9d2a9be2406163fb1f99d32501439f52a87751617ab928d30ef27434807239c8

Sharing

Copy URL Twitter E-mail

General

Target

9d2a9be2406163fb1f99d32501439f52a87751617ab928d30ef27434807239c8
Size

5.3MB
MD5

7035f2d7dcf4ecdef64a16ed235d2d28
SHA1

ec178aa3e56c88647966ac5654afc320c55cf157
SHA256

9d2a9be2406163fb1f99d32501439f52a87751617ab928d30ef27434807239c8
SHA512

4cafa916f460e52cffc628ef35335a87c4df6c8448610af8c24ee588db32061f8846d98a97e893af121d163f799ba3393ad444311f0885fb9e2f6b2fa6adefc8
SSDEEP

98304:4CtdY99m+2jPJ4dVHU/1MRvCu9/9ueqWU:4GtzWUW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9d2a9be2406163fb1f99d32501439f52a87751617ab928d30ef27434807239c8

Files

9d2a9be2406163fb1f99d32501439f52a87751617ab928d30ef27434807239c8
.exe windows:5 windows x86 arch:x86

dc3701530fcdae8b470518e852443da5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeEndPeriod
timeBeginPeriod
timeGetDevCaps
timeGetTime

d3d8

Direct3DCreate8

iphlpapi

GetAdaptersInfo
GetPerAdapterInfo

imm32

ImmGetContext
ImmIsIME
ImmGetIMEFileNameA
ImmNotifyIME
ImmReleaseContext
ImmAssociateContext
ImmGetCompositionStringW
ImmSetCompositionStringW
ImmGetCandidateListW
ImmGetConversionStatus
ImmSetConversionStatus
ImmGetOpenStatus

devil

ilGenImages
ilGetInteger
ilLoad
ilOriginFunc
ilShutDown
ilSave
ilEnable
ilTexImage
ilInit
ilCopyPixels
ilBindImage
ilConvertImage
ilDeleteImages
ilSetPixels

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

imagehlp

StackWalk
EnumerateLoadedModules
GetTimestampForLoadedLibrary

speedtreert

??0STextures@CSpeedTreeRT@@QAE@XZ
??1STextures@CSpeedTreeRT@@QAE@XZ
??0CSpeedTreeRT@@QAE@XZ
??1CSpeedTreeRT@@QAE@XZ
??2CSpeedTreeRT@@SAPAXI@Z
??3CSpeedTreeRT@@SAXPAX@Z
?Compute@CSpeedTreeRT@@QAE_NPBMI_N@Z
?MakeInstance@CSpeedTreeRT@@QAEPAV1@XZ
?LoadTree@CSpeedTreeRT@@QAE_NPBD@Z
?LoadTree@CSpeedTreeRT@@QAE_NPBEI@Z
?SetTreeSize@CSpeedTreeRT@@QAEXMM@Z
?GetTreePosition@CSpeedTreeRT@@QBEPBMXZ
?SetTreePosition@CSpeedTreeRT@@QAEXMMM@Z
?SetBranchLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetLeafLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetFrondLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?GetBranchMaterial@CSpeedTreeRT@@QBEPBMXZ
?GetLeafMaterial@CSpeedTreeRT@@QBEPBMXZ
?GetFrondMaterial@CSpeedTreeRT@@QBEPBMXZ
?SetLeafRockingState@CSpeedTreeRT@@QAEX_N@Z
?SetNumLeafRockingGroups@CSpeedTreeRT@@QAEXI@Z
?SetLeafWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetBranchWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetFrondWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetLocalMatrices@CSpeedTreeRT@@QAEXII@Z
?ComputeLodLevel@CSpeedTreeRT@@QAEXXZ
?SetLodLevel@CSpeedTreeRT@@QAEXM@Z
?SetDropToBillboard@CSpeedTreeRT@@SAX_N@Z
?SetLodLimits@CSpeedTreeRT@@QAEXMM@Z
?GetNumBranchLodLevels@CSpeedTreeRT@@QBEGXZ
?GetNumLeafLodLevels@CSpeedTreeRT@@QBEGXZ
?GetNumFrondLodLevels@CSpeedTreeRT@@QBEGXZ
?GetGeometry@CSpeedTreeRT@@QAEXAAUSGeometry@1@KFFF@Z
?GetTextures@CSpeedTreeRT@@QBEXAAUSTextures@1@@Z
?SetTextureFlip@CSpeedTreeRT@@SAX_N@Z
?GetCurrentError@CSpeedTreeRT@@SAPBDXZ
?GetBoundingBox@CSpeedTreeRT@@QBEXPAM@Z
?GetCollisionObjectCount@CSpeedTreeRT@@QAEIXZ
?GetCollisionObject@CSpeedTreeRT@@QAEXIAAW4ECollisionObjectType@1@PAM1@Z
??0SGeometry@CSpeedTreeRT@@QAE@XZ
?SetCamera@CSpeedTreeRT@@SAXPBM0@Z
?SetLightAttributes@CSpeedTreeRT@@SAXIPBM@Z
?SetLightState@CSpeedTreeRT@@SAXI_N@Z
?SetNumWindMatrices@CSpeedTreeRT@@SAXI@Z
?SetWindStrength@CSpeedTreeRT@@QAEMMMM@Z
?SetTime@CSpeedTreeRT@@SAXM@Z
??1SGeometry@CSpeedTreeRT@@QAE@XZ

