five-nights-together[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

five-nights-together.zip
Size

147.1MB
MD5

ed2878830c7100b058ce7e1d768f7abf
SHA1

1f755550dc23ea03b3248a3c5e2c86743f99e1f8
SHA256

3bb617ac6e2cd799ac1e4e24327de08a0fee70cebaf1ca7469bd9936d66cef1d
SHA512

630113959dd8a63419ac94ce900af384e95543154a1861af8f8ff355aa31987d6837ef82d18b45a4bb2d7b9abbfaf4ebae42dcbff7d1846869772a4579a9afcc
SSDEEP

3145728:VPJT1c0buTqCStP7ViG7aDXmJ2T/LpzGqJzQl5UsEDNvxNXYmbTYO8zPSO5/dvkC:VBT1ffCSN7X7arQ2T/JG1ODNnrKzP99n

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/execute_shell_simple_ext.dll
unpack001/five-nights-together.exe

Files

five-nights-together.zip
.zip
D3DX9_43.dll
.dll windows:6 windows x86 arch:x86

5fb75b2a87c1fa7cc3d7904a0b97084a

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9b:28:ef:17:5d:cd:b3:d3:ec:10:d1:6d:64:92:d2:24:02:c3:2b:3e
Signer

Actual PE Digest

9b:28:ef:17:5d:cd:b3:d3:ec:10:d1:6d:64:92:d2:24:02:c3:2b:3e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_isatty
_write
_lseeki64
__pioinfo
__badioinfo
wctomb
_itoa
_snprintf
_fileno
isleadbyte
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
_amsg_exit
_initterm
_XcptFilter
srand
strtod
fread
fflush
fwrite
abort
_tempnam
exit
isalpha
atof
atol
isxdigit
_ultoa
wcstombs
_CIexp
_isnan
rand
atoi
isalnum
floor
_strtime
_strdate
sscanf
isspace
isdigit
_setjmp3
longjmp
ldexp
frexp
calloc
realloc
_CIlog
setlocale
_strdup
free
_clearfp
ceil
_controlfp
malloc
_CIatan
_CIcos
_CIasin
_finite
_CIsin
_CIatan2
_CIacos
memmove
qsort
_CIfmod
_purecall
_stricmp
modf
iswspace
iswalpha
iswdigit
iswpunct
_CIsqrt
memcpy
memset
_CIpow
??2@YAPAXI@Z
??3@YAXPAX@Z
_iob
_vsnprintf
_vsnwprintf
_errno
__CxxFrameHandler

gdi32

GetTextMetricsA
GetObjectA
GetGlyphOutlineA
CreateDIBSection
DeleteDC
DeleteObject
SelectObject
GetCharacterPlacementW
GetCharacterPlacementA
SetTextColor
SetBkColor
SetBkMode
GetTextMetricsW
GetFontLanguageInfo
CreateFontIndirectA
CreateFontIndirectW
SetTextAlign
SetMapMode
CreateCompatibleDC
ExtTextOutA
MoveToEx
ExtTextOutW
TranslateCharsetInfo
GetCurrentObject
GetOutlineTextMetricsA
GetGlyphOutlineW
GetObjectW

kernel32

DeleteFileW
SetFilePointer
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
FindResourceA
LoadResource
LockResource
SizeofResource
FreeResource
CompareStringA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FormatMessageA
LocalFree
CreateFileW
GetFileSizeEx
GetFullPathNameW
GetLastError
IsDBCSLeadByte
WriteFile
GetTempPathA
MoveFileA
CreateFileA
ReadFile
CloseHandle
DeleteFileA
InterlockedDecrement
InterlockedIncrement
IsProcessorFeaturePresent
VirtualFree
GetACP
WideCharToMultiByte
MultiByteToWideChar
OutputDebugStringA
GetModuleHandleA
FreeLibrary
LoadLibraryA
GetVersionExA
GetSystemInfo
GetProcAddress
VirtualAlloc
GetProcessHeap
HeapFree
HeapAlloc
DisableThreadLibraryCalls
MoveFileW
GetTempFileNameW
GlobalMemoryStatus
SetEndOfFile
ExpandEnvironmentStringsA
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
WaitForSingleObject
ReleaseMutex
CreateMutexA
Sleep
InterlockedExchange
InterlockedCompareExchange
RtlUnwind
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetVersion
GetTempFileNameA
FindResourceW

