ItteBloxPlayerLauncherBeta[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ItteBloxPlayerLauncherBeta.exe
Size

1.4MB
MD5

c51bee070172210574380904002554b0
SHA1

d6433097e757504b21e62e243c95d3d1b5999468
SHA256

a287c3a80970f27349c0173188658538789ecdd76c0ad8fd7951bc3630540f2b
SHA512

4d55d2ee443548ef9e83cec21c240cd424a8f158fcf61cdd5cbbd2b44301480f1e2d9c5f4de66b02fb77709e2a8363ae13006b53bfbcc8d1a7b3a3f808096c67
SSDEEP

24576:VmZLxZS26vc1m/zeZVxeX3ZSZEKsPbTLgQ5mNoFOf4Bb:WTSeyHXJSUDTLFgoW4Bb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ItteBloxPlayerLauncherBeta.exe

Files

ItteBloxPlayerLauncherBeta.exe
.exe windows:5 windows x86 arch:x86

Password: yeno

43a4ee4f059b270f08bc2824ca7bec0a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Trunk2012\Installer\Bootstrapper2013\bin\Release\BootstrapperClient2013.pdb

Imports

kernel32

GetVersionExW
lstrcmpW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
WaitForSingleObject
InterlockedDecrement
ReleaseMutex
CreateMutexW
SetEvent
ResetEvent
OpenEventW
CreateEventW
CloseHandle
CreateEventA
GetSystemTime
WideCharToMultiByte
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
SystemTimeToFileTime
CreateWaitableTimerA
HeapReAlloc
OpenEventA
SetEndOfFile
WriteConsoleW
GetLastError
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
GetFullPathNameW
GetCurrentDirectoryW
SetStdHandle
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetACP
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
SetFilePointerEx
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
LoadLibraryExW
RtlUnwind
InitializeSListHead
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
OutputDebugStringW
IsDebuggerPresent
ExpandEnvironmentStringsA
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
FormatMessageA
VerifyVersionInfoA
LoadLibraryA
MultiByteToWideChar
HeapSize
InitializeCriticalSectionAndSpinCount
GetSystemDirectoryA
InitializeCriticalSectionEx
GetTickCount64
HeapFree
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
TlsAlloc
InterlockedExchange
WaitForMultipleObjects
SleepEx
SetWaitableTimer
SetLastError
VerSetConditionMask
VerifyVersionInfoW
Sleep
TlsGetValue
TlsSetValue
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
TlsFree
GetTickCount
GetModuleHandleA
CreateSemaphoreA
GetSystemTimeAsFileTime
ReleaseSemaphore
LocalFree
GetCurrentThreadId
GetCurrentProcess
GetCurrentThread
DuplicateHandle
LoadLibraryW
FreeLibrary
CreateProcessW
TerminateProcess
GetUserGeoID
GetGeoInfoW
CompareFileTime
FindFirstFileW
FindNextFileW
FindClose
lstrlenW
GetLocalTime
OpenProcess
CreateDirectoryW
GetDiskFreeSpaceExW
SetFileAttributesW
DeleteFileW
RemoveDirectoryW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetTempPathW
GetShortPathNameW
FormatMessageW
CreateFileW
GetFileAttributesW
GetFileAttributesExW
GetFileSizeEx
MulDiv
WaitForSingleObjectEx
GetExitCodeProcess
lstrcpyW
lstrcatW
WriteFile
GetFileTime
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime

user32

LoadBitmapW
CreateWindowExW
SetWindowLongW
ShowWindow
InvalidateRect
GetParent
GetWindowRect
SendMessageW
PostMessageW
SetForegroundWindow
IsWindowVisible
EnableWindow
DestroyWindow
DefWindowProcW
SetTimer
ReleaseDC
GetDC
GetSystemMetrics
RegisterClassW
LoadIconW
EndPaint
FillRect
GetWindowLongW
AllowSetForegroundWindow
CharNextW
CharUpperW
MessageBoxA
KillTimer
CallWindowProcW
GetWindowTextW
EnumWindows
BeginPaint
PostQuitMessage
GetDlgItem
GetMessageW
GetWindowThreadProcessId
PostThreadMessageW
MessageBoxW
SetWindowPos
SetFocus
SetWindowTextW
LoadAcceleratorsW
DispatchMessageW
TranslateAcceleratorW
TranslateMessage

gdi32

SelectObject
CreatePen
SetBkMode
Rectangle
CreateFontW
GetStockObject
CreateSolidBrush
DeleteObject
GetDeviceCaps
SetTextColor

advapi32

RegOpenKeyExW
RegCloseKey
GetUserNameW
RegDeleteKeyW
RegEnumKeyExW
RegDeleteValueW
RegFlushKey
CryptAcquireContextW
CryptCreateHash
CryptReleaseContext
CryptDestroyHash
CryptHashData
IsValidSid
GetLengthSid
CopySid
CryptGetHashParam
OpenProcessToken
OpenThreadToken
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
CheckTokenMembership
DuplicateToken
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptGenRandom
CryptAcquireContextA
GetTokenInformation

shell32

ShellExecuteW
ShellExecuteExW
SHGetFolderPathAndSubDirW

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoCreateGuid
StringFromGUID2

oleaut32

RegisterTypeLi
SysFreeString
SysAllocString
VariantInit
VariantClear

crypt32

CertFreeCertificateContext

wldap32

ord301
ord200
ord30
ord79
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord60
ord211
ord46
ord143
ord35

normaliz

IdnToAscii

shlwapi

StrStrW
StrCmpW
SHDeleteKeyW
StrDupW
StrRChrW
StrCpyW
StrCmpNW
PathAddBackslashW
PathFileExistsW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ws2_32

closesocket
WSACleanup
WSAStartup
WSASetLastError
ioctlsocket
WSAGetLastError
getaddrinfo
setsockopt
connect
getsockopt
__WSAFDIsSet
recv
send
bind
getpeername
getsockname
htons
ntohs
socket
WSAIoctl
accept
listen
recvfrom
sendto
gethostname
htonl
ntohl
freeaddrinfo
select

wininet

InternetCloseHandle
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetSetOptionW
InternetReadFile
InternetQueryDataAvailable
HttpAddRequestHeadersW
InternetOpenW

sensapi

IsNetworkAlive

userenv

UnloadUserProfile

comctl32

InitCommonControlsEx
_TrackMouseEvent

psapi

GetProcessImageFileNameW
EnumProcesses

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 646KB - Virtual size: 645KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 470KB - Virtual size: 470KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: yeno

43a4ee4f059b270f08bc2824ca7bec0a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

crypt32

wldap32

normaliz

shlwapi

version

ws2_32

wininet

sensapi

userenv

comctl32

psapi

iphlpapi

Sections

.text Size: 646KB - Virtual size: 645KB

.rdata Size: 208KB - Virtual size: 208KB

.data Size: 40KB - Virtual size: 44KB

.gfids Size: 1024B - Virtual size: 644B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 470KB - Virtual size: 470KB

.reloc Size: 38KB - Virtual size: 37KB

.text
Size: 646KB - Virtual size: 645KB

.rdata
Size: 208KB - Virtual size: 208KB

.data
Size: 40KB - Virtual size: 44KB

.gfids
Size: 1024B - Virtual size: 644B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 470KB - Virtual size: 470KB

.reloc
Size: 38KB - Virtual size: 37KB