10d34f8eaf8b8fa696e6c84421f5f11823dc2537785c703154a561b49e11d62b

Sharing

Copy URL Twitter E-mail

General

Target

10d34f8eaf8b8fa696e6c84421f5f11823dc2537785c703154a561b49e11d62b
Size

1.3MB
MD5

7c77b6ff162da4ca11499a9531517fce
SHA1

c20b65b71e67361b9d48c737702baa0fb82f97e2
SHA256

10d34f8eaf8b8fa696e6c84421f5f11823dc2537785c703154a561b49e11d62b
SHA512

bea06f3007cd7cdf447f6edfdbae398b0f195f0668f6c7ce89b52df2b9bdec550e0c7ffd0740439f28f2599fb513494590e69c8802bd66580cd3164e7bedf79a
SSDEEP

12288:kt/2dgRFKkNcZHPVBcVIAp802E4nkuLVwvxw7B2qwhoYYShkjxZkMNXfp6iWtX7I:kN2dyKkN4V+bp8LPvca1yN1TzE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10d34f8eaf8b8fa696e6c84421f5f11823dc2537785c703154a561b49e11d62b

Files

10d34f8eaf8b8fa696e6c84421f5f11823dc2537785c703154a561b49e11d62b
.exe windows:4 windows x86 arch:x86

ba40dae9a08b7918d15cb3283abf7a38

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Projects\bladefx2\_projects\emeraldtale\Temp\Release\Emerald Tale.pdb

Imports

hge

hgeCreate

xmlparse

XML_SetUserData
XML_SetElementHandler
XML_SetCharacterDataHandler
XML_ParserCreate
XML_GetCurrentLineNumber
XML_GetErrorCode
XML_ErrorString
XML_ParserFree
XML_Parse

audiere

_AdrOpenSound@12
_AdrOpenSampleSource@8
_AdrOpenDevice@8

kernel32

VirtualQuery
GetSystemInfo
VirtualProtect
FlushFileBuffers
SetStdHandle
GetTimeZoneInformation
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
QueryPerformanceFrequency
FindClose
OutputDebugStringA
GetVersionExA
Sleep
LocalFree
FormatMessageA
GetComputerNameA
GetLocaleInfoA
GlobalMemoryStatus
GetLastError
GetFileAttributesA
FindNextFileA
FindFirstFileA
GetFileSize
CloseHandle
ReadFile
WriteFile
SetFilePointer
WideCharToMultiByte
MultiByteToWideChar
GetSystemDefaultLCID
GlobalUnlock
GlobalLock
GlobalAlloc
DeleteFileA
CreateDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
WinExec
GetEnvironmentVariableA
GetCPInfo
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
CompareStringA
CompareStringW
CreateFileA
InterlockedIncrement
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
SetEnvironmentVariableA
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
RaiseException
ExitProcess
FileTimeToSystemTime
FileTimeToLocalFileTime
GetLocalTime
GetSystemTimeAsFileTime
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
HeapAlloc
HeapFree
TlsFree
SetLastError
GetCurrentThreadId
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
HeapReAlloc
TerminateProcess
GetCurrentProcess
HeapSize
GetTickCount
GetCurrentProcessId
GetModuleFileNameA
SetHandleCount
GetStdHandle
GetFileType
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA

user32

MessageBoxA
OpenClipboard
IsClipboardFormatAvailable
EmptyClipboard
SetClipboardData
CloseClipboard
GetClipboardData

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba40dae9a08b7918d15cb3283abf7a38

Headers

File Characteristics

PDB Paths

Imports

hge

xmlparse

audiere

kernel32

user32

advapi32

shell32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 124KB - Virtual size: 122KB

.data Size: 72KB - Virtual size: 82KB

.rsrc Size: 12KB - Virtual size: 10KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 124KB - Virtual size: 122KB

.data
Size: 72KB - Virtual size: 82KB

.rsrc
Size: 12KB - Virtual size: 10KB