MKKE[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

MKKE.exe
Size

10.8MB
MD5

a7cd9055eaa339f3a9a80a98a0931978
SHA1

b99aadef788d3b7cd6abe0873a5be1647a1b9479
SHA256

d1c71e086deac26716e48f060e486679a36ddd4002ab5080d66df9d11437d0e6
SHA512

4583de94ece257b738ffaee92a15c5225d72cdc5f8fc32648ffa06e00f65562c8fc71cc7acc6fc873e11a10525facf2a427d59f36d5fb6dfeb3c01865c0e93a7
SSDEEP

98304:kRdS9oF9xnXMtsTi0v/pnb54qVpTEfSPa1HHdbU+bqnq6X6D3Q9kw:kHGtsWe54qVpTEsoHZ7qZ22h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MKKE.exe

Files

MKKE.exe
.exe windows:5 windows x86 arch:x86

5366ba6c71d2f5f39beadf13681a6792

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

dbghelp

StackWalk64
SymFunctionTableAccess64
SymGetModuleBase64
SymInitialize
SymSetOptions
SymGetOptions
SymGetModuleInfo64
SymGetLineFromAddr64
SymGetSymFromAddr64
MiniDumpWriteDump
SymLoadModule64

binkw32

_BinkPause@8
_BinkGoto@12
_BinkGetRects@8
_BinkSetVolume@12
_BinkClose@4
_BinkSetSoundSystem@8
_BinkSetSoundTrack@8
_BinkOpen@8
_BinkGetFrameBuffersInfo@8
_BinkNextFrame@4
_BinkWait@4
_BinkShouldSkip@4
_BinkRegisterFrameBuffers@8
_BinkOpenDirectSound@4
_BinkDoFrame@4

ws2_32

send
getsockname
select
accept
getsockopt
getaddrinfo
WSACancelAsyncRequest
connect
WSAAsyncGetHostByName
recv
setsockopt
freeaddrinfo
ntohs
htons
gethostbyname
inet_addr
closesocket
htonl
ioctlsocket
socket
WSAGetLastError
gethostname
ntohl
recvfrom
WSAStartup
bind
WSACleanup
listen
sendto

kernel32

GetLocalTime
LocalAlloc
GetStartupInfoA
OpenFile
GetTempPathA
GetTimeZoneInformation
SleepEx
PeekNamedPipe
WaitForMultipleObjects
QueryPerformanceCounter
DebugBreak
IsDebuggerPresent
InterlockedExchangeAdd
InterlockedExchange
GetCurrentThreadId
DeleteCriticalSection
Sleep
CreateMutexA
ReleaseMutex
CloseHandle
WaitForSingleObject
OpenMutexA
GetLastError
GetCommandLineA
SetErrorMode
GetVersionExA
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
CreateFileA
CreateSemaphoreA
InterlockedDecrement
InterlockedIncrement
GetTickCount
ReleaseSemaphore
GetSystemInfo
SetFilePointer
WriteFile
DeleteFileA
FlushFileBuffers
VirtualFree
GlobalMemoryStatusEx
VirtualAlloc
ConvertFiberToThread
SwitchToFiber
ConvertThreadToFiber
DeleteFiber
QueryPerformanceFrequency
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
GetComputerNameA
RaiseException
CreateEventA
SetEvent
ResetEvent
TerminateThread
SetThreadPriority
ReadFile
SetCurrentDirectoryA
GetFileSize
SetFileAttributesA
GetFileAttributesA
TerminateProcess
SetEndOfFile
CreateDirectoryA
SetThreadAffinityMask
CreateThread
GetFileSizeEx
CopyFileA
MoveFileExA
FindClose
FindNextFileA
FindFirstFileA
RemoveDirectoryA
ExitProcess
LoadLibraryA
FreeLibrary
GetProcAddress
lstrlenA
GlobalMemoryStatus
GetCurrentThread
FormatMessageA
GlobalUnlock
GlobalLock
GlobalAlloc
CreateProcessA
CreateProcessW
GetModuleFileNameW
GetModuleFileNameA
GetUserDefaultUILanguage
OutputDebugStringA
GetPrivateProfileStringW
CreateFileW
CreateDirectoryW
InterlockedCompareExchange
SetCriticalSectionSpinCount
SetStdHandle
OpenEventA
FreeConsole
GetConsoleWindow
SetConsoleScreenBufferSize
GetStdHandle
AllocConsole
WriteConsoleA
SetConsoleWindowInfo
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetConsoleTitleA
GetFileType
ExpandEnvironmentStringsA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetSystemDirectoryA
CreateWaitableTimerA
VirtualQuery
SetWaitableTimer
SetLastError

