c29b0661ee690563eb342ea7d2eec025

Sharing

Copy URL Twitter E-mail

General

Target

c29b0661ee690563eb342ea7d2eec025
Size

960KB
MD5

c29b0661ee690563eb342ea7d2eec025
SHA1

9677c63cfdf366c7abc833fd907c0648fa764281
SHA256

e6c50e6874e8d80a824fa95ac87d47ab4ab7164571ded07a30a230a762f3c385
SHA512

80ad144a5872328d7d837f2613e04f80632e7e3dcf38ce6bc2d03b81b7fd14c72c54f6dd15b5e6d7f7046dc5589bdb4a32c2f65916a2bf143e59bd4752bad762
SSDEEP

12288:PqvUKWZCqN9EgAl+kqpvN2M5t+H94X1tONDkfvkWELDFfb7yY3lMf:kQZCs9EgAkkqXhz+9y10xkfvVEfVvlS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c29b0661ee690563eb342ea7d2eec025

Files

c29b0661ee690563eb342ea7d2eec025
.dll windows:4 windows x86 arch:x86

e4497ac0b11334e4c0169a387033c804

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\Mario\Documents\Visual Studio Projects\PHCd3d9Base\Debug\PHCd3d9Base.pdb

Imports

kernel32

MapViewOfFile
CreateFileMappingA
CreateFileA
CreateFileW
UnmapViewOfFile
GetProcAddress
CreateThread
Sleep
GetModuleHandleA
GetModuleFileNameA
VirtualProtect
GetFileSize
FindResourceW
FindResourceA
IsBadWritePtr
IsBadReadPtr
HeapValidate
RtlUnwind
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
GetVersionExA
DebugBreak
RaiseException
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
SetLastError
GetLastError
GetCurrentThread
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
HeapAlloc
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
InterlockedIncrement
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
VirtualFree
TerminateProcess
GetCurrentProcess
ExitProcess
VirtualAlloc
WideCharToMultiByte
GetTimeZoneInformation
GetSystemInfo
VirtualQuery
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
GetProcessHeap
CloseHandle
FreeLibrary
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InitializeCriticalSection
InterlockedExchange
SetConsoleCtrlHandler
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
SetUnhandledExceptionFilter
IsBadCodePtr
SetFilePointer
SetStdHandle
GetLocaleInfoW
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
FlushInstructionCache
InterlockedCompareExchange
GetFullPathNameA
lstrcmpiA
LockResource
LoadResource
SizeofResource
MulDiv

user32

GetCursorPos
GetSystemMetrics
RegisterClassExA
GetDesktopWindow
CreateWindowExA
DestroyWindow
DefWindowProcA
GetAsyncKeyState

gdi32

SetMapMode
SelectObject
SetTextColor
CreateDIBSection
CreateCompatibleDC
CreateFontA
GetDeviceCaps
SetBkColor
SetTextAlign
GetTextExtentPoint32A
ExtTextOutA
DeleteObject
DeleteDC

d3d9

Direct3DCreate9

advapi32

RegQueryValueExA
RegOpenKeyA
RegCloseKey

Sections

.textbss
Size: - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 760KB - Virtual size: 758KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4497ac0b11334e4c0169a387033c804

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

d3d9

advapi32

Sections

.textbss Size: - Virtual size: 368KB

.text Size: 760KB - Virtual size: 758KB

.rdata Size: 116KB - Virtual size: 114KB

.data Size: 44KB - Virtual size: 64KB

.idata Size: 8KB - Virtual size: 4KB

.reloc Size: 28KB - Virtual size: 24KB

.textbss
Size: - Virtual size: 368KB

.text
Size: 760KB - Virtual size: 758KB

.rdata
Size: 116KB - Virtual size: 114KB

.data
Size: 44KB - Virtual size: 64KB

.idata
Size: 8KB - Virtual size: 4KB

.reloc
Size: 28KB - Virtual size: 24KB