WormsReloaded[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

WormsReloaded.exe
Size

4.3MB
MD5

9abe25b60840e5527daf1a7f56ea3a6e
SHA1

7142cd1637f83bfad5f3d7eb150040d0864ae4e6
SHA256

9628ae38ef9f76d27f054eeabf7a5e6b7abed7d33f495cb3d30dce269f839c1c
SHA512

9acbe436d8ecce552fcacbcbffa59e1d515d8589e85a91d1b003e8c3393dc086d43600fe64259a39140d310735aa4c2ab23df7c579d39f7676bd53ac7ca44841
SSDEEP

98304:Ljtrm5a1exGFWnNORzOxJM4WssD7OKWnmHPE:NF1QyeNORzOxJM2u79Wnm8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WormsReloaded.exe

Files

WormsReloaded.exe
.exe windows:4 windows x86 arch:x86

61644ab8f7991f4a0e08d94eca1941a3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
CreateMutexA
GetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
CreateThread
GetExitCodeThread
TerminateThread
GetComputerNameA
SetEndOfFile
SetFilePointer
CreateFileA
WriteFile
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ReleaseMutex
GetCurrentProcessId
UnmapViewOfFile
ReadFile
GetFileSize
FreeLibrary
CompareStringA
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryA
SetLastError
RaiseException
InitializeCriticalSection
ResetEvent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WaitForMultipleObjects
GetOverlappedResult
ConnectNamedPipe
CreateNamedPipeA
DisconnectNamedPipe
FlushFileBuffers
CreateEventW
WaitForSingleObject
CloseHandle
SetEvent
OutputDebugStringA
GetLocalTime
FindNextFileW
GetSystemTimeAsFileTime
FindFirstFileW
GetUserDefaultLangID
GetTickCount
GetCurrentThreadId
DeleteFileA

user32

GetKeyboardState
ToAscii
ToUnicode
MapVirtualKeyW
GetClientRect
SwapMouseButton
ScreenToClient
GetCursorPos
MessageBoxW
ShowCursor
MessageBoxA
GetSystemMetrics
EnumDisplaySettingsW
PtInRect
GetWindowRect
ChangeDisplaySettingsA
AdjustWindowRect
ShowWindow
UpdateWindow
GetDC
ReleaseDC
DestroyWindow
ClipCursor
CloseWindow
BeginPaint
EndPaint
PostQuitMessage
SendMessageA
SetWindowPos
TranslateMessage

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$allocator@D@std@@QAE@ABV01@@Z
?max_size@?$allocator@D@std@@QBEIXZ
?allocate@?$allocator@D@std@@QAEPADI@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr80

_CIatan
_CIacos
_CItan
atoi
_localtime64
_time64
memmove_s
bsearch
strcspn
vfprintf
rand
vsprintf
__RTDynamicCast
sscanf
memchr
_strtoui64
clock
_vsnprintf
_snprintf
strstr
_fileno
abort
__iob_func
_wassert
_gmtime64
asctime
_itoa
_ltoa
tolower
toupper
_stricmp
ftell
fseek
_stat64i32
exit
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_CIfmod
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
strncmp
atol
atof
??_V@YAXPAX@Z
_CIatan2
_CIsin
_CIcos
_purecall
memmove
fopen
fclose
vsprintf_s
strchr
malloc
realloc
free
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
_invalid_parameter_noinfo
printf
floor
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_CIsqrt
ceil
sprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
strncpy
memset
memcpy
__CxxFrameHandler3
_heapchk
qsort
fprintf
feof
fread
_mkdir
fwrite
_ismbblead
fflush
_splitpath_s
_makepath_s
_splitpath
isspace
strrchr
_CIpow
modf
_atoi64
strtok
calloc
_except_handler3
_beginthreadex
getenv
_filelength

steam_api

SteamUtils
SteamFriends
SteamUser
SteamClient
SteamAPI_Init
SteamAPI_RestartAppIfNecessary
SteamAPI_RunCallbacks
SteamApps
SteamMatchmaking
SteamAPI_UnregisterCallback
SteamNetworking
SteamAPI_RegisterCallback
SteamUserStats
SteamAPI_RegisterCallResult
SteamAPI_UnregisterCallResult
SteamAPI_Shutdown

opengl32

glMultMatrixf
glGetFloatv
glTranslatef
glLightModeli
glGetError
glGetBooleanv
glClearColor
glClearDepth
glClearStencil
wglDeleteContext
wglMakeCurrent
wglCreateContext
wglGetCurrentContext
glDrawArrays
glDrawElements
glCallList
glTexCoordPointer
glVertexPointer
glNormalPointer
glColorPointer
glColor3fv
glPolygonOffset
glLightfv
glLightf
glTexImage2D
glPixelStorei
glTexParameterf
glTexEnvfv
glColorMaterial
glMaterialfv
glMaterialf
glAlphaFunc
glStencilOp
glStencilFunc
glDepthRange
glShadeModel
glCullFace
glPointSize
glLineWidth
glLineStipple
glLightModelfv
glDisableClientState
glEnableClientState
glColor4f
wglShareLists
glTexGeni
glPolygonMode
glColor4fv
glVertex2i
glReadPixels
glFinish
glEnd
glVertex2f
glBegin
glGetIntegerv
glViewport
glDeleteTextures
glPopAttrib
glPopMatrix
glColor4ub
glVertex3f
glTexCoord2f
glNormal3f
glScalef
glBlendFunc
glTexEnvi
glTexParameteri
glDepthMask
glEnable
glDisable
glClear
glOrtho
glLoadIdentity
glPushMatrix
glMatrixMode
glCopyTexImage2D
glBindTexture
glPushAttrib
glGenTextures
wglGetProcAddress
glGetString
glLoadMatrixf
glDepthFunc
wglGetCurrentDC
glGenLists
glNewList
glEndList
glDeleteLists
glReadBuffer

dsound

ord11

dinput8

DirectInput8Create

ws2_32

inet_addr
gethostbyname
getservbyname
WSASend
closesocket
shutdown
ntohs
WSAGetLastError
connect
ioctlsocket
socket
htons
listen
bind
accept
__WSAFDIsSet
select
send
recv
recvfrom
WSACreateEvent
WSARecv
WSAGetOverlappedResult
gethostname
inet_ntoa
WSASetLastError
WSAStartup
WSACleanup
sendto
setsockopt

gdi32

DeleteDC
GetStockObject
ChoosePixelFormat
SetPixelFormat
GetPixelFormat
DescribePixelFormat
SwapBuffers
GetDeviceCaps

advapi32

RegCloseKey
GetUserNameA

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 820KB - Virtual size: 816KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 156KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

GUIDsect
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 352KB - Virtual size: 349KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61644ab8f7991f4a0e08d94eca1941a3

Headers

File Characteristics

Imports

kernel32

user32

msvcp80

msvcr80

steam_api

opengl32

dsound

dinput8

ws2_32

gdi32

advapi32

ole32

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 820KB - Virtual size: 816KB

.data Size: 156KB - Virtual size: 1.9MB

GUIDsect Size: 4KB - Virtual size: 3KB

.rsrc Size: 352KB - Virtual size: 349KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 820KB - Virtual size: 816KB

.data
Size: 156KB - Virtual size: 1.9MB

GUIDsect
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 352KB - Virtual size: 349KB