WebTVIntel--2[.]5[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

WebTVIntel--2.5.zip
Size

5.3MB
MD5

9e5207ad70a935bef623819daa4e450b
SHA1

d6fbe3fe5ef75fcd888cd246ad99f041636e93c2
SHA256

f9d234d094f92ad9a0eb9ec04972c4829c683238a198cc726019bc41ffdfb068
SHA512

93adfc4382fafeaf7ac5aef3168c50995727698007783860bc6ea140913859ee3ef6596166bce42971dfd5f373fda6254dad5fa1ef9a0e31a0219ba28588e0b8
SSDEEP

98304:yzEY4DBHQ5wCmNGb3rOEhIaLU7TPXBIzd6myFwU8NnQMfUapLVMlwJ9XVQgAdVXe:yzj4VQ5DDCYU7TPXBaryFwskU0ewJ9XD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WebTVIntel--2.5.exe

Files

WebTVIntel--2.5.zip
.zip
Flash.vwr
ROM.vwr
Setup.bmp
TMP.vwr
WebTVIntel--2.5.exe
.exe windows:4 windows x86 arch:x86

f65431fdbb5e9acf8eda9976b96292e6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mmioClose
timeKillEvent
mmioCreateChunk
mmioWrite
mmioAscend
mmioDescend
mmioRead
mmioOpenA
timeSetEvent
timeGetTime

