1170fdf94e927e2d6e66c1cdc7ccf77d

Sharing

Copy URL Twitter E-mail

General

Target

1170fdf94e927e2d6e66c1cdc7ccf77d
Size

2.8MB
MD5

1170fdf94e927e2d6e66c1cdc7ccf77d
SHA1

fc53291ee99ba5854f4b45d6c58380eb2a794bbc
SHA256

be6f9525e489b6725fc0a018d95d4bd6b551cfd4d962e67fc84d7fe7d58b205f
SHA512

4a35837abb236f6e12aa2c68c5d281b5d77385a82e19e0f72dad0c8ce86ebe99ba66ea45e1f45348ba2f538c5c35c900d53580007971e95730dba6f3aebecb08
SSDEEP

49152:3KaZWVe1RRAeWOG+2XAZHKOMpTd5BJCWutQN67OJwyVLZmgFNYkJxbFgeLWC4CPF:3YCSHYgTbhNguZws

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1170fdf94e927e2d6e66c1cdc7ccf77d

Files

1170fdf94e927e2d6e66c1cdc7ccf77d
.exe windows:4 windows x86 arch:x86

9dbb1ab8bbf166a2f244ec60e62d279e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

soundlib

CreateSoundLib

winmm

timeGetTime

ss3dgfuncn

_COLORtoDWORD@16
_CrossProduct@12
_CalcDistance@8
_MatrixMultiply2@12
_TransformV3TOV4@16
_TransformVector3_VPTR2@16
_Normalize@8
_VECTOR3Length@4
_WriteTGA@24
_RotatePositionWithPivot@24
_SetRotationXMatrix@8
_SetRotationYMatrix@8
_SetInverseMatrix@8

wsock32

WSAStartup
WSACleanup
gethostbyname
ioctlsocket
recv
send
WSAGetLastError
inet_addr
htons
socket
connect
closesocket

dinput8

DirectInput8Create

wininet

HttpSendRequestA
InternetReadFile
InternetQueryDataAvailable
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetCloseHandle

kernel32

IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
FindClose
FindNextFileA
DeleteFileA
RemoveDirectoryA
FindFirstFileA
CloseHandle
GetLastError
CreateFileMappingA
FileTimeToSystemTime
GetCurrentDirectoryA
GetWindowsDirectoryA
LocalAlloc
GetCurrentProcess
CreateDirectoryA
DeleteCriticalSection
GetCurrentThread
TerminateProcess
LeaveCriticalSection
GetCurrentProcessId
EnterCriticalSection
GetCurrentThreadId
CreateFileA
GetProcAddress
LoadLibraryA
GetModuleFileNameA
InitializeCriticalSection
SetUnhandledExceptionFilter
GetTickCount
Sleep
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpiA
lstrcpyA
GetLocalTime
InterlockedDecrement
DeviceIoControl
CreateProcessA
IsDBCSLeadByte
lstrlenA
MulDiv
OutputDebugStringA
lstrcatA
CompareStringW
GetLogicalDriveStringsA
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateThread
SetEnvironmentVariableA
WriteFile
SetStdHandle
GetSystemTime
FreeLibrary
SetFileAttributesA
GetTempPathA
CopyFileA
WaitForSingleObject
LocalFree
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
GetFileSize
GetModuleHandleA
OpenFile
lstrcmpA
SetCurrentDirectoryA
GetStringTypeA
GetLocaleInfoA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetFilePointer
FlushFileBuffers
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
HeapSize
SetConsoleCtrlHandler
FatalAppExitA
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetFileType
RtlUnwind
GetStdHandle
SetHandleCount
GetCPInfo
LCMapStringW
GetStartupInfoA
GetProcessHeap
GetVersionExA
GetCommandLineA
ExitThread
FileTimeToLocalFileTime
GetFileAttributesA
IsDebuggerPresent
UnhandledExceptionFilter
HeapAlloc
HeapFree
CompareStringA
SetEndOfFile
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
GlobalFree
CreateFileW
lstrlenW
InterlockedIncrement
RaiseException
ReadFile
ExitProcess
InterlockedExchange
QueryDosDeviceA
GetSystemDefaultLangID
GetSystemTimeAsFileTime

user32

MessageBoxA
wsprintfA
EndDialog
ShowCursor
UpdateWindow
ShowWindow
CreateWindowExA
GetSystemMetrics
DefWindowProcA
PostMessageW
SetCapture
ReleaseCapture
GetCursorPos
ScreenToClient
IsClipboardFormatAvailable
GetClipboardData
GetActiveWindow
SetWindowsHookExA
GetAsyncKeyState
UnhookWindowsHookEx
CallNextHookEx
CharNextA
CharPrevA
ReleaseDC
OffsetRect
SetCursor
LoadCursorFromFileA
CopyRect
GetClientRect
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SendMessageA
SetRect
PostMessageA
GetDC
PeekMessageA
TranslateMessage
DispatchMessageA
LoadIconA
RegisterClassExA

gdi32

RemoveFontMemResourceEx
GetDeviceCaps
SelectObject
GetTextExtentPoint32A
CreateFontIndirectA
DeleteObject
GetStockObject
AddFontMemResourceEx

advapi32

AllocateAndInitializeSid
GetTokenInformation
InitializeAcl
AddAccessDeniedAce
AddAccessAllowedAce
SetSecurityInfo
FreeSid
OpenThreadToken
OpenProcessToken
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegCloseKey
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

ShellExecuteA

ole32

CoFreeUnusedLibraries
CoInitializeEx
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CoInitialize

oleaut32

GetErrorInfo
SysAllocString
SysFreeString
VariantClear
VariantInit
VariantChangeType
SetErrorInfo
CreateErrorInfo

freeimage

_FreeImage_Load@12
_FreeImage_SaveJPEG@12
_FreeImage_GetInfo@4
_FreeImage_Unload@4
_FreeImage_GetBits@4
_FreeImage_ConvertTo16Bits565@4

iphlpapi

GetAdaptersInfo

psapi

GetProcessImageFileNameA

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 700KB - Virtual size: 912KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9dbb1ab8bbf166a2f244ec60e62d279e

Headers

File Characteristics

Imports

soundlib

winmm

ss3dgfuncn

wsock32

dinput8

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

freeimage

iphlpapi

psapi

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 236KB - Virtual size: 235KB

.data Size: 700KB - Virtual size: 912KB

.rsrc Size: 36KB - Virtual size: 35KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 236KB - Virtual size: 235KB

.data
Size: 700KB - Virtual size: 912KB

.rsrc
Size: 36KB - Virtual size: 35KB