15af1067e9fa7acc85777a1a01ca64a5b436142d8721e80f0912c78507da21ae

Sharing

Copy URL

Twitter E-mail

General

Target

15af1067e9fa7acc85777a1a01ca64a5b436142d8721e80f0912c78507da21ae
Size

4.3MB
MD5

cd5a582f1f3e5a59f6488899b87dc0c2
SHA1

538018b6f4cd63d5ba752eceebead97f2ab0033e
SHA256

15af1067e9fa7acc85777a1a01ca64a5b436142d8721e80f0912c78507da21ae
SHA512

5f5f0c4a3d954866541b7550436a0c29a21f6565854328791fe84c4902b5d46b626fc189e429909033671ba2ba16b23fc4c61e6907b6a324d5d2777e9e85e433
SSDEEP

98304:+D+bAbbkhfYfzQYO+bNb26nFlwlBiBsbO9IHa5HJ:NbAPk1qsuNLw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15af1067e9fa7acc85777a1a01ca64a5b436142d8721e80f0912c78507da21ae

Files

15af1067e9fa7acc85777a1a01ca64a5b436142d8721e80f0912c78507da21ae
.exe windows:6 windows x86 arch:x86

3000d38cb8156e04788aa1861e82da56

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
OutputDebugStringW
SetStdHandle
HeapReAlloc
GetTimeZoneInformation
CreateProcessW
GetExitCodeProcess
GetFileAttributesExW
FlushFileBuffers
CreateDirectoryW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FindFirstFileA
SetFileAttributesA
GetModuleFileNameA
DeleteCriticalSection
GetSystemInfo
Process32Next
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
HeapAlloc
HeapFree
WriteConsoleW
GetStdHandle
GetFileType
FreeLibraryAndExitThread
ExitThread
CreateThread
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
FreeEnvironmentStringsW
TlsAlloc
RaiseException
InterlockedPushEntrySList
RtlUnwind
SetLastError
SetEvent
IsDebuggerPresent
InitializeSListHead
TerminateProcess
UnhandledExceptionFilter
CreateEventW
ResetEvent
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
WaitNamedPipeW
PeekNamedPipe
CreateFileW
IsProcessorFeaturePresent
GetProcessHeap
HeapValidate
GetModuleHandleW
GetSystemTimeAsFileTime
GetCPInfo
CompareStringEx
LCMapStringEx
DecodePointer
SetEnvironmentVariableW
SetEndOfFile
HeapSize
FindNextFileA
FindClose
SetUnhandledExceptionFilter
GetLocalTime
MoveFileA
lstrlenA
GetCurrentDirectoryA
DeleteFileA
GlobalFree
TlsGetValue
GetPrivateProfileStringA
Sleep
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcessId
CloseHandle
GetLastError
CreateToolhelp32Snapshot
EncodePointer
QueryPerformanceFrequency
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryEnterCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetStringTypeW
GetExitCodeThread
WaitForSingleObjectEx
QueryPerformanceCounter
ReleaseSemaphore
GetLocaleInfoA
CompareStringA
WideCharToMultiByte
lstrlenW
GlobalLock
GlobalUnlock
FreeLibrary
GetVersionExA
GetSystemDirectoryA
GetModuleHandleA
WriteFile
ReadFile
LoadLibraryA
GetProcAddress
GetCurrentThreadId
OutputDebugStringA
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetFileSize
CreateFileA
GlobalAlloc
CreateDirectoryA
GetCurrentProcess
GetTickCount
GetCurrentDirectoryW
GetStartupInfoW
MultiByteToWideChar

user32

SetWindowLongA
GetWindowLongA
AdjustWindowRectEx
GetWindowRect
SetWindowTextA
GetMenu
RegisterClassA
FindWindowA
GetWindowTextLengthA
PostQuitMessage
SystemParametersInfoA
FlashWindowEx
LoadIconA
SendMessageA
GetTopWindow
GetWindowTextA
GetMessageA
TranslateMessage
DispatchMessageA
GetKeyboardLayoutNameA
GetKeyboardLayout
OpenClipboard
CloseClipboard
GetClipboardData
CharNextW
CharNextExA
CharPrevExA
GetCursorPos
GetDC
FillRect
GetAsyncKeyState
OffsetRect
ClientToScreen
PeekMessageA
SetRect
InvalidateRect
ReleaseDC
DestroyWindow
ShowWindow
IsWindow
MoveWindow
DefWindowProcA
CreateWindowExA
SetFocus
SetCursorPos
GetClientRect
UnregisterClassA
RegisterClassExA
UpdateWindow
LoadImageA
DestroyCursor
SetCursor
DestroyIcon
ShowCursor
LoadStringA
IsIconic
GetSystemMetrics
MessageBoxA
InsertMenuA
CreatePopupMenu
TrackPopupMenu
GetCapture
ChangeDisplaySettingsA
DestroyMenu
LoadCursorA
SetCapture
ReleaseCapture
ScreenToClient
SetWindowPos
IsWindowVisible
GetWindow
GetKeyState
SetForegroundWindow

