bd428bcd6dcbbbddd8bccd39ee9235b9

Sharing

Copy URL Twitter E-mail

General

Target

bd428bcd6dcbbbddd8bccd39ee9235b9
Size

12.3MB
MD5

bd428bcd6dcbbbddd8bccd39ee9235b9
SHA1

b7f5e6101e5d3741010f578d6f08fa5051a34919
SHA256

56505f95b218930eab9e19bd768c3b69d7d038f3feed0ce950bd36feaf125aa7
SHA512

72210b0bd151c536f4b62b91d9548b2590668a0826f3b8df21c15c009324e4676e0e0964fabc7e6b4abe9df035779fa418db646b192a23dce7e4fa64d6ed4032
SSDEEP

12288:hMnYcqpN5amWxFEfgQqG1wbekZ5cByaRSxusUnNxwm7vJhaLNeUYaR5u5XCAmzR4:WgpOmHgfG/G8Z7vGLNL26f/u3GZi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd428bcd6dcbbbddd8bccd39ee9235b9

Files

bd428bcd6dcbbbddd8bccd39ee9235b9
.exe windows:6 windows x86 arch:x86

affeb29c9af787d363be456fd2e8a854

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\C++\crystallclicker\crystallclicker\Release\diamondclicker.pdb

Imports

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetFileSizeEx
CreateFileA
VerifyVersionInfoA
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExA
GetTickCount
Sleep
SleepEx
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetConsoleWindow
CreateDirectoryA
GetComputerNameA
CopyFileA
GetModuleHandleA
ReleaseMutex
GetVolumeInformationA
CreateMutexA
FormatMessageW
GetModuleHandleW
SetLastError
GetLastError
AreFileApisANSI
GetFileInformationByHandle
GetFileAttributesExW
FindFirstFileExW
FindClose
CreateFileW
InitializeSListHead
OpenMutexA
CloseHandle
CreateThread
Beep
GetCurrentProcess
GetModuleFileNameA
QueryPerformanceCounter
MultiByteToWideChar
FreeLibrary
VerSetConditionMask
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
GetSystemDirectoryA

user32

ScreenToClient
GetCapture
ClientToScreen
IsChild
UnregisterClassA
PeekMessageA
TranslateMessage
CreateWindowExA
DefWindowProcA
ShowWindow
SetWindowPos
DestroyWindow
GetWindowRect
DispatchMessageA
FindWindowA
GetAsyncKeyState
WindowFromPoint
PostMessageW
CloseClipboard
LoadCursorA
GetKeyState
UpdateWindow
RegisterClassExA
MessageBoxA
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
EmptyClipboard
GetClipboardData
SetClipboardData
PostQuitMessage
GetCursorPos
SetCursorPos
ReleaseCapture
OpenClipboard

advapi32

CryptImportKey
CryptEncrypt
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

ShellExecuteA

msvcp140

?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?_Random_device@std@@YAIXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
_Xtime_get_ticks
_Query_perf_counter
_Thrd_sleep
?_Syserror_map@std@@YAPBDH@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Winerror_map@std@@YAHH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Winerror_message@std@@YAKKPADK@Z
?uncaught_exception@std@@YA_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
_Query_perf_frequency
?_Xlength_error@std@@YAXPBD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z

d3d9

Direct3DCreate9

winmm

PlaySoundA

normaliz

IdnToAscii

ws2_32

connect
WSAIoctl
WSACleanup
bind
WSAGetLastError
WSASetLastError
send
recv
accept
closesocket
getpeername
getsockname
getsockopt
socket
ntohs
setsockopt
htonl
WSAStartup
listen
ntohl
ioctlsocket
__WSAFDIsSet
htons
gethostname
sendto
select
getaddrinfo
freeaddrinfo
recvfrom
WSAEventSelect
WSAEnumNetworkEvents
WSACloseEvent
WSACreateEvent

wldap32

ord211
ord217
ord46
ord60
ord45
ord50
ord41
ord22
ord26
ord27
ord32
ord301
ord200
ord30
ord79
ord35
ord33
ord143

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CertGetNameStringA
CertOpenStore
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CryptQueryObject

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

vcruntime140

__current_exception
__current_exception_context
_CxxThrowException
_except_handler4_common
memcpy
memchr
strchr
memset
strstr
__std_terminate
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
strrchr
memmove

api-ms-win-crt-heap-l1-1-0

_callnewh
realloc
calloc
free
_set_new_mode
malloc

api-ms-win-crt-stdio-l1-1-0

__p__commode
fflush
fclose
fseek
fwrite
ftell
_lseeki64
_read
_wfopen
fopen
__stdio_common_vsprintf
fread
setvbuf
__stdio_common_vsscanf
_write
_close
_open
_get_stream_buffer_pointers
_fseeki64
fsetpos
feof
ungetc
_popen
__stdio_common_vfprintf
fgetpos
fgets
_set_fmode
__acrt_iob_func
fgetc
_pclose
fputs
fputc

api-ms-win-crt-runtime-l1-1-0

terminate
_wassert
_invalid_parameter_noinfo_noreturn
system
_configure_narrow_argv
_errno
strerror
__sys_nerr
_beginthreadex
_getpid
_controlfp_s
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
exit
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment

api-ms-win-crt-string-l1-1-0

isupper
_strdup
strncmp
tolower
strpbrk
strcspn
strncpy
strspn

api-ms-win-crt-utility-l1-1-0

rand
qsort
srand

api-ms-win-crt-convert-l1-1-0

atof
strtoll
atoi
strtoul
strtol
wcstombs

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
remove
_stat64
_unlink
_lock_file
_access
_fstat64

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64
strftime

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

floor
_libm_sse2_sin_precise
_libm_sse2_acos_precise
_libm_sse2_sqrt_precise
ceil
_libm_sse2_cos_precise
_libm_sse2_pow_precise
_CIfmod
__setusermatherr
_CIatan2

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
___lc_codepage_func

Sections

.text
Size: 590KB - Virtual size: 589KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 277KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

affeb29c9af787d363be456fd2e8a854

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

msvcp140

d3d9

winmm

normaliz

ws2_32

wldap32

crypt32

imm32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 590KB - Virtual size: 589KB

.rdata Size: 277KB - Virtual size: 276KB

.data Size: 1KB - Virtual size: 7KB

.rsrc Size: 14KB - Virtual size: 14KB

.reloc Size: 26KB - Virtual size: 26KB

.text
Size: 590KB - Virtual size: 589KB

.rdata
Size: 277KB - Virtual size: 276KB

.data
Size: 1KB - Virtual size: 7KB

.rsrc
Size: 14KB - Virtual size: 14KB

.reloc
Size: 26KB - Virtual size: 26KB