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey

Exports

Exports

D3DXAssembleShader
D3DXAssembleShaderFromFileA
D3DXAssembleShaderFromFileW
D3DXAssembleShaderFromResourceA
D3DXAssembleShaderFromResourceW
D3DXBoxBoundProbe
D3DXCheckCubeTextureRequirements
D3DXCheckTextureRequirements
D3DXCheckVersion
D3DXCheckVolumeTextureRequirements
D3DXCleanMesh
D3DXColorAdjustContrast
D3DXColorAdjustSaturation
D3DXCompileShader
D3DXCompileShaderFromFileA
D3DXCompileShaderFromFileW
D3DXCompileShaderFromResourceA
D3DXCompileShaderFromResourceW
D3DXComputeBoundingBox
D3DXComputeBoundingSphere
D3DXComputeIMTFromPerTexelSignal
D3DXComputeIMTFromPerVertexSignal
D3DXComputeIMTFromSignal
D3DXComputeIMTFromTexture
D3DXComputeNormalMap
D3DXComputeNormals
D3DXComputeTangent
D3DXComputeTangentFrame
D3DXComputeTangentFrameEx
D3DXConcatenateMeshes
D3DXConvertMeshSubsetToSingleStrip
D3DXConvertMeshSubsetToStrips
D3DXCreateAnimationController
D3DXCreateBox
D3DXCreateBuffer
D3DXCreateCompressedAnimationSet
D3DXCreateCubeTexture
D3DXCreateCubeTextureFromFileA
D3DXCreateCubeTextureFromFileExA
D3DXCreateCubeTextureFromFileExW
D3DXCreateCubeTextureFromFileInMemory
D3DXCreateCubeTextureFromFileInMemoryEx
D3DXCreateCubeTextureFromFileW
D3DXCreateCubeTextureFromResourceA
D3DXCreateCubeTextureFromResourceExA
D3DXCreateCubeTextureFromResourceExW
D3DXCreateCubeTextureFromResourceW
D3DXCreateCylinder
D3DXCreateEffect
D3DXCreateEffectCompiler
D3DXCreateEffectCompilerFromFileA
D3DXCreateEffectCompilerFromFileW
D3DXCreateEffectCompilerFromResourceA
D3DXCreateEffectCompilerFromResourceW
D3DXCreateEffectEx
D3DXCreateEffectFromFileA
D3DXCreateEffectFromFileExA
D3DXCreateEffectFromFileExW
D3DXCreateEffectFromFileW
D3DXCreateEffectFromResourceA
D3DXCreateEffectFromResourceExA
D3DXCreateEffectFromResourceExW
D3DXCreateEffectFromResourceW
D3DXCreateEffectPool
D3DXCreateFontA
D3DXCreateFontIndirectA
D3DXCreateFontIndirectW
D3DXCreateFontW
D3DXCreateKeyframedAnimationSet
D3DXCreateLine
D3DXCreateMatrixStack
D3DXCreateMesh
D3DXCreateMeshFVF
D3DXCreateNPatchMesh
D3DXCreatePMeshFromStream
D3DXCreatePRTBuffer
D3DXCreatePRTBufferTex
D3DXCreatePRTCompBuffer
D3DXCreatePRTEngine
D3DXCreatePatchMesh
D3DXCreatePolygon
D3DXCreateRenderToEnvMap
D3DXCreateRenderToSurface
D3DXCreateSPMesh
D3DXCreateSkinInfo
D3DXCreateSkinInfoFVF
D3DXCreateSkinInfoFromBlendedMesh
D3DXCreateSphere
D3DXCreateSprite
D3DXCreateTeapot
D3DXCreateTextA
D3DXCreateTextW
D3DXCreateTexture
D3DXCreateTextureFromFileA
D3DXCreateTextureFromFileExA
D3DXCreateTextureFromFileExW
D3DXCreateTextureFromFileInMemory
D3DXCreateTextureFromFileInMemoryEx
D3DXCreateTextureFromFileW
D3DXCreateTextureFromResourceA
D3DXCreateTextureFromResourceExA
