SpaceCadetPinball[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

SpaceCadetPinball.rar
Size

1.1MB
MD5

28dc130c134e737a8f8bd8baeba1a77c
SHA1

5d13709a2ef21f9e06761ae3890210b312d6c16f
SHA256

36654a54b4b92e68237aa412988a3906a5356cfd1aca3cbdc741689e79f2dbbc
SHA512

b14e08457ddb1a9b94b0a8939a93b700f5e9a66c58959556b9f6d9b0eadea3e29681f77c98c406c8db796eaf874c26f475fbe0a483c24be058f1a154fcdbbc5c
SSDEEP

24576:oaSilBJIJILJPVWxay/6ZQQYyQhFOZInbA/4z:PSi3LJUxay8QQEoInp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SpaceCadetPinball/pinball.exe

Files

SpaceCadetPinball.rar
.rar

Password: infect
SpaceCadetPinball/FONT.DAT
SpaceCadetPinball/PINBALL.DAT
SpaceCadetPinball/PINBALL.MID
SpaceCadetPinball/PINBALL2.MID
SpaceCadetPinball/SOUND1.WAV
SpaceCadetPinball/SOUND104.WAV
SpaceCadetPinball/SOUND105.WAV
SpaceCadetPinball/SOUND108.WAV
SpaceCadetPinball/SOUND111.WAV
SpaceCadetPinball/SOUND112.WAV
SpaceCadetPinball/SOUND12.WAV
SpaceCadetPinball/SOUND13.WAV
SpaceCadetPinball/SOUND131.WAV
SpaceCadetPinball/SOUND136.WAV
SpaceCadetPinball/SOUND14.WAV
SpaceCadetPinball/SOUND16.WAV
SpaceCadetPinball/SOUND17.WAV
SpaceCadetPinball/SOUND18.WAV
SpaceCadetPinball/SOUND181.WAV
SpaceCadetPinball/SOUND19.WAV
SpaceCadetPinball/SOUND20.WAV
SpaceCadetPinball/SOUND21.WAV
SpaceCadetPinball/SOUND22.WAV
SpaceCadetPinball/SOUND24.WAV
SpaceCadetPinball/SOUND240.WAV
SpaceCadetPinball/SOUND243.WAV
SpaceCadetPinball/SOUND25.WAV
SpaceCadetPinball/SOUND26.WAV
SpaceCadetPinball/SOUND27.WAV
SpaceCadetPinball/SOUND28.WAV
SpaceCadetPinball/SOUND29.WAV
SpaceCadetPinball/SOUND3.WAV
SpaceCadetPinball/SOUND30.WAV
SpaceCadetPinball/SOUND34.WAV
SpaceCadetPinball/SOUND35.WAV
SpaceCadetPinball/SOUND36.WAV
SpaceCadetPinball/SOUND38.WAV
SpaceCadetPinball/SOUND39.WAV
SpaceCadetPinball/SOUND4.WAV
SpaceCadetPinball/SOUND42.WAV
SpaceCadetPinball/SOUND43.WAV
SpaceCadetPinball/SOUND45.WAV
SpaceCadetPinball/SOUND49.WAV
SpaceCadetPinball/SOUND49D.WAV
SpaceCadetPinball/SOUND5.WAV
SpaceCadetPinball/SOUND50.WAV
SpaceCadetPinball/SOUND528.WAV
SpaceCadetPinball/SOUND53.WAV
SpaceCadetPinball/SOUND54.WAV
SpaceCadetPinball/SOUND55.WAV
SpaceCadetPinball/SOUND560.WAV
SpaceCadetPinball/SOUND563.WAV
SpaceCadetPinball/SOUND57.WAV
SpaceCadetPinball/SOUND58.WAV
SpaceCadetPinball/SOUND6.WAV
SpaceCadetPinball/SOUND65.WAV
SpaceCadetPinball/SOUND68.WAV
SpaceCadetPinball/SOUND7.WAV
SpaceCadetPinball/SOUND713.WAV
SpaceCadetPinball/SOUND735.WAV
SpaceCadetPinball/SOUND8.WAV
SpaceCadetPinball/SOUND827.WAV
SpaceCadetPinball/SOUND9.WAV
SpaceCadetPinball/SOUND999.WAV
SpaceCadetPinball/pinball.exe
.exe windows:5 windows x86 arch:x86

