3eaf8841003eec00ea0632826f25f19fcd4bb1d1922d400af8d09de1ba219308

Sharing

Copy URL Twitter E-mail

General

Target

3eaf8841003eec00ea0632826f25f19fcd4bb1d1922d400af8d09de1ba219308
Size

5.8MB
MD5

960ab06f8619b82e11d99fa5bea3b63b
SHA1

d0dbe8063a351b4d03711b388027f88dc3d691fd
SHA256

3eaf8841003eec00ea0632826f25f19fcd4bb1d1922d400af8d09de1ba219308
SHA512

3a87ab9be6977b28e1e78242dedbb31eded135954dae68ae3074611c6fd354eea26364ca73f81cf3692d7d5548bad3fc33858845fd6c77bbfb4e37034bf0534b
SSDEEP

98304:wFGGlNcRK4GwaloTHcwoRkOvY3WBugWEtDuaD527BWG:uGGlNcRCvloT8wVOQ3uW+SaVQBWG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3eaf8841003eec00ea0632826f25f19fcd4bb1d1922d400af8d09de1ba219308

Files

3eaf8841003eec00ea0632826f25f19fcd4bb1d1922d400af8d09de1ba219308
.exe windows:4 windows x86 arch:x86

6335ab238cad5ccdd76c0e094b72cbef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\cod5\cod\cod5\pc\CoDSP_s.pdb

Imports

winmm

timeEndPeriod
mixerGetNumDevs
mixerClose
mixerGetLineInfoA
mixerOpen
mixerGetLineControlsA
waveInGetNumDevs
mixerSetControlDetails
mixerGetControlDetailsA
timeGetTime
timeBeginPeriod

wsock32

ioctlsocket
send
WSAGetLastError
htons
ntohl
inet_ntoa
connect
closesocket
WSAStartup
socket
bind
recv
gethostbyname
sendto
setsockopt
gethostname
recvfrom

faultrep

ReportFault

binkw32

_BinkClose@4
_BinkGetRects@8
_BinkSetMemory@8
_BinkRegisterFrameBuffers@8
_BinkWait@4
_BinkOpen@8
_BinkNextFrame@4
_BinkGetFrameBuffersInfo@8
_BinkSetSoundTrack@8
_BinkControlBackgroundIO@8
_BinkGetRealtime@12
_BinkDoFrame@4
_BinkOpenDirectSound@4
_BinkSetIOSize@4
_BinkSetSoundOnOff@8
_BinkPause@8
_BinkSetVolume@12
_BinkGetError@0
_BinkSetSoundSystem@8

d3d9

D3DPERF_BeginEvent
Direct3DCreate9
D3DPERF_EndEvent

d3dx9_37

D3DXCompileShader
D3DXGetShaderConstantTable
D3DXCreateBuffer
D3DXGetShaderInputSemantics
D3DXGetShaderOutputSemantics

