SporeApp[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SporeApp.exe
Size

38.8MB
MD5

f26ed9d6063f176c6f8b944eb0b7d0eb
SHA1

454eafaaaf95626c65b4424b5bd3782b672cdf81
SHA256

b56420e3c542b32c01cb445430aa92a43d97ce2942ee6fd378a89d96f31f012a
SHA512

e3680b315f8629650fc71bf7397576ec024c68c97ed6ba1b65f7e4d72835c48c83bf802406b929a6d22b44e2c0e248210e7fa7ca92f3fa012375473e93a5ae11
SSDEEP

393216:HqHjywvOKw8YHdDJ+faQJ/kxSwc+V42ZhwKK4X8bhYZZ:H6uSudF+fHEcy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SporeApp.exe

Files

SporeApp.exe
.exe windows:4 windows x86 arch:x86

475014e862a684120c7ed6522ecc6247

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
GetProcessHeap
HeapAlloc
GetCommandLineA
GetCurrentProcessId
LoadLibraryW
GetProcAddress
FreeLibrary
TlsAlloc
TlsFree
TlsSetValue
SetProcessAffinityMask
OpenProcess
GetSystemDirectoryW
GetVersionExW
SetThreadExecutionState
GetLocaleInfoW
EnumResourceNamesA
ExitProcess
GetCurrentDirectoryA
DeleteFileA
MoveFileA
GetProcessTimes
GetFullPathNameA
FlushConsoleInputBuffer
FindFirstFileA
FindNextFileA
SuspendThread
GetThreadContext
GlobalMemoryStatus
SetLastError
GetComputerNameA
GetStdHandle
GetFileType
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentThreadId
CreateFileA
IsDebuggerPresent
FormatMessageA
InterlockedExchange
ReleaseSemaphore
CreateSemaphoreA
InterlockedCompareExchange
InterlockedExchangeAdd
ResumeThread
QueueUserAPC
RaiseException
OutputDebugStringA
CreateThread
GetVersion
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
TlsGetValue
CreateDirectoryA
GetExitCodeThread
GetEnvironmentVariableW
SetEnvironmentVariableW
CreateMutexA
GetEnvironmentVariableA
SetEnvironmentVariableA
ReleaseMutex
FindFirstChangeNotificationW
WaitForMultipleObjects
FindNextChangeNotification
FindCloseChangeNotification
CreateEventA
WaitForMultipleObjectsEx
CancelIo
SetEvent
WaitForSingleObject
GetACP
GetSystemTime
SystemTimeToFileTime
FlushFileBuffers
WriteFile
ReadFile
GetFileSize
GetLastError
GetSystemDefaultLCID
FindNextFileW
RemoveDirectoryW
GetLogicalDriveStringsW
GetDriveTypeW
GetModuleFileNameW
GetFullPathNameW
GetWindowsDirectoryW
CreateDirectoryW
GetVolumePathNameW
GetVolumeInformationW
GetDiskFreeSpaceExW
GetTempPathW
GetLongPathNameW
SetFileAttributesW
FindFirstFileW
FindClose
CopyFileW
MoveFileExW
DeleteFileW
GetFileAttributesW
CreateFileW
SetFilePointer
SetEndOfFile
CloseHandle
GetTickCount
GetModuleHandleW
SleepEx
MultiByteToWideChar
WideCharToMultiByte
VirtualQuery
VirtualAlloc
VirtualFree
InterlockedDecrement
InterlockedIncrement
GetComputerNameExA
GetVersionExA
GetSystemInfo
GetModuleFileNameA
LocalAlloc
LocalFree
GetProcessAffinityMask
SetThreadAffinityMask
GetCurrentThread
GetThreadPriority
GetPriorityClass
SetPriorityClass
SetThreadPriority
Sleep
QueryPerformanceFrequency
RemoveDirectoryA
GetLogicalDrives
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
DuplicateHandle
InitializeCriticalSectionAndSpinCount
GlobalMemoryStatusEx
GetCurrentProcess
LoadLibraryA
MulDiv
GetModuleHandleA
LCMapStringW
CompareStringW
InitializeCriticalSection
SetThreadIdealProcessor
QueryPerformanceCounter
GetStartupInfoA

