b7d5925b4731f699be26404132ee7a26

Sharing

Copy URL

Twitter E-mail

General

Target

b7d5925b4731f699be26404132ee7a26
Size

3.0MB
MD5

b7d5925b4731f699be26404132ee7a26
SHA1

5dec1ebabecf8e8cd047d0ab038278fa702693c4
SHA256

2ca7b4110462f25efead93531f4629e775b680eb6b3691392438836157d534df
SHA512

8afc87fde6670c6a83ca320da336a6be9964a7e9ff4f5c5255cc9bb7972b7b72237515785e7b0591c7a68b090a159321b3a45562059975780e0912c0cffe2638
SSDEEP

49152:Na4Im+kJ7SeDL0f0DmNkQ+mGOZaCypfNOQ4htu9//GzJFAGu37:NaVkJjD4f0DmNkQ+mGO8CyDL4hi/0JFQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7d5925b4731f699be26404132ee7a26

Files

b7d5925b4731f699be26404132ee7a26
.exe windows:4 windows x86 arch:x86

476001e6a163c2cf45f3f59642af0877

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyA
RegCloseKey
RegCreateKeyExA
RegOpenKeyA
RegSetValueExA
RegQueryValueExA

dinput8

DirectInput8Create

gdi32

EnumFontFamiliesA
AddFontResourceA
CreateCompatibleBitmap
GetObjectA
SelectPalette
RealizePalette
GetDIBits
GetSystemPaletteEntries
CreatePalette
GetDeviceCaps
BitBlt
ExtTextOutA
GetTextExtentPoint32A
CreateDIBSection
SetTextColor
SetBkColor
SetTextAlign
SetMapMode
DeleteDC
CreateCompatibleDC
CreateFontA
SelectObject
DeleteObject
GetStockObject
SetBkMode
SetROP2
CreateDCA

imm32

ImmIsIME
ImmGetContext
ImmSetStatusWindowPos
ImmReleaseContext
ImmAssociateContext

kernel32

InterlockedDecrement
GlobalUnlock
GlobalLock
GlobalReAlloc
GetTempFileNameA
CreateProcessA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetEvent
CreateEventA
GetSystemTime
WaitForSingleObject
GetCurrentProcessId
SetEndOfFile
SetLastError
GetCurrentProcess
GetCurrentThreadId
OutputDebugStringA
CopyFileA
GetWindowsDirectoryA
CreateMutexA
GetDriveTypeA
GetProcAddress
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
OpenProcess
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
LCMapStringW
InterlockedIncrement
GetOEMCP
GetACP
GetCPInfo
TlsAlloc
HeapSize
ExitThread
TlsGetValue
TlsSetValue
GetVersion
GetCommandLineA
GetStartupInfoA
MoveFileA
GetFileAttributesA
RaiseException
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
GetTimeZoneInformation
ExitProcess
RtlUnwind
InterlockedExchange
LocalAlloc
GetSystemDirectoryA
HeapAlloc
HeapReAlloc
LocalFree
GetVolumeInformationA
FindFirstChangeNotificationA
FindCloseChangeNotification
OpenEventA
WaitForMultipleObjects
FindNextChangeNotification
GetVersionExA
LoadLibraryA
FreeLibrary
GetPrivateProfileIntA
GetPrivateProfileStringA
CreateFileMappingA
MapViewOfFile
CreateThread
UnmapViewOfFile
GetCurrentDirectoryA
FindFirstFileA
FindClose
lstrcpynA
Sleep
GetTickCount
lstrcpyA
GetLastError
lstrcatA
DeleteFileA
GetLocalTime
SetFilePointer
GetFileSize
GlobalAlloc
GlobalFree
ReadFile
GetModuleFileNameA
WriteFile
CreateFileA
CloseHandle
QueryPerformanceFrequency
QueryPerformanceCounter
MulDiv
lstrcmpA
lstrlenA
SetCurrentDirectoryA
GetProcessHeap
HeapFree
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
GetModuleHandleA
LCMapStringA
TerminateProcess
CreateFileW
lstrcmpiA
FlushFileBuffers
GetFullPathNameA