dinput8

DirectInput8Create

ws2_32

connect
recv
select
send
socket
WSAGetLastError
WSAStartup
WSACleanup
htons
inet_addr
gethostbyname
closesocket
__WSAFDIsSet
ioctlsocket

winhttp

WinHttpOpenRequest
WinHttpConnect
WinHttpCloseHandle
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpen

user32

FindWindowA
ScreenToClient
GetCursorPos
GetAsyncKeyState
SetWindowPos
FlashWindowEx
PostQuitMessage
SystemParametersInfoA
GetKeyState
ShowCursor
SetCursor
DestroyCursor
LoadImageA
SetCursorPos
ClientToScreen
ShowWindow
GetCapture
SetCapture
ReleaseCapture
ChangeDisplaySettingsA
GetSystemMetrics
LoadStringA
MessageBoxA
DefWindowProcA
RegisterClassA
CreateWindowExA
IsWindow
DestroyWindow
MoveWindow
GetMenu
InvalidateRect
GetClientRect
AdjustWindowRectEx
SetRect
GetWindowLongA
SetWindowLongA
LoadCursorA
GetMessageA
TranslateMessage
DispatchMessageA
PeekMessageA
GetDC
ReleaseDC
GetKeyboardLayoutNameA
GetKeyboardLayout
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
CharNextW
CharNextExA
CharPrevExA
CharPrevA
LoadIconA

gdi32

GetCharABCWidthsFloatW
GetStockObject
EnumFontFamiliesExA
CreateFontIndirectA
DeleteObject
TextOutA
CreateDIBSection
SetBkMode
DeleteDC
CreateCompatibleDC
TextOutW
SetTextColor
SetBkColor
SelectObject
GetTextExtentPoint32W
GetTextExtentPoint32A

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

VariantClear
SysFreeString

shell32

ShellExecuteA
ShellExecuteW
SHFileOperationA
SHGetSpecialFolderPathA

granny2

_GrannyGetControlLoopCount@4
_GrannyFreeControlIfComplete@4
_GrannyControlIsComplete@4
_GrannyCompleteControlAt@8
_GrannyFreeControlOnceUnused@4
_GrannyFreeControl@4
_GrannyGetMeshIndexCount@4
_GrannyMeshIsRigid@4
_GrannyGetMeshVertexCount@4
_GrannyGetTotalTypeSize@4
_GrannyGetWorldPoseComposite4x4@8
_GrannyGetWorldPose4x4@8
_GrannyFreeWorldPose@4
_GrannyNewWorldPose@4
_GrannyFindBoneByName@12
_GrannyGetMeshBindingToBoneIndices@4
_GrannyFreeMeshBinding@4
_GrannyNewMeshBinding@12
_GrannySetControlLoopCount@8
_GrannyInstantiateModel@4
_GrannyGetWorldPoseComposite4x4Array@4
_GrannyFreeLocalPose@4
_GrannyNewLocalPose@4
_GrannyUpdateModelMatrix@20
_GrannySampleModelAnimationsAccelerated@20
_GrannyFreeCompletedModelControls@4
_GrannySetModelClock@8
_GrannyGetSourceSkeleton@4
_GrannyGetFileInfo@4
_GrannyFreeFile@4
_GrannyFreeFileSection@8
_GrannyReadEntireFileFromMemory@8
_GrannyConvertSingleObject@20
_GrannyFindMatchingMember@16
_GrannyGetMaterialTextureByType@8
_GrannyGetLogMessageOriginString@4
_GrannyGetLogMessageTypeString@4
_GrannySetLogCallback@4
_GrannySetControlSpeed@8
_GrannyGetControlSpeed@4
_GrannyGetControlLocalDuration@4
_GrannySetControlEaseIn@8
_GrannySetControlEaseInCurve@28
_GrannySetControlEaseOut@8
_GrannySetControlEaseOutCurve@28
_GrannyGetControlRawLocalClock@4
_GrannySetControlRawLocalClock@8
_GrannyPlayControlledAnimation@12
_GrannyGetMeshTriangleGroupCount@4
_GrannyGetMeshTriangleGroups@4
_GrannyCopyMeshVertices@12
_GrannyGetMeshVertices@4
_GrannyCopyMeshIndices@12
_GrannyNewMeshDeformer@16
_GrannyFreeMeshDeformer@4
_GrannyDeformVertices@24
GrannyPNT332VertexType
_GrannyFreeModelInstance@4
_GrannyGetMeshVertexType@4