user32

DispatchMessageA
TranslateMessage
GetMessageA
SystemParametersInfoA
ReleaseDC
GetDC
GetWindowTextW
DefWindowProcW
SetFocus
SetWindowLongA
RegisterClassW
LoadCursorA
MessageBoxA
MessageBoxW
ScreenToClient
LoadImageW
GetIconInfo
DestroyCursor
GetKeyState
GetAsyncKeyState
GetKeyboardState
GetCursorPos
SetCursorPos
wsprintfW
GetDoubleClickTime
wsprintfA
ChangeClipboardChain
CloseClipboard
DestroyWindow
EmptyClipboard
OpenClipboard
GetClipboardData
IsClipboardFormatAvailable
DefWindowProcA
SetClipboardViewer
CreateWindowExA
RegisterClassA
GetDesktopWindow
GetForegroundWindow
SendMessageW
GetWindowLongW
CallWindowProcA
PostThreadMessageA
ShowWindow
GetActiveWindow
SetActiveWindow
IsWindowVisible
IsIconic
GetAncestor
IsZoomed
MonitorFromWindow
SetWindowTextW
GetWindowTextLengthW
GetWindowRect
ShowCursor
PostMessageA
UnregisterClassA
KillTimer
ClientToScreen
PostMessageW
GetClientRect
DispatchMessageW
GetSystemMetrics
AdjustWindowRect
SetWindowLongW
GetSystemMenu
SetMenuItemInfoW
SetClipboardData
FillRect
UpdateWindow
ValidateRect
InvalidateRect
LoadIconA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetWindowThreadProcessId
IsDlgButtonChecked
PeekMessageW
EnumDisplayMonitors
EndPaint
BeginPaint
AdjustWindowRectEx
GetMenu
SetCapture
ReleaseCapture
SendMessageA
MoveWindow
PostQuitMessage
IntersectRect
SetWindowPos
CreateWindowExW
GetWindowLongA
SetCursor
SetTimer
RegisterClassExW
GetKeyboardLayout
PeekMessageA
CheckDlgButton
GetParent

msvcr71

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
_strdate
_strtime
_aligned_realloc
_CIfmod
sscanf
atol
_CIasin
memmove
_purecall
_localtime64
_time64
__security_error_handler
tmpfile
_control87
memset
_getch
_stat
_fileno
_isatty
wcslen
wcscmp
wcschr
wcstoul
wcsncmp
floor
_CIpow
exit
strtoul
rand
strtod
qsort
iswctype
_stricmp
tolower
wcstod
wcsncat
towlower
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
memcpy
_controlfp
signal
fputs
isupper
_setjmp3
longjmp
getenv
strcmp
_wtol
strtok
fseek
ftell
fflush
abort
vfprintf
fgets
_resetstkoflw
gmtime
strftime
localtime
_except_handler3
_strlwr
strtol
strpbrk
_endthreadex
_searchenv
_wsearchenv
system
_wsystem
_spawnv
_wspawnv
_strtoui64
_beginthreadex
atof
_getdrive
_wgetdcwd
mktime
_errno
_fcvt
_ecvt
_gmtime64
setlocale
_setmbcp
_wcslwr
_wchdir
_wgetcwd
_wutime
_wstat
strspn
strcspn
isprint
_ltoa
_ultoa
_ltow
towupper
_isnan
_finite
_snprintf
wcsrchr
realloc
fread
_iob
printf
_wcsnicmp
memchr
isxdigit
wcsstr
isalpha
isalnum
isspace
_wcsicmp
toupper
_CxxThrowException
__CxxFrameHandler
_strnicmp
modf
_ultow
wcscpy
swscanf
wcstol
isdigit
sprintf
fwrite
fopen
fprintf
fclose
strncat
strrchr
strstr
strncmp
vsprintf
_aligned_free
_aligned_malloc
free
malloc
_vsnprintf
time
strchr
wcscat
ceil
strncpy
wcsncpy
atoi
_CIacos