D3DXCreateTextureFromResourceExW
D3DXCreateTextureFromResourceW
D3DXCreateTextureGutterHelper
D3DXCreateTextureShader
D3DXCreateTorus
D3DXCreateVolumeTexture
D3DXCreateVolumeTextureFromFileA
D3DXCreateVolumeTextureFromFileExA
D3DXCreateVolumeTextureFromFileExW
D3DXCreateVolumeTextureFromFileInMemory
D3DXCreateVolumeTextureFromFileInMemoryEx
D3DXCreateVolumeTextureFromFileW
D3DXCreateVolumeTextureFromResourceA
D3DXCreateVolumeTextureFromResourceExA
D3DXCreateVolumeTextureFromResourceExW
D3DXCreateVolumeTextureFromResourceW
D3DXDebugMute
D3DXDeclaratorFromFVF
D3DXDisassembleEffect
D3DXDisassembleShader
D3DXFVFFromDeclarator
D3DXFileCreate
D3DXFillCubeTexture
D3DXFillCubeTextureTX
D3DXFillTexture
D3DXFillTextureTX
D3DXFillVolumeTexture
D3DXFillVolumeTextureTX
D3DXFilterTexture
D3DXFindShaderComment
D3DXFloat16To32Array
D3DXFloat32To16Array
D3DXFrameAppendChild
D3DXFrameCalculateBoundingSphere
D3DXFrameDestroy
D3DXFrameFind
D3DXFrameNumNamedMatrices
D3DXFrameRegisterNamedMatrices
D3DXFresnelTerm
D3DXGenerateOutputDecl
D3DXGeneratePMesh
D3DXGetDeclLength
D3DXGetDeclVertexSize
D3DXGetDriverLevel
D3DXGetFVFVertexSize
D3DXGetImageInfoFromFileA
D3DXGetImageInfoFromFileInMemory
D3DXGetImageInfoFromFileW
D3DXGetImageInfoFromResourceA
D3DXGetImageInfoFromResourceW
D3DXGetPixelShaderProfile
D3DXGetShaderConstantTable
D3DXGetShaderConstantTableEx
D3DXGetShaderInputSemantics
D3DXGetShaderOutputSemantics
D3DXGetShaderSamplers
D3DXGetShaderSize
D3DXGetShaderVersion
D3DXGetVertexShaderProfile
D3DXIntersect
D3DXIntersectSubset
D3DXIntersectTri
D3DXLoadMeshFromXA
D3DXLoadMeshFromXInMemory
D3DXLoadMeshFromXResource
D3DXLoadMeshFromXW
D3DXLoadMeshFromXof
D3DXLoadMeshHierarchyFromXA
D3DXLoadMeshHierarchyFromXInMemory
D3DXLoadMeshHierarchyFromXW
D3DXLoadPRTBufferFromFileA
D3DXLoadPRTBufferFromFileW
D3DXLoadPRTCompBufferFromFileA
D3DXLoadPRTCompBufferFromFileW
D3DXLoadPatchMeshFromXof
D3DXLoadSkinMeshFromXof
D3DXLoadSurfaceFromFileA
D3DXLoadSurfaceFromFileInMemory
D3DXLoadSurfaceFromFileW
D3DXLoadSurfaceFromMemory
D3DXLoadSurfaceFromResourceA
D3DXLoadSurfaceFromResourceW
D3DXLoadSurfaceFromSurface
D3DXLoadVolumeFromFileA
D3DXLoadVolumeFromFileInMemory
D3DXLoadVolumeFromFileW
D3DXLoadVolumeFromMemory
D3DXLoadVolumeFromResourceA
D3DXLoadVolumeFromResourceW
D3DXLoadVolumeFromVolume
D3DXMatrixAffineTransformation
D3DXMatrixAffineTransformation2D
D3DXMatrixDecompose
D3DXMatrixDeterminant
D3DXMatrixInverse
D3DXMatrixLookAtLH
D3DXMatrixLookAtRH
D3DXMatrixMultiply
D3DXMatrixMultiplyTranspose
D3DXMatrixOrthoLH
D3DXMatrixOrthoOffCenterLH
D3DXMatrixOrthoOffCenterRH
D3DXMatrixOrthoRH
D3DXMatrixPerspectiveFovLH
D3DXMatrixPerspectiveFovRH
D3DXMatrixPerspectiveLH