dsound

ord1

mfc42

ord1945
ord4589
ord4588
ord4899
ord4370
ord2379
ord4892
ord5076
ord4341
ord4349
ord4723
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord4078
ord5240
ord2385
ord5290
ord4441
ord3748
ord1726
ord5260
ord2446
ord4432
ord560
ord813
ord4273
ord860
ord2818
ord2754
ord283
ord3573
ord3626
ord2414
ord3619
ord1920
ord4889
ord4963
ord4960
ord1725
ord517
ord784
ord4262
ord640
ord5789
ord323
ord2614
ord1640
ord6131
ord6216
ord922
ord5037
ord4275
ord5241
ord5261
ord4424
ord3721
ord795
ord755
ord2567
ord470
ord2864
ord3089
ord3402
ord567
ord4467
ord5472
ord1841
ord4340
ord4347
ord6054
ord5281
ord2091
ord693
ord364
ord2302
ord4241
ord4720
ord535
ord6199
ord6907
ord3301
ord4508
ord6402
ord2582
ord4402
ord3370
ord3640
ord699
ord801
ord6143
ord397
ord541
ord1158
ord1200
ord5593
ord3438
ord5710
ord4129
ord2763
ord4188
ord912
ord5788
ord5787
ord472
ord3693
ord5875
ord5873
ord2243
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord1775
ord5280
ord4425
ord3597
ord641
ord6377
ord6215
ord4234
ord692
ord609
ord2642
ord4774
ord4538
ord2450
ord924
ord6172
ord2753
ord5791
ord3803
ord2860
ord5785
ord2575
ord4396
ord3574
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord773
ord702
ord686
ord812
ord501
ord400
ord384
ord559
ord5596
ord2408
ord6144
ord2452
ord2096
ord1146
ord1641
ord5862
ord915
ord4191
ord3571
ord2863
ord2066
ord816
ord562
ord998
ord2762
ord5621
ord940
ord941
ord5678
ord5794
ord5736
ord2438
ord6109
ord291
ord4220
ord2584
ord3654
ord1644
ord1195
ord4533
ord2358
ord2299
ord2915
ord926
ord4055
ord923
ord6334
ord5677
ord3874
ord3811
ord6442
ord1233
ord5981
ord4133
ord4297
ord284
ord3797
ord2820
ord551
ord4278
ord3337
ord3742
ord818
ord793
ord2114
ord616
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord2078
ord2080
ord2370
ord1871
ord6571
ord5460
ord2801
ord1979
ord665
ord5186
ord354
ord3499
ord2515
ord355
ord268
ord1567
ord3692
ord3092
ord3610
ord656
ord2298
ord2294
ord2362
ord1779
ord668
ord1980
ord2455
ord3185
ord3181
ord4058
ord2781
ord2770
ord324
ord3870
ord790
ord6111
ord3716
ord809
ord556
ord1088
ord2122
ord6358
ord6880
ord2859
ord5572
ord1859
ord4246
ord3869
ord2127
ord2391
ord5102
ord5105
ord4468
ord3350
ord2880
ord4153
ord2383
ord5284
ord642
ord807
ord796
ord327
ord554
ord529
ord402
ord6241
ord6000
ord2117
ord4457
ord2087
ord5255
ord4501
ord975
ord2884
ord4202
ord2919
ord5683
ord6222
ord3495
ord3175
ord3317
ord613
ord3021
ord289
ord6828
ord4428
ord4437
ord2004
ord3906
ord4083
ord4243
ord781
ord2111
ord540
ord4132
ord6136
ord3767
ord6134
ord4130
ord5937
ord3061
ord703
ord404
ord353
ord3910
ord3708
ord2301
ord2764
ord2737
ord4224
ord5272
ord2289
ord6404
ord3755
ord3349
ord2363
ord765
ord4476
ord2645
ord3698
ord3706
ord5461
ord3216
ord4042
ord1652
ord429
ord5510
ord1087
ord6007
ord2295
ord2364
ord4226
ord1948
ord2396
ord3346
ord5300
ord5303
ord2726
ord4079
ord4699
ord5307
ord5289
ord5715
ord4622
ord817
ord565
ord2152
ord1768
ord1949
ord1176
ord3643
ord394
ord696
ord909
ord5628
ord4185
ord3522
ord6242
ord6453
ord859
ord6403
ord2089
ord1083
ord3994
ord5600
ord3520
ord6401
ord2393
ord5442
ord3318
ord4615
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5302
ord4698
ord5714
ord3738
ord815
ord561
ord6117
ord5484
ord2233
ord2558
ord5301
ord617
ord986
ord411
ord5214
ord296
ord1106
ord4159
ord2621
ord6438
ord1134
ord1205
ord1199
ord1247
ord2725
ord3138
ord4277
ord1832
ord5651
ord350
ord3126
ord3613
ord777
ord2564
ord2535
ord5926
ord6267
ord3911
ord4317
ord6272
ord2713
ord4613
ord4614
ord3223
ord3221
ord4386
ord1093
ord2593
ord2042
ord3790
ord3178
ord5583
ord6264
ord5645
ord6153
ord5773
ord6385
ord1997
ord5448
ord798
ord5194
ord533
ord3127
ord3616
ord858
ord939
ord5856
ord6329
ord4238
ord4823
ord338
ord652
ord4426
ord4623
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord6175
ord6080
ord3198
ord3454

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
strlen
strcspn
exit
_itoa
_setmbcp
fopen
_ftol
putchar
fputc
_iob
__CxxFrameHandler
_purecall
_setjmp3
longjmp
_beginthread
_snprintf
_vsnprintf
fclose
fwrite
_controlfp
fread
__CxxLongjmpUnwind
sin
cos
atan2
memcpy
memset
strcmp
atof
abs
free
malloc
_stricmp
_strnicmp
system
memmove
_splitpath
time
_timezone
_tzname
_daylight
_tzset
calloc
pow
_CxxThrowException
modf
ldexp
exp
log10
log
fabs
tan
atan
asin
acos

kernel32

GetComputerNameA
LocalLock
LocalReAlloc
LocalAlloc
GetModuleFileNameA
GetTickCount
LocalUnlock
lstrlenA
WinExec
lstrcatA
GetWindowsDirectoryA
LoadLibraryA
lstrcpyA
GetPrivateProfileStringA
GetCurrentDirectoryA
FreeLibrary
LockResource
SizeofResource
FreeResource
GlobalLock
GlobalUnlock
VirtualProtect
LoadResource
SetCurrentDirectoryA
FindResourceA
GetLastError
ReadFile
DebugBreak
DeviceIoControl
GetFileSize
CreateFileA
WriteFile
CloseHandle
SetFilePointer
Sleep
OutputDebugStringA
CreateThread
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GlobalAlloc
GlobalFree
TerminateThread
ResumeThread
SetThreadPriority
GetTimeZoneInformation
WaitForMultipleObjects
GetVersion
CreateEventA
WaitForSingleObject
SetEvent
DeleteCriticalSection
RemoveDirectoryA
CreateMutexA
CreateDirectoryA
HeapAlloc
GetProcessHeap
ReleaseMutex
HeapReAlloc
GetModuleHandleA
HeapFree
GetStartupInfoA
LocalFree