gdi32

CreateCompatibleDC
SetBkColor
SetBkMode
SetTextColor
CreateDIBSection
TextOutA
CreateFontIndirectA
EnumFontFamiliesExA
GetStockObject
CreateSolidBrush
DeleteObject
GetTextExtentPoint32A
DeleteDC
SelectObject
StretchBlt
TextOutW
GetTextExtentPoint32W
GetCharABCWidthsFloatW

advapi32

RegCloseKey
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyA
RegSetValueExW
RegCreateKeyExW
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom

shell32

Shell_NotifyIconA
ShellExecuteA
SHGetSpecialFolderPathA

ole32

CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance

winmm

timeEndPeriod
timeGetDevCaps
timeGetTime
timeBeginPeriod

d3d8

Direct3DCreate8

python27

PyImport_AddModule
PyRun_StringFlags
Py_Finalize
Py_Initialize
Py_BuildValue
Py_InitModule4
PyExc_RuntimeError
PyErr_SetString
PyInt_AsLong
PyErr_Fetch
PyString_FromString
PyTuple_GetItem
PyList_New
PyList_Append
PyLong_AsLong
PyTuple_Size
PyDict_GetItemString
PyArg_ParseTuple
PyTuple_New
PyDict_SetItemString
PyDict_New
PyTuple_SetItem
PyLong_FromLongLong
PyInt_FromLong
Py_IncRef
PyDict_Size
PyDict_Next
PyObject_GetAttrString
PyDict_SetItem
PyString_AsString
PyList_SetItem
Py_SetProgramName
PyModule_AddStringConstant
PyString_InternFromString
PyObject_GetAttr
PyCallable_Check
PyLong_AsLongLong
PyLong_AsUnsignedLongLong
PyFloat_AsDouble
PyErr_Clear
PyErr_BadArgument
PyErr_Print
PyObject_CallObject
PyNumber_Check
_Py_NoneStruct
PyModule_GetDict
PyModule_AddIntConstant
PyImport_ImportModule

iphlpapi

GetAdaptersInfo

imm32

ImmGetOpenStatus
ImmSetConversionStatus
ImmGetConversionStatus
ImmGetCandidateListW
ImmSetCompositionStringW
ImmGetCompositionStringW
ImmAssociateContext
ImmReleaseContext
ImmGetContext
ImmIsIME
ImmGetIMEFileNameA
ImmNotifyIME

devil

ilConvertImage
ilDeleteImages
ilEnable
ilInit
ilShutDown
ilBindImage
ilGetInteger
ilSave
ilCopyPixels
ilSetPixels
ilTexImage
ilGenImages
ilLoad
ilOriginFunc

shlwapi

PathFindFileNameA

libcef

cef_string_multimap_free
cef_string_multimap_alloc
cef_string_multimap_append
cef_string_multimap_value
cef_string_multimap_key
cef_string_multimap_size
cef_string_map_append
cef_string_map_value
cef_string_map_key
cef_string_map_size
cef_string_list_append
cef_string_list_value
cef_string_list_size
cef_command_line_get_global
cef_string_map_free
cef_string_map_alloc
cef_browser_host_create_browser
cef_v8context_get_current_context
cef_log
cef_api_hash
cef_string_utf16_clear
cef_string_utf8_to_utf16
cef_string_utf16_cmp
cef_string_utf16_to_utf8
cef_string_utf8_clear
cef_string_ascii_to_utf16
cef_run_message_loop
cef_shutdown
cef_initialize
cef_execute_process
cef_register_extension
cef_string_list_free
cef_string_list_alloc
cef_string_userfree_utf16_free
cef_string_utf16_set