kernel32

GetProcessAffinityMask
GetNumaHighestNodeNumber
GetModuleHandleW
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetThreadPriority
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
SetEvent
CreateTimerQueue
GetCPInfo
HeapCompact
FlushFileBuffers
SetConsoleMode
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
VirtualQuery
GetExitCodeThread
SetThreadAffinityMask
SetConsoleCtrlHandler
GetFileAttributesExW
RegisterWaitForSingleObject
UnregisterWait
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
CreateEventW
TerminateProcess
GetStartupInfoW
GetTickCount
CreateSemaphoreW
GetDateFormatW
FileTimeToSystemTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
FileTimeToLocalFileTime
DuplicateHandle
CreateThread
GetFullPathNameA
GetDriveTypeW
GetCommandLineA
GetTimeFormatW
SetLastError
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
LoadLibraryExW
GetModuleFileNameW
FreeLibraryAndExitThread
GetThreadTimes
OutputDebugStringW
GetCurrentThreadId
IsDebuggerPresent
AreFileApisANSI
RtlUnwind
RaiseException
IsProcessorFeaturePresent
HeapValidate
GetStringTypeW
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
CreateFileW
SetFilePointerEx
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WaitForSingleObject
ReleaseSemaphore
SetThreadPriority
GetLocaleInfoA
CompareStringA
WideCharToMultiByte
GetVersionExA
GetSystemDirectoryA
LoadLibraryA
lstrlenW
GlobalUnlock
GlobalLock
GetProcAddress
FreeLibrary
SetFilePointer
ReadFile
WriteFile
GetModuleHandleA
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
HeapSize
GetStdHandle
IsValidCodePage
GetACP
GetOEMCP
GetConsoleCP
GetConsoleMode
ReadConsoleW
CreateDirectoryW
DeleteFileW
MoveFileExW
ReadConsoleInputW
LockFileEx
WinExec
GetCurrentThread
SetUnhandledExceptionFilter
OutputDebugStringA
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetSystemInfo
LoadLibraryW
UnlockFileEx
FindFirstFileExW
InitializeSListHead
UnregisterWaitEx
SystemTimeToTzSpecificLocalTime
GetVersionExW
VirtualAlloc
ExitThread
ResetEvent
FlushViewOfFile
ExpandEnvironmentStringsW
GetSystemTime
GetVersion
FindNextFileW
CreatePipe
RemoveDirectoryW
MoveFileA
MoveFileW
SetCurrentDirectoryA
GetEnvironmentVariableA
GetFileAttributesW
GetExitCodeProcess
OpenProcess
GetProcessTimes
SetFileTime
GenerateConsoleCtrlEvent
GetFileAttributesExA
SetEnvironmentVariableW
SystemTimeToFileTime
FindFirstFileW
GetFullPathNameW
LoadLibraryExA
SetErrorMode
CreateEventA
IsDBCSLeadByte
GetFileAttributesA
GetConsoleOutputCP
LocalFree
FormatMessageA
QueryPerformanceFrequency
WaitNamedPipeW
SetEnvironmentVariableA
SetEndOfFile
WriteConsoleW
HeapReAlloc
SetStdHandle
SetFileAttributesW
GetFileSize
GetCurrentDirectoryW
SetCurrentDirectoryW
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
VirtualProtect
DeviceIoControl
CloseHandle
CreateFileA
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
GetCurrentProcessId
GetLastError
ReadProcessMemory
CreateToolhelp32Snapshot
Module32First
Module32Next
Sleep
SetFileAttributesA
MultiByteToWideChar
FindClose
FindFirstFileA
FindNextFileA
lstrlenA
CreateProcessA
GetPrivateProfileStringA
GetCurrentDirectoryA
GlobalAlloc
GetModuleFileNameA
GetTempPathA
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
VirtualFree

advapi32

RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyA
RegCreateKeyExW
RegSetValueExW
CryptReleaseContext
RegSetValueA
RegSetValueExA
RegDeleteKeyA
RegEnumKeyExA
RegCreateKeyA
RegCreateKeyExA
RegQueryInfoKeyA
RegDeleteValueA
RegQueryValueA
RegSaveKeyA
RegEnumValueA
RegLoadKeyA
RegFlushKey
RegConnectRegistryA
RegCloseKey

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 415KB - Virtual size: 997KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc3701530fcdae8b470518e852443da5

Headers

DLL Characteristics

File Characteristics

Imports

winmm

d3d8

iphlpapi

imm32

devil

version

imagehlp

speedtreert

dinput8

ws2_32

winhttp

user32

gdi32

ole32

oleaut32

shell32

granny2

kernel32

advapi32

Exports

Exports

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 415KB - Virtual size: 997KB

.data1 Size: 2KB - Virtual size: 2KB

.rsrc Size: 168KB - Virtual size: 168KB

.reloc Size: 185KB - Virtual size: 184KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 415KB - Virtual size: 997KB

.data1
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 168KB - Virtual size: 168KB

.reloc
Size: 185KB - Virtual size: 184KB