6c8db86f532561b05616871210eca5557d1dd772842cb0d71925c62a7051e148[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

6c8db86f532561b05616871210eca5557d1dd772842cb0d71925c62a7051e148.exe
Size

6.6MB
MD5

6ee8471ab95c2e18bd6783e51ed5346b
SHA1

f85cc8fbd0fb334db80b74d5b128c9ade230abf8
SHA256

6c8db86f532561b05616871210eca5557d1dd772842cb0d71925c62a7051e148
SHA512

f16f82b0b4afea0fc7159f8f1c9c5f06fd9e08618ee90116a5a615740c41153cf9b778cf3956abf13c3478a995dff70195b166456c034e3ffda711c1a9f005a2
SSDEEP

196608:09xTAr3jizw5jtpixTMIV++6gXzhJLMkh3IL2hH:0zgpIV+g9JbBIkH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6c8db86f532561b05616871210eca5557d1dd772842cb0d71925c62a7051e148.exe

Files

6c8db86f532561b05616871210eca5557d1dd772842cb0d71925c62a7051e148.exe
.exe windows:6 windows x86 arch:x86

09960e0610c23a28d4477c9a3fda2b21

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\WarZ2\src\RSUpdate\Release\RSUpdate.pdb

Imports

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx
D3DXCreateCubeTextureFromFileInMemoryEx
D3DXCreateVolumeTextureFromFileInMemoryEx
D3DXCreateFontA
D3DXSaveSurfaceToFileA
D3DXGetImageInfoFromFileInMemory
D3DXCreateTextureFromFileInMemory

d3d9

Direct3DCreate9

kernel32

FreeLibrary
CreateFileW
GetFileSize
WriteFile
ReadFile
GetFileTime
FormatMessageA
GetComputerNameA
SetEnvironmentVariableA
OutputDebugStringW
WriteConsoleW
LCMapStringW
CompareStringW
HeapReAlloc
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FindFirstFileExW
FlushFileBuffers
SetStdHandle
ReadConsoleW
SetFilePointerEx
GetStringTypeW
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetConsoleMode
GetCPInfo
IsValidCodePage
GetOEMCP
GetACP
GetTickCount
GetLocalTime
GetSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
CreateThread
GetCurrentThreadId
CreateFileA
GetFileAttributesA
SetFileAttributesA
CreateDirectoryA
FindClose
SetFileAttributesW
CreateDirectoryW
GetFileAttributesW
SetFilePointer
DeleteFileW
MoveFileW
GetModuleFileNameW
GetTempPathA
GetTempPathW
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalMemoryStatusEx
LoadLibraryA
GetProcAddress
GetCurrentDirectoryW
GetFullPathNameW
GetVersionExA
MultiByteToWideChar
GetModuleFileNameA
GetConsoleCP
DeleteCriticalSection
LocalFree
GetLastError
InitializeCriticalSection
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
UnhandledExceptionFilter
SetLastError
GetStartupInfoW
GetStdHandle
GetFileAttributesExW
HeapSize
AreFileApisANSI
ExitProcess
PeekNamedPipe
GetFileType
GetFileInformationByHandle
FileTimeToLocalFileTime
GetProcessHeap
RaiseException
GetModuleHandleExW
RtlUnwind
GetCommandLineA
HeapFree
HeapAlloc
IsProcessorFeaturePresent
LoadLibraryExW
ExitThread
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
CopyFileA
VirtualAlloc
Module32Next
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
SetUnhandledExceptionFilter
CreateFileMappingA
UnmapViewOfFile
MulDiv
GetCurrentThread
TryEnterCriticalSection
DuplicateHandle
MapViewOfFile
GetSystemInfo
SetEndOfFile
GetModuleHandleA
SizeofResource
LockResource
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
LoadResource
FindResourceA
MoveFileA
DeleteFileA
SetConsoleTitleA
AllocConsole
Sleep
GlobalUnlock
GlobalLock
GetExitCodeProcess
GetCurrentProcess
TerminateProcess
GetCurrentDirectoryA
GetFullPathNameA
CreateEventA
SetEvent
OutputDebugStringA
OpenEventA
LeaveCriticalSection
EnterCriticalSection
CloseHandle
TerminateThread
WaitForSingleObject
IsDebuggerPresent

user32

SendMessageA
SetFocus
ShowCursor
InvalidateRect
EndPaint
BeginPaint
UpdateWindow
GetActiveWindow
ChangeClipboardChain
SetClipboardViewer
CreateWindowExA
RegisterClassA
PostQuitMessage
PeekMessageW
GetMessageW
ClientToScreen
GetClientRect
MessageBoxA
LoadIconA
LoadCursorA
LoadStringW
SetRect
AdjustWindowRect
GetWindowLongA
SetWindowPos
ClipCursor
ReleaseCapture
GetCursorPos
GetWindowRect
SetCapture
DefWindowProcA
SetWindowLongA
SetWindowTextA
ShowWindow
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
GetCaretBlinkTime
GetFocus
GetKeyState
OpenClipboard
GetClipboardData
CloseClipboard
GetAsyncKeyState
SwitchToThisWindow

gdi32

CreateDIBSection
MoveToEx
SetTextAlign
ExtTextOutA
SetBkColor
SetMapMode
SetTextColor
DeleteDC
GetDeviceCaps
CreateICA
GetStockObject
CreateCompatibleDC
CreateFontA
CreatePen
DeleteObject
GetTextExtentPoint32A
LineTo
SelectObject

advapi32

GetUserNameA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
CryptExportKey
CryptDestroyKey
CryptGetUserKey
CryptEnumProvidersA
CryptGetProvParam
CryptAcquireContextW
RegOpenKeyExA

shell32

SHGetFolderPathA
ShellExecuteA
ShellExecuteExA

ole32

CoCreateInstance
CoInitializeEx
CoInitialize

oleaut32

SysFreeString
SysAllocString

iphlpapi

GetAdaptersInfo

dbghelp

MakeSureDirectoryPathExists
MiniDumpWriteDump

ws2_32

getsockopt
setsockopt
ioctlsocket
WSAGetLastError
socket
WSAStartup
ntohs
inet_ntoa
getsockname
gethostbyname
inet_addr
htons
connect
select
__WSAFDIsSet
bind
closesocket
shutdown
recv
send

dinput8

DirectInput8Create

crypt32

CertCreateCertificateContext
CertGetCertificateContextProperty
CryptDecodeObject
CertSetCertificateContextProperty
CertDuplicateCertificateContext
CertNameToStrW
CertEnumCertificatesInStore
CryptEncryptMessage
CryptEncodeObject
CryptDecryptMessage
CertCloseStore
CertOpenStore
CertGetSubjectCertificateFromStore
CryptMsgControl
CryptMsgGetParam
CryptMsgClose
CryptMsgUpdate
CryptMsgOpenToDecode
CertFreeCertificateContext

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 701KB - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 97KB - Virtual size: 783KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09960e0610c23a28d4477c9a3fda2b21

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3dx9_43

d3d9

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

iphlpapi

dbghelp

ws2_32

dinput8

crypt32

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 701KB - Virtual size: 700KB

.data Size: 97KB - Virtual size: 783KB

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 3KB - Virtual size: 3KB

.rsrc Size: 3.9MB - Virtual size: 3.9MB

.reloc Size: 81KB - Virtual size: 81KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 701KB - Virtual size: 700KB

.data
Size: 97KB - Virtual size: 783KB

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 3.9MB - Virtual size: 3.9MB

.reloc
Size: 81KB - Virtual size: 81KB