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoW
VerQueryValueW

usp10

ScriptItemize
ScriptBreak

imm32

ImmGetCandidateListW
ImmReleaseContext
ImmGetOpenStatus
ImmGetContext
ImmSetOpenStatus
ImmNotifyIME
ImmSetCompositionStringW
ImmGetCompositionStringW

netapi32

Netbios

ws2_32

recvfrom
sendto
recv
send
setsockopt
connect
getsockopt
__WSAFDIsSet
select
ioctlsocket
getpeername
shutdown
bind
inet_addr
inet_ntoa
gethostbyname
gethostname
closesocket
WSAIoctl
socket
WSAGetLastError
listen
WSAStartup
WSASocketA
WSACleanup
accept
getsockname
WSASetLastError

dbghelp

SymCleanup
SymInitialize
SymLoadModule64
SymGetSymFromAddr64
SymGetLineFromAddr64
UnDecorateSymbolName
SymSetOptions

dsound

ord1

winmm

timeBeginPeriod
timeGetTime
timeEndPeriod

psapi

GetModuleInformation

gdi32

CreateFontW
ExtEscape
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
CreateSolidBrush
GetObjectA
BitBlt
GetBitmapBits
DeleteObject
GetStockObject
GetDeviceCaps
DeleteDC

advapi32

RegQueryValueExA
GetUserNameA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetUserNameW
RegSetValueExA
RegOpenKeyExA

shell32

ShellExecuteW
SHGetFolderPathW
ShellExecuteA
DragQueryFileW
FindExecutableW

ole32

CoUninitialize
CoInitialize
OleInitialize
RegisterDragDrop
RevokeDragDrop
CoLockObjectExternal
ReleaseStgMedium
CoCreateInstance
OleUninitialize

dinput8

DirectInput8Create

d3dx9_27

D3DXGetVertexShaderProfile
D3DXCompileShader
D3DXGetPixelShaderProfile
D3DXMatrixMultiplyTranspose
D3DXMatrixTranspose
D3DXGetShaderSize
D3DXVec3TransformNormal
D3DXMatrixMultiply
D3DXGetShaderVersion
D3DXCheckVersion
D3DXVec3Transform

d3d9

Direct3DCreate9

Sections

.text
Size: 17.2MB - Virtual size: 17.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CONST
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 792KB - Virtual size: 792KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Stext
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sitext
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Srdata
Size: 360KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sdata
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sidata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.securom
Size: 7.5MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

475014e862a684120c7ed6522ecc6247

Headers

File Characteristics

Imports

kernel32

user32

msvcr71

version

usp10

imm32

netapi32

ws2_32

dbghelp

dsound

winmm

psapi

gdi32

advapi32

shell32

ole32

dinput8

d3dx9_27

d3d9

Sections

.text Size: 17.2MB - Virtual size: 17.2MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 2.4MB - Virtual size: 2.4MB

.tls Size: 4KB - Virtual size: 4KB

CONST Size: 4KB - Virtual size: 4KB

.rsrc Size: 792KB - Virtual size: 792KB

Stext Size: 6.2MB - Virtual size: 6.2MB

Sitext Size: 28KB - Virtual size: 28KB

Srdata Size: 360KB - Virtual size: 360KB

Sdata Size: 3.0MB - Virtual size: 3.0MB

Sidata Size: 24KB - Virtual size: 24KB

.securom Size: 7.5MB - Virtual size: 7.5MB

.text
Size: 17.2MB - Virtual size: 17.2MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 2.4MB - Virtual size: 2.4MB

.tls
Size: 4KB - Virtual size: 4KB

CONST
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 792KB - Virtual size: 792KB

Stext
Size: 6.2MB - Virtual size: 6.2MB

Sitext
Size: 28KB - Virtual size: 28KB

Srdata
Size: 360KB - Virtual size: 360KB

Sdata
Size: 3.0MB - Virtual size: 3.0MB

Sidata
Size: 24KB - Virtual size: 24KB

.securom
Size: 7.5MB - Virtual size: 7.5MB