D3DXMatrixPerspectiveOffCenterLH
D3DXMatrixPerspectiveOffCenterRH
D3DXMatrixPerspectiveRH
D3DXMatrixReflect
D3DXMatrixRotationAxis
D3DXMatrixRotationQuaternion
D3DXMatrixRotationX
D3DXMatrixRotationY
D3DXMatrixRotationYawPitchRoll
D3DXMatrixRotationZ
D3DXMatrixScaling
D3DXMatrixShadow
D3DXMatrixTransformation
D3DXMatrixTransformation2D
D3DXMatrixTranslation
D3DXMatrixTranspose
D3DXOptimizeFaces
D3DXOptimizeVertices
D3DXPlaneFromPointNormal
D3DXPlaneFromPoints
D3DXPlaneIntersectLine
D3DXPlaneNormalize
D3DXPlaneTransform
D3DXPlaneTransformArray
D3DXPreprocessShader
D3DXPreprocessShaderFromFileA
D3DXPreprocessShaderFromFileW
D3DXPreprocessShaderFromResourceA
D3DXPreprocessShaderFromResourceW
D3DXQuaternionBaryCentric
D3DXQuaternionExp
D3DXQuaternionInverse
D3DXQuaternionLn
D3DXQuaternionMultiply
D3DXQuaternionNormalize
D3DXQuaternionRotationAxis
D3DXQuaternionRotationMatrix
D3DXQuaternionRotationYawPitchRoll
D3DXQuaternionSlerp
D3DXQuaternionSquad
D3DXQuaternionSquadSetup
D3DXQuaternionToAxisAngle
D3DXRectPatchSize
D3DXSHAdd
D3DXSHDot
D3DXSHEvalConeLight
D3DXSHEvalDirection
D3DXSHEvalDirectionalLight
D3DXSHEvalHemisphereLight
D3DXSHEvalSphericalLight
D3DXSHMultiply2
D3DXSHMultiply3
D3DXSHMultiply4
D3DXSHMultiply5
D3DXSHMultiply6
D3DXSHPRTCompSplitMeshSC
D3DXSHPRTCompSuperCluster
D3DXSHProjectCubeMap
D3DXSHRotate
D3DXSHRotateZ
D3DXSHScale
D3DXSaveMeshHierarchyToFileA
D3DXSaveMeshHierarchyToFileW
D3DXSaveMeshToXA
D3DXSaveMeshToXW
D3DXSavePRTBufferToFileA
D3DXSavePRTBufferToFileW
D3DXSavePRTCompBufferToFileA
D3DXSavePRTCompBufferToFileW
D3DXSaveSurfaceToFileA
D3DXSaveSurfaceToFileInMemory
D3DXSaveSurfaceToFileW
D3DXSaveTextureToFileA
D3DXSaveTextureToFileInMemory
D3DXSaveTextureToFileW
D3DXSaveVolumeToFileA
D3DXSaveVolumeToFileInMemory
D3DXSaveVolumeToFileW
D3DXSimplifyMesh
D3DXSphereBoundProbe
D3DXSplitMesh
D3DXTessellateNPatches
D3DXTessellateRectPatch
D3DXTessellateTriPatch
D3DXTriPatchSize
D3DXUVAtlasCreate
D3DXUVAtlasPack
D3DXUVAtlasPartition
D3DXValidMesh
D3DXValidPatchMesh
D3DXVec2BaryCentric
D3DXVec2CatmullRom
D3DXVec2Hermite
D3DXVec2Normalize
D3DXVec2Transform
D3DXVec2TransformArray
D3DXVec2TransformCoord
D3DXVec2TransformCoordArray
D3DXVec2TransformNormal
D3DXVec2TransformNormalArray
D3DXVec3BaryCentric
D3DXVec3CatmullRom
D3DXVec3Hermite
D3DXVec3Normalize
D3DXVec3Project
D3DXVec3ProjectArray
D3DXVec3Transform
D3DXVec3TransformArray
D3DXVec3TransformCoord
D3DXVec3TransformCoordArray
D3DXVec3TransformNormal
D3DXVec3TransformNormalArray
D3DXVec3Unproject
D3DXVec3UnprojectArray
D3DXVec4BaryCentric
D3DXVec4CatmullRom
D3DXVec4Cross
D3DXVec4Hermite
D3DXVec4Normalize
D3DXVec4Transform
D3DXVec4TransformArray
D3DXWeldVertices