oleaut32

VariantChangeType
VariantCopy
VariantInit
SysAllocString
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear

shell32

ShellExecuteA

user32

GetKeyboardLayout
CallWindowProcA
SetFocus
SetWindowTextA
MoveWindow
GetWindowTextA
CharLowerA
wsprintfA
MessageBoxA
GetActiveWindow
CreateWindowExA
SetWindowLongA
SendMessageA
GetDC
ReleaseDC
wvsprintfA
DefWindowProcA
GetClientRect
PostQuitMessage
ShowCursor
GetCursorPos
SetRectEmpty
EqualRect
GetAsyncKeyState
SetCursorPos
ClientToScreen
GetWindowThreadProcessId
GetClassNameA
PtInRect
IsWindowVisible
CharUpperA
EnumWindows
SetCursor
GetCursor
DestroyWindow
ClipCursor
GetWindowRect
ShowWindow
UpdateWindow
GetSystemMetrics
EndPaint
BeginPaint
RegisterClassA
LoadCursorA
GetClassInfoA
RemovePropA
SetPropA
GetPropA
UnregisterClassA
CopyRect
IsRectEmpty
GetDoubleClickTime
ScreenToClient
ChangeDisplaySettingsA
EnumDisplaySettingsA
AdjustWindowRect
FlashWindow
RegisterClassExA
LoadIconA
DispatchMessageA
PeekMessageA
SetActiveWindow
SetRect
GetParent
TranslateMessage

winmm

PlaySoundA
timeGetTime

wsock32

WSAStartup
gethostname
inet_addr
WSACleanup
closesocket
WSAAsyncSelect
connect
setsockopt
WSAGetLastError
socket
htons
ioctlsocket
recv
inet_ntoa
ntohs
send
htonl
ntohl
gethostbyname

d3d8

Direct3DCreate8

mss32

_AIL_quick_halt@4
_AIL_end_3D_sample@4
_AIL_pause_stream@8
_AIL_set_3D_sample_volume@8
_AIL_set_stream_volume_levels@12
_AIL_quick_play@8
_AIL_start_3D_sample@4
_AIL_set_stream_position@8
_AIL_start_stream@4
_AIL_quick_status@4
_AIL_3D_sample_status@4
_AIL_stream_status@4
_AIL_file_read@8
_AIL_file_type@8
_AIL_quick_set_volume@12
_AIL_WAV_info@8
_AIL_decompress_ADPCM@12
_AIL_quick_load_mem@8
_AIL_allocate_3D_sample_handle@4
_AIL_set_3D_sample_file@8
_AIL_open_stream@12
_AIL_set_stream_loop_count@8
_AIL_mem_free_lock@4
_AIL_quick_unload@4
_AIL_release_3D_sample_handle@4
_AIL_close_stream@4
_AIL_set_3D_position@16
_AIL_shutdown@0
_AIL_set_redist_directory@4
_AIL_startup@0
_AIL_quick_startup@20
_AIL_set_3D_sample_loop_count@8
_AIL_set_3D_orientation@28
_AIL_open_3D_listener@4
_AIL_open_3D_provider@4
_AIL_enumerate_3D_providers@12
_AIL_set_DirectSound_HWND@8
_AIL_set_digital_master_room_type@8
_AIL_quick_handles@12
_AIL_decompress_ASI@24

ole32

CoInitialize
CoUninitialize
CLSIDFromString
CoCreateInstance

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 215KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 55KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

476001e6a163c2cf45f3f59642af0877

Headers

File Characteristics

Imports

advapi32

dinput8

gdi32

imm32

kernel32

oleaut32

shell32

user32

winmm

wsock32

d3d8

mss32

ole32

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.data Size: 215KB - Virtual size: 216KB

Size: 55KB - Virtual size: 1.3MB

.rsrc Size: 28KB - Virtual size: 28KB

.idata Size: 7KB - Virtual size: 8KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 215KB - Virtual size: 216KB

.rsrc
Size: 28KB - Virtual size: 28KB

.idata
Size: 7KB - Virtual size: 8KB