71091d70edaff984f3a404a9a11540b8

Sharing

Copy URL Twitter E-mail

General

Target

71091d70edaff984f3a404a9a11540b8
Size

3.3MB
MD5

71091d70edaff984f3a404a9a11540b8
SHA1

7477bffeb2086a678cc5ac08f67d000608d65e58
SHA256

e787259c15efd8f63009164f7c1b53a4516f97d13401b912a3564c838094fd7b
SHA512

f384de5b5da8b039da78e5c903212e62c21f2a2237c80f62989e3fd45fa7176a25e88cef324d48d3535fe66ac0ec9d5355346d78717b8d4cab73d5c995332104
SSDEEP

49152:Vk/ICD9c6m3vvVZ++juE1MGylKjFpYg3YxUlS37N7Er8b5U6BYp4kF9rP:VkAGc6yH++juvhE49r1bbucArFJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
71091d70edaff984f3a404a9a11540b8

Files

71091d70edaff984f3a404a9a11540b8
.exe windows:4 windows x86 arch:x86

72cad0ccc32f585c6594d2ff7cb46d37

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

winmm

timeEndPeriod
timeBeginPeriod
timeGetTime
mciSendStringA

mss32

_AIL_set_sample_volume@8
_AIL_start_sample@4
_AIL_init_sample@4
_AIL_stream_status@4
_AIL_serve@0
_AIL_set_stream_volume@8
_AIL_allocate_sample_handle@4
_AIL_waveOutClose@4
_AIL_get_preference@4
_AIL_digital_configuration@16
_AIL_stream_volume@4
_AIL_stream_position@4
_AIL_set_stream_loop_count@8
_AIL_open_stream@12
_AIL_start_stream@4
_AIL_set_stream_position@8
_AIL_HWND@0
_AIL_set_sample_file@12
_AIL_set_sample_loop_count@8
_AIL_service_stream@8
_AIL_sample_volume@4
_AIL_pause_stream@8
_AIL_waveOutOpen@16
_AIL_stop_sample@4
_AIL_sample_status@4
_AIL_resume_sample@4
_AIL_close_stream@4
_AIL_end_sample@4
_AIL_shutdown@0
_AIL_startup@0
_AIL_set_preference@8

smackw32

_SmackSoundUseMSS@4
_SmackDoFrame@4
_SmackToBuffer@28
_SmackGoto@8
_SmackUseMMX@4
_SmackOpen@12
_SmackVolumePan@16
_SmackToBufferRect@8
_SmackNextFrame@4
_SmackWait@4
_SmackClose@4

ddraw

DirectDrawCreate

wsock32

closesocket
inet_addr
gethostname
inet_ntoa
bind
htonl
WSAStartup
gethostbyname
htons
socket

kernel32

Sleep
GetStringTypeW
IsBadCodePtr
GlobalLock
GlobalAlloc
SetLastError
GetFileAttributesA
DeleteCriticalSection
CloseHandle
GetLastError
CreateEventA
GetDriveTypeA
GetLogicalDrives
GetDiskFreeSpaceA
TlsGetValue
EnumSystemLocalesA
GetACP
DeleteFileA
GetVersionExA
ReadFile
WaitForSingleObject
SetEvent
GetModuleFileNameA
GetFileTime
CreateFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
WriteFile
FindClose
FindFirstFileA
FindNextFileA
SetUnhandledExceptionFilter
HeapSize
FlushFileBuffers
SetHandleCount
GetStdHandle
HeapDestroy
HeapCreate
GetOEMCP
VirtualFree
VirtualAlloc
IsBadWritePtr
SetStdHandle
SetEndOfFile
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
HeapAlloc
GetUserDefaultLCID
GetSystemTime
InitializeCriticalSection
LeaveCriticalSection
GetLocaleInfoW
EnterCriticalSection
GetCurrentThreadId
GetTimeZoneInformation
SetFilePointer
GetCurrentDirectoryA
SetEnvironmentVariableA
GetCurrentProcess
TerminateProcess
HeapReAlloc
GetFullPathNameA
RtlUnwind
ExitProcess
WideCharToMultiByte
InterlockedIncrement
MultiByteToWideChar
InterlockedExchange
InterlockedDecrement
RaiseException
OpenFile
_llseek
_lclose
IsBadReadPtr
_lread
GlobalUnlock
GlobalFree
GlobalHandle
LoadLibraryA
HeapFree
SetCurrentDirectoryA
GetVersion
GetStartupInfoA
TlsAlloc
CompareStringW
CompareStringA
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
GetProcAddress
GetModuleHandleA
ResumeThread
ExitThread
TlsSetValue
CreateThread
GetFileType
GetLocalTime