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

granny2

_GrannyGetMeshBindingToBoneIndices@4
_GrannyFreeMeshBinding@4
_GrannyNewMeshBinding@12
_GrannyFreeModelInstance@4
_GrannyInstantiateModel@4
_GrannyGetWorldPoseComposite4x4Array@4
_GrannyFreeLocalPose@4
_GrannyNewLocalPose@4
_GrannyUpdateModelMatrix@20
_GrannySampleModelAnimationsAccelerated@20
_GrannyFreeCompletedModelControls@4
_GrannySetModelClock@8
_GrannyGetSourceSkeleton@4
_GrannyGetFileInfo@4
_GrannyFreeFile@4
_GrannyFreeFileSection@8
_GrannyReadEntireFileFromMemory@8
_GrannyConvertSingleObject@20
_GrannyFindMatchingMember@16
_GrannyGetMaterialTextureByType@8
_GrannySetLogCallback@4
_GrannyGetWorldPose4x4@8
_GrannyGetWorldPoseComposite4x4@8
_GrannyGetTotalTypeSize@4
_GrannyGetMeshVertexCount@4
_GrannyMeshIsRigid@4
_GrannyGetMeshIndexCount@4
_GrannyGetSourceModel@4
_GrannyFindTrackGroupForModel@12
_GrannyFindBoneByName@12
_GrannyFreeControlOnceUnused@4
_GrannyCompleteControlAt@8
_GrannySetControlRawLocalClock@8
_GrannyGetControlRawLocalClock@4
_GrannyControlIsComplete@4
_GrannyFreeControlIfComplete@4
_GrannyGetControlLoopCount@4
_GrannySetControlLoopCount@8
_GrannyNewWorldPose@4
_GrannyGetControlSpeed@4
_GrannySetControlSpeed@8
_GrannyPlayControlledAnimation@12
_GrannyBeginControlledAnimation@8
_GrannyEndControlledAnimation@4
_GrannySetTrackGroupTarget@12
_GrannySetTrackGroupLOD@16
_GrannyGetMeshTriangleGroupCount@4
_GrannyGetMeshTriangleGroups@4
_GrannyGetMeshVertexType@4
_GrannyCopyMeshVertices@12
_GrannyGetMeshVertices@4
_GrannyCopyMeshIndices@12
_GrannySetControlEaseOutCurve@28
_GrannySetControlEaseOut@8
_GrannySetControlEaseInCurve@28
_GrannyNewMeshDeformer@16
_GrannyFreeMeshDeformer@4
_GrannyDeformVertices@24
GrannyPNT332VertexType
_GrannyGetControlLocalDuration@4
_GrannyFreeControl@4
_GrannyFreeWorldPose@4
_GrannySetControlEaseIn@8

mss32

_AIL_close_digital_driver@4
_AIL_open_stream@12
_AIL_open_3D_provider@4
_AIL_file_type@8
_AIL_decompress_ADPCM@12
_AIL_decompress_ASI@24
_AIL_WAV_info@8
_AIL_set_file_callbacks@16
_AIL_close_3D_provider@4
_AIL_file_read@8
_AIL_mem_free_lock@4
_AIL_open_3D_listener@4
_AIL_close_3D_listener@4
_AIL_set_3D_position@16
_AIL_set_3D_velocity@20
_AIL_set_3D_orientation@28
_AIL_startup@0
_AIL_shutdown@0
_AIL_set_redist_directory@4
_AIL_close_stream@4
_AIL_start_stream@4
_AIL_pause_stream@8
_AIL_set_stream_volume_levels@12
_AIL_stream_volume_levels@12
_AIL_set_stream_loop_count@8
_AIL_stream_status@4
_AIL_last_error@0
_AIL_allocate_sample_handle@4
_AIL_release_sample_handle@4
_AIL_init_sample@4
_AIL_set_sample_file@12
_AIL_start_sample@4
_AIL_stop_sample@4
_AIL_resume_sample@4
_AIL_end_sample@4
_AIL_set_sample_volume_pan@12
_AIL_set_sample_loop_count@8
_AIL_sample_status@4
_AIL_sample_volume_pan@12
_AIL_allocate_3D_sample_handle@4
_AIL_release_3D_sample_handle@4
_AIL_start_3D_sample@4
_AIL_stop_3D_sample@4
_AIL_resume_3D_sample@4
_AIL_end_3D_sample@4
_AIL_set_3D_sample_volume@8
_AIL_set_3D_sample_loop_count@8
_AIL_3D_sample_status@4
_AIL_3D_sample_volume@4
_AIL_auto_update_3D_position@8
_AIL_enumerate_3D_providers@12
_AIL_set_3D_sample_file@8
_AIL_open_digital_driver@16

