da06b20e44962f79487731c9539614078c7ea3fb6fed635512b5b3d3de4e3302

Sharing

Copy URL Twitter E-mail

General

Target

da06b20e44962f79487731c9539614078c7ea3fb6fed635512b5b3d3de4e3302
Size

5.9MB
MD5

a22b15a995edbd8ead3b454cf2b9bb8a
SHA1

2201a44e724011cf37a311711e45ee1ef6568fbb
SHA256

da06b20e44962f79487731c9539614078c7ea3fb6fed635512b5b3d3de4e3302
SHA512

b0302a601a33f6a98456f5e213e8939a96d6dbfc5ad437049fb73419e1389b867b778535fade3e021090407ce49338633ea356bb5c9f3a77e8e763c7c5f991ae
SSDEEP

49152:G7SggDN3LeRH/wkPUixuoJ7bDHPsSwq7blmIUEgXuKXarB5Frnrs6E2idolA:uNIeuoJTsVq04g3Xm5Zs6E2idmA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
da06b20e44962f79487731c9539614078c7ea3fb6fed635512b5b3d3de4e3302

Files

da06b20e44962f79487731c9539614078c7ea3fb6fed635512b5b3d3de4e3302
.exe windows:6 windows x64 arch:x64

5ac91051d8ac3a299da029dc1a27617d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

UnmapViewOfFile
CreateFileW
ReadFile
WriteFile
SetFilePointer
GetFileSize
GetFileTime
InitializeCriticalSectionEx
TryEnterCriticalSection
CreateWaitableTimerW
SetWaitableTimer
SwitchToThread
QueryPerformanceFrequency
QueryPerformanceCounter
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
FindFirstFileW
FindNextFileW
FindClose
SetFileAttributesW
CopyFileW
MoveFileExW
DeleteFileW
GetLocalTime
GetCommandLineW
GetTickCount
CreateMutexW
ReleaseMutex
GetSystemTime
SystemTimeToFileTime
CompareFileTime
SystemTimeToTzSpecificLocalTime
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThreadId
SetFilePointerEx
WaitForMultipleObjects
MapViewOfFile
GetLastError
CreateFileMappingW
WriteConsoleW
HeapSize
SetStdHandle
GetProcessHeap
WaitForSingleObject
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
HeapAlloc
HeapFree
GetStdHandle
ExitProcess
GetModuleHandleExW
ExitThread
RaiseException
RtlPcToFileHeader
RtlUnwindEx
LoadLibraryW
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
GetCurrentProcessId
GetSystemInfo
ResetEvent
WaitForSingleObjectEx
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
Sleep
SetThreadPriority
InitializeCriticalSectionAndSpinCount
OutputDebugStringW
OutputDebugStringA
GetFileAttributesW
GetUserDefaultUILanguage
LocalFree
CloseHandle
InitializeCriticalSection
CreateEventW
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
LoadLibraryExW
GetModuleHandleA
FreeLibraryAndExitThread
FreeLibrary
GetThreadTimes
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
SetEvent
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
CreateThread
SignalObjectAndWait
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount64
GetCPInfo
GetStringTypeW
GetLocaleInfoW
FormatMessageW
CreateDirectoryW
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
SetLastError
GetModuleHandleW
GetProcAddress
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
LCMapStringW

user32

GetDC
SetRect
SetTimer
KillTimer
AdjustWindowRectEx
GetClientRect
GetWindowRect
GetAsyncKeyState
BringWindowToTop
SetForegroundWindow
EnumDisplayMonitors
MonitorFromWindow
GetMonitorInfoW
FillRect
SetWindowLongPtrW
MoveWindow
BeginPaint
EndPaint
LoadImageW
GetSystemMetrics
MessageBoxW
PostMessageW
GetCursorPos
ScreenToClient
GetForegroundWindow
ReleaseDC
DialogBoxParamW
IsIconic
PostQuitMessage
ShowCursor
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
SetWindowTextW
UpdateWindow
ShowWindow
CreateWindowExW
RegisterClassExW
LoadCursorW
LoadIconW
DestroyWindow
DefWindowProcW
FindWindowW

gdi32

GetTextExtentPoint32W
GetTextMetricsW
GetGlyphOutlineW
GetCharacterPlacementW
GetCharABCWidthsFloatW
TextOutW
GetObjectW
GetDeviceCaps
CreateCompatibleDC
CreateFontW
GetOutlineTextMetricsW
DeleteDC
DeleteObject
SelectObject
EnumFontFamiliesExW
CreateDIBSection
GetStockObject

shell32

CommandLineToArgvW

ole32

CoInitializeEx
CoTaskMemAlloc
PropVariantClear
CoUninitialize

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

timeGetDevCaps
timeBeginPeriod
timeEndPeriod
timeGetTime

d3d9

Direct3DCreate9

xinput1_4

ord2

mf

MFCreateMediaSession
MFCreateVideoRendererActivate
MFCreateTopologyNode
MFCreateAudioRendererActivate
MFCreateTopology

mfplat

MFStartup
MFShutdown
MFCreateSourceResolver
MFCreateFile
MFCreateMFByteStreamOnStream

steam_api64

SteamInternal_CreateInterface
SteamInternal_ContextInit
SteamInternal_FindOrCreateUserInterface
SteamAPI_GetHSteamUser
SteamAPI_RunCallbacks
SteamAPI_RestartAppIfNecessary
SteamAPI_Init
SteamAPI_Shutdown
SteamAPI_UnregisterCallback
SteamAPI_RegisterCallback

dsound

ord11

Exports

Exports

??4SThreadParam@@QEAAAEAU0@$$QEAU0@@Z
??4SThreadParam@@QEAAAEAU0@AEBU0@@Z

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 920KB - Virtual size: 919KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.7MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bind
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ac91051d8ac3a299da029dc1a27617d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

version

winmm

d3d9

xinput1_4

mf

mfplat

steam_api64

dsound

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 920KB - Virtual size: 919KB

.data Size: 2.7MB - Virtual size: 2.8MB

.pdata Size: 73KB - Virtual size: 72KB

_RDATA Size: 3KB - Virtual size: 2KB

.rsrc Size: 130KB - Virtual size: 130KB

.reloc Size: 42KB - Virtual size: 41KB

.bind Size: 202KB - Virtual size: 202KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 920KB - Virtual size: 919KB

.data
Size: 2.7MB - Virtual size: 2.8MB

.pdata
Size: 73KB - Virtual size: 72KB

_RDATA
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 130KB - Virtual size: 130KB

.reloc
Size: 42KB - Virtual size: 41KB

.bind
Size: 202KB - Virtual size: 202KB