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GameMaker Server+(All)0.lib
GameMaker Server+(All)1.lib
data.win
execute_shell_simple_ext.dll
.dll windows:6 windows x86 arch:x86

d711b9f4c3de94b98d9d0a08e445e3c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentDirectoryW
MultiByteToWideChar

shell32

ShellExecuteW

Exports

Exports

execute_shell_simple_raw

Sections

.text
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
five-nights-together.exe
.exe windows:5 windows x86 arch:x86

9b2d98ab451b0bc34ac867ac83f5ab51

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetOpenA
HttpEndRequestW
InternetWriteFile
HttpQueryInfoA
InternetReadFile
InternetCloseHandle
InternetCrackUrlA
InternetCanonicalizeUrlA
HttpSendRequestA
InternetGetConnectedState
InternetConnectA
HttpOpenRequestA

d3dx9_43

D3DXGetVertexShaderProfile
D3DXCompileShader
D3DXGetPixelShaderProfile
D3DXCreateTextureFromFileW
D3DXGetImageInfoFromFileInMemory
D3DXCreateTextureFromFileInMemoryEx

dbghelp

MiniDumpWriteDump
SymInitialize
SymFromAddr

winmm

mciGetErrorStringA
joyGetPos
joyGetPosEx
joyGetDevCapsA
mciSendStringA

ws2_32

bind
socket
ioctlsocket
setsockopt
inet_addr
WSACleanup
WSAStartup
shutdown
closesocket
gethostname
listen
getaddrinfo
WSAAddressToStringA
freeaddrinfo
getpeername
select
__WSAFDIsSet
htons
htonl
ntohs
ntohl
accept
recv
inet_ntoa
recvfrom
WSAGetLastError
send
connect
sendto
getsockopt

gdiplus

GdiplusShutdown
GdiplusStartup

comctl32

InitCommonControlsEx

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

CreateFileA
GetFileAttributesA
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
LCMapStringW
LCMapStringA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetConsoleCtrlHandler
SetFilePointer
SetStdHandle
ReadFile
VirtualAlloc
VirtualFree
HeapDestroy
HeapCreate
FatalAppExitA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
WriteFile
HeapSize
SetLastError
GetStdHandle
SetHandleCount
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
CreateDirectoryA
GetFileType
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeA
DeleteFileA
FindNextFileA
FindFirstFileA
GetFullPathNameA
DebugBreak
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatA
GetTimeFormatA
MultiByteToWideChar
GetConsoleWindow
WideCharToMultiByte
OutputDebugStringW
FormatMessageW
GetLastError
GetProcAddress
LoadLibraryW
GetFullPathNameW
GetCurrentDirectoryW
LocalFree
GetModuleHandleW
FreeEnvironmentStringsA
InterlockedIncrement
CreateThread
GetExitCodeThread
CloseHandle
DeleteFileW
FreeLibrary
SetCurrentDirectoryA
GetCurrentDirectoryA
Sleep
GetExitCodeProcess
CreateProcessW
GetEnvironmentVariableW
FindClose
FindNextFileW
RemoveDirectoryW
FindFirstFileW
GetFileAttributesW
CreateDirectoryW
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
SetWaitableTimer
CreateWaitableTimerW
SetThreadPriority
SetPriorityClass
GetCurrentProcess
GetCurrentThread
GlobalUnlock
GlobalLock
GlobalAlloc
GetVersionExW
GetUserDefaultLCID
GetLocaleInfoW
GetSystemInfo
GlobalMemoryStatusEx
ExitProcess
lstrlenA
ExpandEnvironmentStringsW
GetModuleFileNameW
GetCurrentThreadId
MoveFileA
SetUnhandledExceptionFilter
SetErrorMode
GetCommandLineW
GetCurrentProcessId
CreateFileW
RtlCaptureStackBackTrace
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
TlsAlloc
TlsSetValue
TlsGetValue
TlsFree
RtlUnwind
RaiseException
LoadLibraryA
InterlockedExchange
LocalAlloc
HeapWalk
HeapFree
HeapAlloc
HeapReAlloc
SetFileAttributesW
GetSystemTimeAsFileTime
GetEnvironmentStrings
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetEndOfFile
GetProcessHeap
CompareStringA
InterlockedDecrement
VirtualQuery
HeapValidate

user32

GetDC
GetDlgItem
DialogBoxParamW
MoveWindow
ClientToScreen
GetMonitorInfoW
SetCursorPos
MapWindowPoints
GetRawInputDeviceInfoA
GetRawInputDeviceList
GetActiveWindow
GetCursorPos
GetForegroundWindow
wsprintfW
DispatchMessageW
TranslateMessage
GetMessageW
EnumDisplaySettingsW
ChangeDisplaySettingsW
SetWindowLongW
UpdateWindow
EnumDisplaySettingsExW
EnumDisplayDevicesA
keybd_event
DrawTextW
SetWindowTextA
SetWindowTextW
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
GetFocus
MessageBoxA
SetDlgItemTextA
IsDialogMessageW
PeekMessageW
DestroyWindow
ShowWindow
BringWindowToTop
SetForegroundWindow
SetWindowPos
GetSystemMetrics
AdjustWindowRectEx
LoadImageW
LoadCursorW
RegisterClassExW
CreateWindowExW
SendMessageW
ReleaseDC
GetAsyncKeyState
ScreenToClient
SetCursor
GetClientRect
GetWindowRect
PostMessageW
CreateDialogParamW
EndDialog
GetDlgItemTextW
IsClipboardFormatAvailable
SetFocus
DefWindowProcW
ReleaseCapture
SetCapture
GetKeyState
CallNextHookEx
MessageBoxW
SetDlgItemTextW

gdi32

GetDeviceCaps
CreateFontA
SelectObject
DeleteObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteW
SHGetFolderPathW