user32

MapWindowPoints
GetClientRect
ClipCursor
DestroyWindow
PostMessageA
IsWindow
PostQuitMessage
GetKeyboardLayout
GetClipCursor
ScreenToClient
GetCursorPos
SetCursorPos
ClientToScreen
InvalidateRect
GetSystemMetrics
EndPaint
BeginPaint
DefWindowProcA
SetForegroundWindow
UpdateWindow
MapVirtualKeyA
CreateWindowExA
SystemParametersInfoA
RegisterClassExA
LoadCursorA
CloseClipboard
SetClipboardData
EmptyClipboard
GetActiveWindow
ShowCursor
SetCapture
SetWindowPos
GetWindowRect
SetWindowLongA
AdjustWindowRect
GetClipboardData
GetKeyState
SetActiveWindow
SetFocus
SetCursor
GetDesktopWindow
LoadIconA
ReleaseCapture
wsprintfW
IsIconic
GetForegroundWindow
MessageBoxW
MessageBoxA
PeekMessageA
TranslateMessage
DispatchMessageA
ShowWindow
OpenClipboard
CharLowerBuffA

gdi32

CreateDIBSection
GetDIBits
CreateCompatibleBitmap
SetDIBits
SelectObject
GetStockObject
DeleteObject
GetObjectA
DeleteDC
CreateCompatibleDC
BitBlt

advapi32

RegEnumKeyA
RegOpenKeyA
CryptReleaseContext
CryptGenRandom
RegOpenKeyExA
RegQueryValueExA
CryptAcquireContextA
RegSetValueExA
RegCloseKey

shell32

CommandLineToArgvW
SHGetFolderPathW
ShellExecuteA
SHGetFolderPathA

ole32

CLSIDFromString
CoTaskMemFree
PropVariantClear
CoUninitialize
CoSetProxyBlanket
CoCreateInstance
CoInitialize
CoCreateGuid

oleaut32

SysFreeString
SysAllocString

msvcp90

?deallocate@?$allocator@G@std@@QAEXPAGI@Z
?_Xran@_String_base@std@@SAXXZ
?_Xlen@_String_base@std@@SAXXZ
?compare@?$char_traits@D@std@@SAHPBD0I@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?ends@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_BADOFF@std@@3JB
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PADH@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPBDH@Z
?_Xsgetn_s@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADIH@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADH@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?allocate@?$allocator@G@std@@QAEPAGI@Z

