022956215885561d2deb9fd1577dc522

Sharing

Copy URL Twitter E-mail

General

Target

022956215885561d2deb9fd1577dc522
Size

1.3MB
MD5

022956215885561d2deb9fd1577dc522
SHA1

d80a69c3deb6113385b5d3d06f234d68c906f93d
SHA256

6cafb97ff1a03c72f337002a1cd8d8685b321ea00ea45a3d94c6e2ca9bd81d3a
SHA512

4074917aab27e0390115d0abca24fbc27facecca7068eac6ab7a033692025ba552371f1c79649bacfc6df86017d48daa7f0f2f1ded90276276f755da036a4429
SSDEEP

24576:itLBSqwr6KOl/iTf0xeSws2Bx1Xsp3rrW5mXUWj84pJfDMBBnAQgwAQgwAgT:itLBSqwr6KO/re1XsBrrW5mXtFuBBnAX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
022956215885561d2deb9fd1577dc522

Files

022956215885561d2deb9fd1577dc522
.exe windows:4 windows x86 arch:x86

0d4635d1a64a56c834879eeb032e0eb6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ddraw

DirectDrawCreateEx

imm32

ImmCreateContext
ImmAssociateContext
ImmGetOpenStatus
ImmSetOpenStatus
ImmGetCompositionStringA
ImmGetCandidateListA
ImmReleaseContext
ImmGetConversionStatus

wsock32

WSAGetLastError
send
socket
inet_ntoa
closesocket
htons
ioctlsocket
gethostbyname
connect
setsockopt
WSACleanup
WSAStartup
select
__WSAFDIsSet
recv

kernel32

FreeLibrary
GetProcAddress
OutputDebugStringA
LoadLibraryA
ExitThread
WaitForMultipleObjects
CreateThread
CreateEventA
CopyFileA
DeleteFileA
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
ReleaseMutex
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
HeapSize
SetHandleCount
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
IsBadWritePtr
HeapReAlloc
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileAttributesA
RtlUnwind
GetVersion
GetCommandLineA
GetStartupInfoA
SetCurrentDirectoryA
GetCurrentDirectoryA
SetEnvironmentVariableA
TerminateProcess
GetFileType
FileTimeToLocalFileTime
Sleep
GetFileSize
MultiByteToWideChar
GlobalHandle
GlobalFree
CreateFileA
WriteFile
CloseHandle
FileTimeToSystemTime
InterlockedIncrement
GlobalAlloc
lstrcpyA
GlobalLock
GlobalUnlock
GetTickCount
FreeEnvironmentStringsA
CompareStringW
CompareStringA
RaiseException
IsBadCodePtr
InterlockedDecrement
GetSystemTime
GetTimeZoneInformation
FlushFileBuffers
PeekNamedPipe
WideCharToMultiByte
SetEvent
InitializeCriticalSection
SetUnhandledExceptionFilter
DeleteCriticalSection
SetEndOfFile
GetLocalTime
ResumeThread
ResetEvent
GetModuleHandleA
GetExitCodeProcess
CreateProcessA
ReadFile
SetFilePointer
WaitForSingleObject
OpenEventA
GetModuleFileNameA
lstrcatA
GetLastError
CreateDirectoryA
GetCurrentThreadId
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
GetVersionExA
OpenMutexA
TerminateThread
CreateMutexA
GetComputerNameA
lstrlenA
lstrcmpA
ExitProcess
QueryPerformanceCounter
IsBadReadPtr
GetSystemDirectoryA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
VirtualAlloc
VirtualFree
LoadLibraryExA
GetTempFileNameA
GetTempPathA
HeapFree
GetProcessHeap
HeapAlloc
GetFileInformationByHandle
DuplicateHandle
GetCurrentProcess
SetStdHandle
CreatePipe
GetStdHandle

user32

GetClipboardData
CloseClipboard
wsprintfA
MessageBoxA
GetAsyncKeyState
GetCursorPos
ScreenToClient
DestroyWindow
PostQuitMessage
SetCursor
DefWindowProcA
PeekMessageA
TranslateMessage
DispatchMessageA
AdjustWindowRectEx
ShowWindow
CreateWindowExA
SetWindowLongA
SetWindowPos
UpdateWindow
SetSysColors
GetSysColor
LoadIconA
LoadCursorA
RegisterClassA
SetWindowTextA
GetKeyboardState
PostMessageA
ShowCursor
SetRect
ClientToScreen
GetClientRect
OffsetRect
GetDC
ReleaseDC
OpenClipboard

gdi32

GetDIBits
BitBlt
DeleteObject
SetBkMode
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetStockObject
GetDeviceCaps
SetTextColor
TextOutA
CreateFontA

shell32

ShellExecuteA

ole32

CoCreateInstance
CoInitialize

dsound

ord1

winmm

timeGetTime
mmioOpenA
mciSendCommandA
mmioDescend
mmioRead
mmioAscend
mmioClose

ws2_32

WSASend

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetReadFile

advapi32

RegCloseKey
CryptAcquireContextA
CryptGetHashParam
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameA
CryptReleaseContext
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
CryptDeriveKey
CryptDecrypt
CryptImportKey
CryptCreateHash
CryptHashData
CryptVerifySignatureA
CryptDestroyHash
CryptDestroyKey
RegEnumValueA

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 244KB - Virtual size: 9.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.MaskPE
Size: 512B - Virtual size: 76B

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d4635d1a64a56c834879eeb032e0eb6

Headers

File Characteristics

Imports

ddraw

imm32

wsock32

kernel32

user32

gdi32

shell32

ole32

dsound

winmm

ws2_32

wininet

advapi32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 244KB - Virtual size: 9.7MB

.rsrc Size: 8KB - Virtual size: 7KB

.MaskPE Size: 512B - Virtual size: 76B

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 244KB - Virtual size: 9.7MB

.rsrc
Size: 8KB - Virtual size: 7KB

.MaskPE
Size: 512B - Virtual size: 76B