dsound

ord6
ord11

kernel32

GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetEnvironmentVariableW
SetEnvironmentVariableA
FlushFileBuffers
GetTimeZoneInformation
SetFilePointer
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
HeapSize
GetStdHandle
DeleteCriticalSection
HeapCreate
HeapDestroy
LCMapStringW
WideCharToMultiByte
LCMapStringA
QueryPerformanceFrequency
QueryPerformanceCounter
CloseHandle
SleepEx
GetLastError
ReadFileEx
GetFileSize
CreateFileA
DebugBreak
GetSystemTimeAsFileTime
InterlockedExchange
SuspendThread
ResumeThread
CreateThread
ResetEvent
Sleep
CreateEventA
GetCurrentProcess
SetThreadIdealProcessor
WaitForSingleObject
GetProcessAffinityMask
SetEvent
GetCurrentThreadId
SetThreadPriority
SetThreadAffinityMask
RaiseException
GetCurrentThread
DuplicateHandle
SetFileAttributesA
GetFileAttributesA
SetStdHandle
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameA
GetModuleHandleA
TryEnterCriticalSection
InitializeCriticalSection
GetProcAddress
SetProcessAffinityMask
GetThreadPriority
GlobalMemoryStatus
CreateProcessA
FormatMessageA
ReadFile
WriteFile
GetDriveTypeA
SetErrorMode
OpenProcess
SetUnhandledExceptionFilter
GlobalUnlock
GetCurrentDirectoryA
CreateToolhelp32Snapshot
GlobalSize
Module32First
OutputDebugStringA
Module32Next
GlobalLock
GetVersionExA
GetCurrentProcessId
DeleteFileA
LoadLibraryW
MultiByteToWideChar
FreeLibrary
MulDiv
SetPriorityClass
SetThreadExecutionState
LoadLibraryA
SwitchToThread
InterlockedIncrement
InterlockedDecrement
CompareFileTime
ReleaseMutex
CreateMutexA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapFree
HeapAlloc
ExitProcess
RtlUnwind
MoveFileA
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
FileTimeToSystemTime
FileTimeToLocalFileTime
CreateDirectoryA
GetFullPathNameA
HeapReAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
CompareStringA
CompareStringW
SetEndOfFile
InterlockedCompareExchange
IsProcessorFeaturePresent
RemoveDirectoryA
FindClose
GetSystemTime
SystemTimeToFileTime
FindNextFileA
VirtualFree
VirtualQuery
FindFirstFileA

user32

CallWindowProcA
LoadImageA
UpdateWindow
AdjustWindowRect
DestroyWindow
RegisterClassA
MoveWindow
CreateWindowExA
DefWindowProcA
SetWindowPos
MapVirtualKeyA
GetMessageA
CloseClipboard
GetMonitorInfoA
RegisterWindowMessageA
SendMessageA
GetClipboardData
DispatchMessageA
OpenClipboard
PeekMessageA
RegisterClassExA
MonitorFromWindow
PostQuitMessage
GetSystemMetrics
TranslateMessage
LoadCursorA
SetWindowTextA
LoadIconA
ShowWindow
SetFocus
ShowCursor
GetForegroundWindow
SetCursorPos
ClientToScreen
GetCursorPos
ScreenToClient
GetWindowRect
PostMessageA
GetActiveWindow
MessageBoxA
GetDC
GetWindowTextA
SetWindowLongA
GetWindowLongA
ReleaseDC
GetDesktopWindow
ChangeDisplaySettingsA
EnumThreadWindows
MonitorFromPoint
EnumDisplayMonitors
AdjustWindowRectEx
IsWindow
CloseWindow

gdi32

CreateSolidBrush
CreateFontA
GetDeviceCaps
SetDeviceGammaRamp

advapi32

RegSetValueExA
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegOpenKeyA
RegCreateKeyA
RegQueryValueExA
RegCloseKey

shell32

SHGetFolderPathA
ShellExecuteA

ole32

CoTaskMemAlloc
CLSIDFromString
CoUninitialize
CoInitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree

oleaut32

SysAllocString

xinput1_3

ord2
ord4
ord3

psapi

GetProcessMemoryInfo

ws2_32

ntohs
inet_ntoa
getsockname
select
__WSAFDIsSet

ddraw

DirectDrawEnumerateExA
DirectDrawCreateEx

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 896KB - Virtual size: 896KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 69.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 968KB - Virtual size: 972KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6335ab238cad5ccdd76c0e094b72cbef

Headers

File Characteristics

PDB Paths

Imports

winmm

wsock32

faultrep

binkw32

d3d9

d3dx9_37

dsound

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

xinput1_3

psapi

ws2_32

ddraw

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

.rdata Size: 896KB - Virtual size: 896KB

.data Size: 108KB - Virtual size: 69.5MB

.tls Size: 4KB - Virtual size: 4KB

.rsrc Size: 968KB - Virtual size: 972KB

.text
Size: 3.9MB - Virtual size: 3.9MB

.rdata
Size: 896KB - Virtual size: 896KB

.data
Size: 108KB - Virtual size: 69.5MB

.tls
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 968KB - Virtual size: 972KB