user32

CopyIcon
IsWindow
KillTimer
IsWindowVisible
BringWindowToTop
SetWindowLongA
SetTimer
GetMenuStringA
IsClipboardFormatAvailable
PostQuitMessage
GetWindow
GetWindowLongA
GetMessagePos
ScreenToClient
RedrawWindow
IsRectEmpty
GetFocus
SetRectEmpty
CallWindowProcA
AdjustWindowRectEx
LockWindowUpdate
SetRect
ScrollDC
MessageBeep
RemoveMenu
GetSubMenu
GetMenuItemID
MapDialogRect
GetActiveWindow
IsChild
DrawTextA
IntersectRect
EqualRect
GetDesktopWindow
FrameRect
SetWindowRgn
GetKeyState
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
AppendMenuA
CreateMenu
MapVirtualKeyA
GetKeyNameTextA
GetMenuItemCount
SetMenuItemInfoA
CopyAcceleratorTableA
LoadBitmapA
DrawStateA
OffsetRect
CopyRect
DestroyIcon
GetMenuItemInfoA
GetSystemMetrics
SystemParametersInfoA
GetSysColor
FillRect
SendMessageA
MapWindowPoints
GetWindowRect
SendNotifyMessageA
GetParent
SetCapture
PtInRect
ReleaseCapture
DrawIconEx
LoadImageA
InvalidateRect
DrawEdge
InflateRect
EnableWindow
GetClientRect
GetDC
ReleaseDC
SetCursor
RegisterWindowMessageA
LoadCursorA
SetForegroundWindow

gdi32

RealizePalette
StretchBlt
GetBkColor
CreateFontIndirectA
SelectObject
GetObjectA
BitBlt
Ellipse
PatBlt
CreateCompatibleBitmap
GetTextExtentPoint32A
StretchDIBits
CreateCompatibleDC
CreateDIBSection
CreatePalette
Rectangle
GetSystemPaletteEntries
SelectPalette
GdiFlush
Pie
SetPaletteEntries
ResizePalette
CreateBitmap
GetStockObject
Polygon
CreateFontA
CreateSolidBrush
ExtCreateRegion
DeleteDC
SelectClipRgn
GetClipRgn
CreateRectRgn
RestoreDC
IntersectClipRect
SaveDC
GetMapMode
CombineRgn
InvertRgn
DeleteObject
SetSystemPaletteUse
GetDeviceCaps
GetPaletteEntries
GetNearestPaletteIndex

advapi32

RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
GetUserNameA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegQueryValueA
RegEnumValueA

shell32

DragFinish
ShellExecuteA
DragQueryFileA

comctl32

ImageList_GetIcon
ImageList_GetImageCount
ImageList_AddMasked
ImageList_GetImageInfo
ImageList_Draw

wsock32

connect
closesocket
gethostbyname
inet_ntoa
WSAGetLastError
WSAStartup
select
recv
send
socket
htonl
htons

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 280KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 468KB - Virtual size: 543KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f65431fdbb5e9acf8eda9976b96292e6

Headers

File Characteristics

Imports

winmm

dsound

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

wsock32

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 280KB - Virtual size: 277KB

.data Size: 468KB - Virtual size: 543KB

.rsrc Size: 148KB - Virtual size: 144KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 280KB - Virtual size: 277KB

.data
Size: 468KB - Virtual size: 543KB

.rsrc
Size: 148KB - Virtual size: 144KB