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
VariantClear
SysFreeString

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 900KB - Virtual size: 900KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 302KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mydata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mus_6am.ogg
mus_fredbear.ogg
mus_fredbear_slow.ogg
mus_menu.ogg
mus_puppet.ogg
mus_waiting.ogg
options.ini
snd_ACoff.ogg
snd_amongus.ogg
snd_animAtDoor.ogg
snd_anim_ambience.ogg
snd_blip.ogg
snd_block.ogg
snd_blow.ogg
snd_bonk.ogg
snd_boom.ogg
snd_break.ogg
snd_breaknt.ogg
snd_chicken.ogg
snd_click1.ogg
snd_click2.ogg
snd_click3.ogg
snd_coin.ogg
snd_confirm.ogg
snd_connected.ogg
snd_denied.ogg
snd_door.ogg
snd_doorclose.ogg
snd_dooropen.ogg
snd_down.ogg
snd_error.ogg
snd_fan.ogg
snd_flipup.ogg
snd_foot1.ogg
snd_foot2.ogg
snd_foot3.ogg
snd_foot4.ogg
snd_foot5.ogg
snd_garble1.ogg
snd_garble2.ogg
snd_garble3.ogg
snd_goldenfreddy.ogg
snd_handUnitFlip.ogg
snd_handunit_restarting.ogg
snd_honk1.ogg
snd_honk2.ogg
snd_instructions.ogg
snd_interrupted.ogg
snd_jumpscare1.ogg
snd_jumpscare2.ogg
snd_kitchen.ogg
snd_left.ogg
snd_light.ogg
snd_locked.ogg
snd_musicbox.ogg
snd_next.ogg
snd_out1.ogg
snd_out2.ogg
snd_outage.ogg
snd_ovenclick.ogg
snd_powerback.ogg
snd_powerout.ogg
snd_rebooting.ogg
snd_right.ogg
snd_sprint.ogg
snd_transition.ogg
snd_up.ogg
snd_win.ogg
snd_yay.ogg

Sharing

General

Malware Config

Signatures

Files

5fb75b2a87c1fa7cc3d7904a0b97084a

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:06:94:2d:00:00:00:00:00:09Certificate

Extended Key Usages

Key Usages

9b:28:ef:17:5d:cd:b3:d3:ec:10:d1:6d:64:92:d2:24:02:c3:2b:3eSigner

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

gdi32

kernel32

advapi32

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.data Size: 62KB - Virtual size: 148KB

.rsrc Size: 1024B - Virtual size: 928B

.reloc Size: 55KB - Virtual size: 55KB

d711b9f4c3de94b98d9d0a08e445e3c8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

Exports

Exports

Sections

.text Size: 512B - Virtual size: 176B

.rdata Size: 1024B - Virtual size: 556B

.data Size: - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 576B

.reloc Size: 512B - Virtual size: 36B

9b2d98ab451b0bc34ac867ac83f5ab51

Headers

DLL Characteristics

File Characteristics

Imports

wininet

d3dx9_43

dbghelp

winmm

ws2_32

gdiplus

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 900KB - Virtual size: 900KB

.data Size: 302KB - Virtual size: 2.6MB

.mydata Size: 512B - Virtual size: 8B

.rsrc Size: 149KB - Virtual size: 148KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

9b:28:ef:17:5d:cd:b3:d3:ec:10:d1:6d:64:92:d2:24:02:c3:2b:3e
Signer

.text
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 62KB - Virtual size: 148KB

.rsrc
Size: 1024B - Virtual size: 928B

.reloc
Size: 55KB - Virtual size: 55KB

.text
Size: 512B - Virtual size: 176B

.rdata
Size: 1024B - Virtual size: 556B

.data
Size: - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 576B

.reloc
Size: 512B - Virtual size: 36B

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 900KB - Virtual size: 900KB

.data
Size: 302KB - Virtual size: 2.6MB

.mydata
Size: 512B - Virtual size: 8B

.rsrc
Size: 149KB - Virtual size: 148KB