53b78b0006dffc5688dcbd191745a98f[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

53b78b0006dffc5688dcbd191745a98f.bin
Size

376.9MB
MD5

53b78b0006dffc5688dcbd191745a98f
SHA1

939c3046a71c18d4ee186f47710232c532727639
SHA256

f25391ac9d52954bcbf3ac36de1490667a90b47c0314a273f834c82293b2e0bb
SHA512

5ce38bf9f502d265df1ae9f4d1e4e391a6223e2ad25b7bf4949709bb6cd49d4602d457ba6e55289e1c0a94c9b427c6208e66bb8fa97e48c21c8df82a127b31b6
SSDEEP

6291456:Rkb0hkJrH7jySeAOWH6EZdiQk19nDf0vNIyZyRzLIajeVYfh47tjlihHgQZSj5tA:Rkb0++AfkznDf06kyRPIQeVq6thimUk6

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Stardew.Valley.v1.5-SiMPLEX/SIMPLEX.EXE
unpack001/Stardew.Valley.v1.5-SiMPLEX/bassmod.dll
unpack001/Stardew.Valley.v1.5-SiMPLEX/unarc.exe

Files

53b78b0006dffc5688dcbd191745a98f.bin
.zip

Password: infected
Stardew.Valley.v1.5-SiMPLEX/IGG-GAMES.COM.url
.url
Stardew.Valley.v1.5-SiMPLEX/ONEHACK.US.url
.url
Stardew.Valley.v1.5-SiMPLEX/PCGAMESTORRENTS.COM.url
.url
Stardew.Valley.v1.5-SiMPLEX/README.txt
Stardew.Valley.v1.5-SiMPLEX/SIMPLEX.EXE
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Stardew.Valley.v1.5-SiMPLEX/SIMPLEX.INI
Stardew.Valley.v1.5-SiMPLEX/Simplex.bin
Stardew.Valley.v1.5-SiMPLEX/bassmod.dll
.dll windows:4 windows x86 arch:x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BASSMOD_ErrorGetCode
BASSMOD_Free
BASSMOD_GetCPU
BASSMOD_GetDeviceDescription
BASSMOD_GetVersion
BASSMOD_GetVolume
BASSMOD_Init
BASSMOD_MusicDecode
BASSMOD_MusicFree
BASSMOD_MusicGetLength
BASSMOD_MusicGetName
BASSMOD_MusicGetPosition
BASSMOD_MusicGetVolume
BASSMOD_MusicIsActive
BASSMOD_MusicLoad
BASSMOD_MusicPause
BASSMOD_MusicPlay
BASSMOD_MusicPlayEx
BASSMOD_MusicRemoveSync
BASSMOD_MusicSetAmplify
BASSMOD_MusicSetPanSep
BASSMOD_MusicSetPosition
BASSMOD_MusicSetPositionScaler
BASSMOD_MusicSetSync
BASSMOD_MusicSetVolume
BASSMOD_MusicStop
BASSMOD_SetVolume

Sections

Size: 31KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Stardew.Valley.v1.5-SiMPLEX/simplex.nfo
Stardew.Valley.v1.5-SiMPLEX/unarc.exe
.exe windows:4 windows x86 arch:x86

Password: infected

90d9d707df05ee9dfd38b12bc913503a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW

kernel32

AddAtomA
CloseHandle
CreateEventW
CreateFileW
CreateProcessW
CreateSemaphoreA
CreateSemaphoreW
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindAtomA
GetAtomNameA
GetCommandLineW
GetConsoleTitleW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetExitCodeProcess
GetFileAttributesW
GetLastError
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetProcessTimes
GetProcessWorkingSetSize
GetStartupInfoW
GetSystemInfo
GetTempPathW
GetThreadPriority
GetThreadTimes
GetTickCount
GlobalMemoryStatus
GlobalMemoryStatusEx
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
LoadLibraryW
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseSemaphore
ResetEvent
SetConsoleTitleW
SetEvent
SetFileAttributesW
SetFileTime
SetLastError
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualAlloc
VirtualFree
WaitForSingleObject
lstrlenW

msvcrt

_close
_read
_stricmp
_write
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_beginthreadex
_cexit
_filelengthi64
_flsbuf
_iob
_isctype
_lrotr
_lseeki64
_onexit
_pctype
_setmode
_waccess
_wmkdir
_wopen
_wremove
_wrename
_wrmdir
abort
atexit
calloc
exit
fprintf
free
gets
gmtime
localtime
longjmp
malloc
memchr
memcpy
memmove
memset
printf
puts
qsort
realloc
signal
sprintf
sscanf
strcat
strchr
strcmp
strcpy
strftime
strlen
strncmp
strncpy
strstr
tolower
wcschr
wcscmp
wcscpy
wcslen
wcsrchr

ole32

CoInitializeEx

shell32

CommandLineToArgvW
SHGetFolderPathW
ShellExecuteExW

user32

CharToOemW
ExitWindowsEx
GetActiveWindow
GetCapture
GetCaretPos
GetClipboardOwner
GetClipboardViewer
GetCursorPos
GetDesktopWindow
GetFocus
GetInputState
GetMessagePos
GetMessageTime
GetOpenClipboardWindow
GetProcessWindowStation
OemToCharW

Sections

.text
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 741KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 132KB - Virtual size: 131KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 512B - Virtual size: 12B

Password: infected

Headers

File Characteristics

Exports

Exports

Sections

Size: 31KB - Virtual size: 68KB

Size: 2KB - Virtual size: 1KB

Password: infected

90d9d707df05ee9dfd38b12bc913503a

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

ole32

shell32

user32

Sections

.text Size: 183KB - Virtual size: 182KB

.data Size: 5KB - Virtual size: 5KB

.rdata Size: 15KB - Virtual size: 14KB

.bss Size: - Virtual size: 741KB

.idata Size: 4KB - Virtual size: 4KB

.text
Size: 132KB - Virtual size: 131KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 183KB - Virtual size: 182KB

.data
Size: 5KB - Virtual size: 5KB

.rdata
Size: 15KB - Virtual size: 14KB

.bss
Size: - Virtual size: 741KB

.idata
Size: 4KB - Virtual size: 4KB