kakurenbo[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

kakurenbo.exe
Size

1.0MB
MD5

fb78353200fe5644bc04ecfd747d21ba
SHA1

192f32f7bc999f6e8c94ff78f5bb5dcac400cc21
SHA256

ced10e0b1f75529da4040bd9fa5518c3cfe208c722a13e57b2567dcb259b2f71
SHA512

8c5b0eed9c689e8b3ca783f00ace9b545aa0ba53c6c28daf6aadd887600b224907730c09491dab92573c66e0eae1b842284deb571467873225dcbb13c5d89d59
SSDEEP

12288:DFbwo3x7PePw4UxZ9EK9EYvaFZ5kYlkpLSGxfyqk89LrVdn3STH4l+sfeuLD1+wM:B0oBcWXIZ5vlkpmfqk0XVtMH4zXj7g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
kakurenbo.exe

Files

kakurenbo.exe
.exe windows:5 windows x86 arch:x86

0c03d74fe5498fe826e87024da37aa68

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmAssociateContext

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

FindNextFileA
FindClose
FindFirstFileA
LoadLibraryA
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
WritePrivateProfileStringA
GetPrivateProfileStringA
IsBadReadPtr
CreateEventA
Sleep
GetDriveTypeA
FreeLibrary
SetErrorMode
GetPrivateProfileIntA
GetComputerNameA
InitializeCriticalSection
DeleteFileA
CloseHandle
GetProcAddress
MoveFileA
GetLocalTime
SetFileAttributesA
CopyFileA
SetCurrentDirectoryA
ReadFile
WriteFile
GetThreadPriority
VirtualAlloc
CreateSemaphoreA
VirtualFree
GetSystemInfo
ReleaseSemaphore
MulDiv
lstrcmpW
CreateFileW
WriteConsoleW
HeapReAlloc
RtlUnwind
SetFilePointer
GetFileSize
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LCMapStringW
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
HeapCreate
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameW
LoadLibraryW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCurrentThread
GetCurrentThreadId
SetLastError
TlsFree
GetCurrentDirectoryA
CreateFileA
DeleteCriticalSection
lstrlenA
MultiByteToWideChar
GetCurrentProcessId
GetModuleHandleA
VerSetConditionMask
VerifyVersionInfoA
ResetEvent
WaitForMultipleObjects
SetThreadPriority
lstrcpyA
CreateThread
ExitThread
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
SetEvent
GetLastError
lstrcpynA
CreateDirectoryA
GetVersionExA
lstrcmpiA
CreateMutexA
GetACP
EncodePointer
DecodePointer
ResumeThread
GetModuleHandleW
ExitProcess
GetCommandLineA
HeapSetInformation
GetStartupInfoW
HeapFree
HeapAlloc
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
IsProcessorFeaturePresent
HeapSize
TlsAlloc
TlsGetValue
TlsSetValue

user32

ReleaseDC
RegisterWindowMessageA
FillRect
LoadIconA
GetDesktopWindow
SetCursor
wsprintfA
CreateWindowExA
SetRect
MsgWaitForMultipleObjects
MessageBoxA
LoadCursorFromFileA
SetCursorPos
GetDC
GetQueueStatus
PostThreadMessageA
GetMessageA
IntersectRect
InvalidateRect
AdjustWindowRectEx
GetCursorPos
SetWindowPos
GetWindowLongA
SetWindowLongA
GetMonitorInfoA
ScreenToClient
GetClientRect
DefWindowProcA
wvsprintfA
MoveWindow
LoadCursorA
UpdateWindow
SetWindowTextA
GetSystemMetrics
ReleaseCapture
PostMessageA
GetActiveWindow
SetMenu
ShowWindow
GetWindowTextA
GetMenu
GetCapture
BeginPaint
SendMessageA
GetWindowTextLengthA
SetFocus
GetFocus
SetForegroundWindow
SetCapture
GetWindowDC
PostQuitMessage
RegisterClassExA
SetActiveWindow
GetWindowRect
GetSystemMenu
DestroyWindow
ClientToScreen
EndPaint
DispatchMessageA
PeekMessageA
TranslateMessage
IsDialogMessageA

gdi32

GetTextMetricsA
CreateCompatibleDC
SelectObject
CreateDIBSection
DeleteObject
DeleteDC
GetGlyphOutlineA
EnumFontFamiliesExA
CreateSolidBrush
BitBlt
GetObjectA
CreateFontIndirectA

advapi32

RegQueryInfoKeyA
RegCreateKeyExA
RegEnumKeyExA
GetUserNameA
RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderPathA

ole32

CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CreateItemMoniker
GetRunningObjectTable
CoFreeUnusedLibraries
CoCreateInstance
CoInitializeEx
CoUninitialize

msacm32

acmDriverOpen
acmFormatTagDetailsA
acmDriverClose
acmDriverEnum
acmMetrics
acmFormatSuggest
acmStreamOpen
acmStreamSize
acmStreamPrepareHeader
acmStreamConvert
acmStreamUnprepareHeader
acmStreamClose
acmDriverDetailsA

dsound

ord1

gdiplus

GdiplusStartup
GdipCloneImage
GdipSaveImageToFile
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipFree
GdipAlloc
GdiplusShutdown
GdipGetImageEncodersSize

winmm

timeKillEvent
timeSetEvent
timeEndPeriod
timeBeginPeriod
timeGetTime

d3d9

Direct3DCreate9

d3dx9_42

D3DXCheckVersion
D3DXGetImageInfoFromFileInMemory
D3DXCreateFontA
D3DXCreateFontIndirectA
D3DXLoadSurfaceFromFileInMemory

dinput8

DirectInput8Create

Sections

.text
Size: 589KB - Virtual size: 589KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 848KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c03d74fe5498fe826e87024da37aa68

Headers

DLL Characteristics

File Characteristics

Imports

imm32

version

kernel32

user32

gdi32

advapi32

shell32

ole32

msacm32

dsound

gdiplus

winmm

d3d9

d3dx9_42

dinput8

Sections

.text Size: 589KB - Virtual size: 589KB

.rdata Size: 150KB - Virtual size: 149KB

.data Size: 132KB - Virtual size: 848KB

.rsrc Size: 163KB - Virtual size: 163KB

.text
Size: 589KB - Virtual size: 589KB

.rdata
Size: 150KB - Virtual size: 149KB

.data
Size: 132KB - Virtual size: 848KB

.rsrc
Size: 163KB - Virtual size: 163KB