32

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 482KB - Virtual size: 482KB

.data Size: 190KB - Virtual size: 920KB

.data1 Size: 2KB - Virtual size: 2KB

.msvcjmc Size: 7KB - Virtual size: 6KB

.rsrc Size: 53KB - Virtual size: 53KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 482KB - Virtual size: 482KB

.data
Size: 190KB - Virtual size: 920KB

.data1
Size: 2KB - Virtual size: 2KB

.msvcjmc
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 53KB - Virtual size: 53KB