user32

DispatchMessageA
TranslateMessage
GetWindowLongA
GetMessageA
LoadIconA
RegisterClassA
AdjustWindowRect
CreateWindowExA
LoadCursorA
SetCursor
SetMenu
DestroyMenu
PostMessageA
SetCapture
ReleaseCapture
GetKeyState
MessageBoxA
OffsetRect
ClientToScreen
CheckMenuItem
IsIconic
ShowWindow
SetForegroundWindow
LoadMenuA
DefWindowProcA
DialogBoxParamA
WinHelpA
GetDesktopWindow
EnableMenuItem
EndDialog
DrawMenuBar
GetClientRect
BeginPaint
MoveWindow
EndPaint
AdjustWindowRectEx
SetWindowLongA
GetDC
ReleaseDC
GetWindowThreadProcessId
GetForegroundWindow
MessageBeep
UnionRect
GetCursorPos
ScreenToClient
wsprintfA
IsRectEmpty
ShowCursor
GetMenuItemID
IntersectRect
GetMenuItemCount
DestroyWindow
GetSubMenu
PostQuitMessage
GetWindowRect
PeekMessageA

gdi32

CreateCompatibleDC
SelectObject
DeleteDC
DeleteObject
GetDeviceCaps
GdiSetBatchLimit

advapi32

RegQueryValueExA
RegCreateKeyA
RegCloseKey
RegOpenKeyExA
RegSetValueExA

shell32

ShellExecuteA

ole32

CoCreateInstance
CoInitialize

binkw32

_BinkPause@8
_BinkOpen@8
_BinkClose@4
_BinkDDSurfaceType@4
_BinkCopyToBuffer@28
_BinkDoFrame@4
_BinkGoto@12
_BinkNextFrame@4
_BinkGetSummary@8
_BinkWait@4
_BinkGetRects@8
_BinkSetSoundSystem@8
_BinkOpenMiles@4

ifc20

?reset@CImmMouse@@MAEXXZ
?prepare_device@CImmMouse@@MAEHXZ
?SwitchToAbsoluteMode@CImmMouse@@UAEHH@Z
?ChangeScreenResolution@CImmMouse@@UAEHHKK@Z
?GetDevice@CImmMouse@@UAEPAUIFeelitDevice@@XZ
?GetAPI@CImmMouse@@UAEPAUIFeelit@@XZ
?LoadProjectFromMemory@CImmProject@@QAEHPAXPAVCImmDevice@@@Z
?Initialize@CImmMouse@@QAEHPAX0K@Z
??0CImmMouse@@QAE@XZ
?m_dwErrHandlingFlags@CIFCErrors@@0KA
??1CImmMouse@@UAE@XZ
??1CImmProject@@QAE@XZ
?Close@CImmProject@@QAEXXZ
?SetRect@CImmEnclosure@@QAEHPBUtagRECT@@@Z
?Start@CImmCompoundEffect@@QAEHKK@Z
?CreateEffect@CImmProject@@QAEPAVCImmCompoundEffect@@PBDPAVCImmDevice@@K@Z
?DestroyEffect@CImmProject@@QAEXPAVCImmCompoundEffect@@@Z
?Start@CImmEnclosure@@UAEHK@Z
?Stop@CImmEnclosure@@UAEHXZ
?Start@CImmEffect@@UAEHKKH@Z
?InitializeFromProject@CImmEffect@@UAEHAAVCImmProject@@PBDPAVCImmDevice@@K@Z
?Initialize@CImmEnclosure@@UAEHPAVCImmDevice@@ABUFEELIT_EFFECT@@K@Z
?GetIsCompatibleGUID@CImmEnclosure@@UAEHAAU_GUID@@@Z
?Initialize@CImmEnclosure@@QAEHPAVCImmDevice@@PBUtagRECT@@JJKKKKKKPAVCImmEffect@@JK@Z
??0CImmEnclosure@@QAE@XZ
??1CImmEnclosure@@UAE@XZ

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 208KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 508KB - Virtual size: 504KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 176KB - Virtual size: 33.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

72cad0ccc32f585c6594d2ff7cb46d37

Headers

File Characteristics

Imports

version

winmm

mss32

smackw32

ddraw

wsock32

kernel32

user32

gdi32

advapi32

shell32

ole32

binkw32

ifc20

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 144KB - Virtual size: 142KB

.data Size: 208KB - Virtual size: 315KB

.rsrc Size: 40KB - Virtual size: 336KB

.text Size: 508KB - Virtual size: 504KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 176KB - Virtual size: 33.6MB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 144KB - Virtual size: 142KB

.data
Size: 208KB - Virtual size: 315KB

.rsrc
Size: 40KB - Virtual size: 336KB

.text
Size: 508KB - Virtual size: 504KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 176KB - Virtual size: 33.6MB