Password: infect

b056bb2d3f3072887b24af9cd64737cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

pinball.pdb

Imports

gdi32

RealizePalette
SelectPalette
CreateCompatibleDC
GetObjectA
GetStockObject
CreateDIBitmap
GetPaletteEntries
DeleteDC
SetPaletteEntries
ResizePalette
GetSystemPaletteEntries
SetSystemPaletteUse
GetDeviceCaps
CreateCompatibleBitmap
BitBlt
CreatePalette
CreateSolidBrush
SelectObject
DeleteObject
SetBkMode
SetTextColor
GetLayout
StretchDIBits
SetLayout

user32

RegisterWindowMessageA
FindWindowA
GetCursorPos
SetCursorPos
PeekMessageA
TranslateMessage
DispatchMessageA
GetMessageA
IsIconic
SetForegroundWindow
GetMenu
PostQuitMessage
PostMessageA
ReleaseCapture
SetCapture
LoadIconA
EndPaint
UnregisterClassA
LoadBitmapA
DestroyWindow
RegisterClassA
CreateWindowExA
GetWindowLongA
DefWindowProcA
UpdateWindow
LoadCursorA
SetCursor
DeleteMenu
DrawMenuBar
SendDlgItemMessageA
MapVirtualKeyA
GetKeyNameTextA
CheckMenuItem
EnableMenuItem
DialogBoxParamA
MessageBoxA
EndDialog
GetDlgItemTextA
ShowWindow
EnableWindow
SetFocus
SendMessageA
GetParent
WinHelpA
GetDlgItem
SetWindowTextA
SetWindowLongA
GetSystemMetrics
GetDC
BeginPaint
InvalidateRect
ChangeDisplaySettingsA
SetWindowPos
RedrawWindow
IsWindowVisible
MoveWindow
FillRect
DialogBoxIndirectParamA
GetWindowTextA
MessageBeep
GetDesktopWindow
GetWindowRect
DrawTextA
ReleaseDC
LoadStringA
wsprintfA
SetMenu

shell32

ShellAboutA

kernel32

TerminateProcess
GetStartupInfoA
GetPrivateProfileIntA
WritePrivateProfileStringA
SizeofResource
GetVersion
LoadLibraryA
GetProcAddress
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
FreeResource
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
_lopen
Sleep
WinExec
GetCurrentThread
SetThreadPriority
GetModuleFileNameA
GetLastError
lstrcmpA
GetModuleHandleA
FindResourceA
LoadResource
LockResource
_hread
GlobalHandle
GlobalUnlock
GlobalReAlloc
GlobalFree
_llseek
_lread
GlobalAlloc
GlobalLock
LocalAlloc
LocalFree
OpenFile
_lclose
lstrcpynA
lstrcatA
lstrlenA
lstrcpyA

comctl32

InitCommonControlsEx

winmm

timeGetTime
sndPlaySoundA
mmioOpenA
mmioClose
mmioDescend
mmioRead
mmioAscend
waveOutPause
waveOutRestart
waveOutWrite
waveOutOpen
waveOutClose
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutReset
waveOutGetPosition
waveOutGetNumDevs
waveOutGetDevCapsA
mciSendCommandA

advapi32

RegOpenKeyA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegQueryValueA

msvcrt

_XcptFilter
_cexit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
_exit
__p__fmode
__set_app_type
_except_handler3
_controlfp
atoi
_c_exit
wcscpy
wcslen
isdigit
isalnum
isspace
_purecall
calloc
rand
??2@YAPAXI@Z
??3@YAXPAX@Z
floor
_CIacos
strstr
exit
_ftol
fopen
fclose
_strnicmp
realloc
free
malloc
sprintf
_itoa
sscanf
_ltoa
__p__commode
memmove
atol

Sections

.text
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SpaceCadetPinball/table.bmp
SpaceCadetPinball/wavemix.inf

Sharing

General

Malware Config

Signatures

Files

Password: infect

Password: infect

b056bb2d3f3072887b24af9cd64737cb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdi32

user32

shell32

kernel32

comctl32

winmm

advapi32

msvcrt

Sections

.text Size: 133KB - Virtual size: 132KB

.data Size: 6KB - Virtual size: 20KB

.rsrc Size: 134KB - Virtual size: 133KB

.text
Size: 133KB - Virtual size: 132KB

.data
Size: 6KB - Virtual size: 20KB

.rsrc
Size: 134KB - Virtual size: 133KB