speedtreert

?SetTextureFlip@CSpeedTreeRT@@SAX_N@Z
?GetTextures@CSpeedTreeRT@@QBEXAAUSTextures@1@@Z
?GetCollisionObject@CSpeedTreeRT@@QAEXIAAW4ECollisionObjectType@1@PAM1@Z
?GetNumFrondLodLevels@CSpeedTreeRT@@QBEGXZ
?GetNumLeafLodLevels@CSpeedTreeRT@@QBEGXZ
?GetBoundingBox@CSpeedTreeRT@@QBEXPAM@Z
?SetLodLimits@CSpeedTreeRT@@QAEXMM@Z
?SetDropToBillboard@CSpeedTreeRT@@SAX_N@Z
?SetLodLevel@CSpeedTreeRT@@QAEXM@Z
?ComputeLodLevel@CSpeedTreeRT@@QAEXXZ
?SetLocalMatrices@CSpeedTreeRT@@QAEXII@Z
?GetCurrentError@CSpeedTreeRT@@SAPBDXZ
?GetNumBranchLodLevels@CSpeedTreeRT@@QBEGXZ
?GetCollisionObjectCount@CSpeedTreeRT@@QAEIXZ
?GetGeometry@CSpeedTreeRT@@QAEXAAUSGeometry@1@KFFF@Z
?SetLeafRockingState@CSpeedTreeRT@@QAEX_N@Z
?SetFrondWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetBranchWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetLeafWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetNumLeafRockingGroups@CSpeedTreeRT@@QAEXI@Z
?GetFrondMaterial@CSpeedTreeRT@@QBEPBMXZ
?GetLeafMaterial@CSpeedTreeRT@@QBEPBMXZ
?GetBranchMaterial@CSpeedTreeRT@@QBEPBMXZ
?SetFrondLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetLeafLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetBranchLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetTreePosition@CSpeedTreeRT@@QAEXMMM@Z
?GetTreePosition@CSpeedTreeRT@@QBEPBMXZ
?SetTreeSize@CSpeedTreeRT@@QAEXMM@Z
?LoadTree@CSpeedTreeRT@@QAE_NPBEI@Z
?LoadTree@CSpeedTreeRT@@QAE_NPBD@Z
?MakeInstance@CSpeedTreeRT@@QAEPAV1@XZ
?Compute@CSpeedTreeRT@@QAE_NPBMI_N@Z
??3CSpeedTreeRT@@SAXPAX@Z
??2CSpeedTreeRT@@SAPAXI@Z
??1CSpeedTreeRT@@QAE@XZ
??0CSpeedTreeRT@@QAE@XZ
??1STextures@CSpeedTreeRT@@QAE@XZ
??0STextures@CSpeedTreeRT@@QAE@XZ
??1SGeometry@CSpeedTreeRT@@QAE@XZ
??0SGeometry@CSpeedTreeRT@@QAE@XZ
?SetCamera@CSpeedTreeRT@@SAXPBM0@Z
?SetLightAttributes@CSpeedTreeRT@@SAXIPBM@Z
?SetLightState@CSpeedTreeRT@@SAXI_N@Z
?SetNumWindMatrices@CSpeedTreeRT@@SAXI@Z
?SetWindStrength@CSpeedTreeRT@@QAEMMMM@Z
?SetTime@CSpeedTreeRT@@SAXM@Z

dinput8

DirectInput8Create

ws2_32

gethostbyname
sendto
WSACleanup
WSAStartup
WSAGetLastError
send
select
recv
ioctlsocket
connect
closesocket
__WSAFDIsSet
inet_addr
htons
socket

ddraw

DirectDrawCreate

oleaut32

VariantClear
SysFreeString

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 523KB - Virtual size: 523KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 191KB - Virtual size: 689KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 403KB - Virtual size: 403KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3000d38cb8156e04788aa1861e82da56

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

winmm

d3d8

python27

iphlpapi

imm32

devil

shlwapi

libcef

version

granny2

mss32

speedtreert

dinput8

ws2_32

ddraw

oleaut32

Exports

Exports

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 523KB - Virtual size: 523KB

.data Size: 191KB - Virtual size: 689KB

.data1 Size: 2KB - Virtual size: 2KB

.rsrc Size: 403KB - Virtual size: 403KB

.reloc Size: 152KB - Virtual size: 151KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 523KB - Virtual size: 523KB

.data
Size: 191KB - Virtual size: 689KB

.data1
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 403KB - Virtual size: 403KB

.reloc
Size: 152KB - Virtual size: 151KB