msvcr90

calloc
_strdup
realloc
_CIsqrt
_fullpath
_CIcos
_CIexp
_CIlog
_CItan
_CIatan2
_CIsin
_CIatan
fwrite
_snwprintf
wcstoul
_CIlog10
_findnext64i32
_findfirst64i32
srand
_wcsicoll
wcscoll
strspn
strtol
strcpy_s
_vsnprintf_s
wcsncpy_s
localeconv
_beginthreadex
_itoa_s
_errno
_wfopen_s
fflush
_wstat64
_ftime64
isxdigit
_CIfmod
_purecall
ispunct
toupper
_stricmp
memmove
memcpy
__CxxFrameHandler3
memset
swscanf
strncpy
free
malloc
strncmp
_strnicmp
strstr
atoi
wcsstr
sprintf
strncpy_s
_CIacos
ceil
_CIpow
__libm_sse2_atan2
isdigit
__libm_sse2_sin
__libm_sse2_cos
__libm_sse2_pow
__libm_sse2_acos
atof
floor
strrchr
_snprintf
_atoi64
__libm_sse2_atan
rand
isgraph
_aligned_realloc
_aligned_malloc
_aligned_free
vsprintf
_vsnprintf
_vswprintf_c_l
_vscprintf
vsprintf_s
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
strchr
strncat
_fileno
memmove_s
_utime64
_difftime64
_gmtime64
_time64
_stat64i32
tolower
strtod
_wcsicmp
wcsncpy
exit
sscanf
_vsnwprintf
_getcwd
abort
??0exception@std@@QAE@XZ
isalpha
fclose
feof
fopen
fread
__libm_sse2_tan
sprintf_s
wcstombs
wcsncmp
_CIasin
strtoul
__libm_sse2_asin
_strtime
_strdate
__libm_sse2_exp
__libm_sse2_log
printf
_wcsnicmp
isspace
sscanf_s
rewind
ftell
fseek
_mkdir
_fpclass
_strupr
strtok
isprint
_mktime64
memcpy_s
strftime
_strtoui64
strcspn
strnlen
_itoa
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_except_handler4_common
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
isalnum
__iob_func
memcmp
strlen
log
pow
strcmp
strcpy
_strtoi64
fgets
fputs
memchr
strcat
fputc
_lseeki64
_fstat64
getenv
strerror
__sys_nerr
_stat64
islower
isupper
_open
_close
_read
qsort

vcomp90

_vcomp_for_static_end
_vcomp_for_dynamic_init
_vcomp_for_dynamic_next
_vcomp_single_begin
_vcomp_single_end
_vcomp_fork
omp_get_thread_num
_vcomp_leave_critsect
omp_get_max_threads
omp_set_num_threads
_vcomp_for_static_simple_init
_vcomp_enter_critsect
_vcomp_barrier

steam_api

SteamRemoteStorage
SteamAPI_RestartAppIfNecessary
SteamAPI_IsSteamRunning
SteamNetworking
SteamAPI_UnregisterCallback
SteamAPI_RegisterCallback
SteamApps
SteamAPI_Shutdown
SteamClient
SteamUtils
SteamAPI_Init
SteamAPI_UnregisterCallResult
SteamUserStats
SteamAPI_RegisterCallResult
SteamAPI_RunCallbacks
SteamGameServer_RunCallbacks
SteamGameServer_Init
SteamGameServer_Shutdown
SteamMatchmakingServers
SteamMatchmaking
SteamGameServerNetworking
SteamGameServer
SteamFriends
SteamUser

shlwapi

PathAppendW
StrToIntW

physxcooking

NxGetCookingParams

winmm

timeSetEvent
waveOutOpen
waveOutUnprepareHeader
waveOutWrite
waveOutClose
waveOutGetDevCapsA
waveOutGetNumDevs
waveInGetNumDevs
waveOutReset
waveOutGetPosition
waveOutPrepareHeader
timeGetTime
timeKillEvent

dinput8

DirectInput8Create

dsound

ord2
ord11

xinput1_3

ord3
ord2

msacm32

acmStreamOpen
acmFormatSuggest
acmStreamUnprepareHeader
acmStreamConvert
acmStreamPrepareHeader
acmStreamSize

wsock32

getpeername
WSASetLastError
__WSAFDIsSet

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z
NvOptimusEnablement

Sections

.text
Size: 8.3MB - Virtual size: 8.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 165KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 719KB - Virtual size: 718KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5366ba6c71d2f5f39beadf13681a6792

Headers

DLL Characteristics

File Characteristics

Imports

dbghelp

binkw32

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp90

msvcr90

vcomp90

steam_api

shlwapi

physxcooking

winmm

dinput8

dsound

xinput1_3

msacm32

wsock32

Exports

Exports

Sections

.text Size: 8.3MB - Virtual size: 8.3MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 165KB - Virtual size: 2.0MB

.rsrc Size: 90KB - Virtual size: 90KB

.reloc Size: 719KB - Virtual size: 718KB

.text
Size: 8.3MB - Virtual size: 8.3MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 165KB - Virtual size: 2.0MB

.rsrc
Size: 90KB - Virtual size: 90KB

.reloc
Size: 719KB - Virtual size: 718KB