WindowIME[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

WindowIME.exe
Size

2.4MB
MD5

ebad408207a035d9d77bbff6b177486a
SHA1

33cea2afe54361e2eb31acd175ae0ffe47d657cb
SHA256

c156beae89ab6e29f40627f0039b65af65d27c887c4c3c532b6624f87a3c753d
SHA512

9dea8e36c46fd0bd5757275f225241a5fc587819b18209201f4a6fe81827556532eb7430936ebd4e8bb5fa9899d826ae58182feca0180934354ad3444873fd49
SSDEEP

49152:sLkilHUz18Q+0i26ixnCaSJtrBdO7iRD:ss6isJ3w7K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WindowIME.exe

Files

WindowIME.exe
.exe windows:6 windows x64 arch:x64

5cb0be0146e8249b1b430e8a941159ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\TD-Files\FiveM Free External New instant\x64\Release\steam.pdb

Imports

opengl32

glClear
glBindTexture
glViewport
glGenTextures
glGetIntegerv
glGetString
wglGetCurrentDC
wglGetProcAddress
glTexParameteri
glPixelStorei
glTexImage2D

kernel32

VerSetConditionMask
QueryPerformanceFrequency
GetModuleHandleA
FreeLibrary
GetProcAddress
LoadLibraryA
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
OutputDebugStringW
VirtualQuery
RaiseException
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetFileSizeEx
CreateFileA
WaitForMultipleObjects
Process32First
ReadFile
GetFileType
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExA
GetTickCount
VerifyVersionInfoA
GetSystemDirectoryA
SleepEx
LocalFree
FormatMessageA
SetLastError
QueryFullProcessImageNameW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
VirtualProtect
GetCurrentProcess
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
CreateFileW
WriteProcessMemory
SetConsoleTextAttribute
GetStdHandle
Module32Next
Module32First
OpenProcess
CreateToolhelp32Snapshot
QueryPerformanceCounter
GlobalAlloc
MultiByteToWideChar
GetModuleFileNameA
Sleep
SetConsoleTitleA
IsDebuggerPresent
FormatMessageW
GetLastError
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetThreadExecutionState
GetModuleHandleW
ReadProcessMemory
Process32Next
ExitProcess
CreateThread
CloseHandle
PeekNamedPipe

user32

DestroyWindow
CreateWindowExW
RegisterClassExW
UnregisterClassW
DefWindowProcW
WaitMessage
GetLayeredWindowAttributes
SendMessageW
BringWindowToTop
GetMessageTime
PeekMessageW
DispatchMessageW
TranslateMessage
GetWindowThreadProcessId
IsIconic
SetLayeredWindowAttributes
FlashWindow
MoveWindow
PostMessageW
OpenClipboard
ToUnicode
UnregisterDeviceNotification
RegisterDeviceNotificationW
EnumDisplayMonitors
EnumDisplayDevicesW
EnumDisplaySettingsExW
EnumDisplaySettingsW
SetRect
GetRawInputDeviceList
GetRawInputDeviceInfoA
RegisterRawInputDevices
GetWindowPlacement
GetSystemMetrics
GetActiveWindow
ShowWindow
IsZoomed
GetAsyncKeyState
SetWindowLongA
MessageBoxA
SetFocus
GetMonitorInfoA
mouse_event
FindWindowA
GetKeyState
MapVirtualKeyW
GetDC
MonitorFromWindow
MsgWaitForMultipleObjects
ScreenToClient
SetForegroundWindow
ClientToScreen
TrackMouseEvent
GetForegroundWindow
SetPropW
SetCapture
SetCursor
GetPropW
GetClientRect
PtInRect
GetWindowLongW
ChangeDisplaySettingsExW
SetWindowPos
GetRawInputData
GetMonitorInfoW
SystemParametersInfoW
CreateIconIndirect
LoadImageW
DestroyIcon
LoadCursorW
GetClassLongPtrW
SetWindowLongW
SetWindowPlacement
GetWindowRect
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
IsWindowVisible
RemovePropW
ReleaseDC
SetWindowTextW
AdjustWindowRectEx
WindowFromPoint
ClipCursor
SetCursorPos
ReleaseCapture
GetCursorPos

gdi32

GetDeviceGammaRamp
DescribePixelFormat
ChoosePixelFormat
SetDeviceGammaRamp
DeleteDC
CreateDCW
CreateDIBSection
CreateBitmap
GetDeviceCaps
CreateRectRgn
DeleteObject
SwapBuffers
SetPixelFormat

shell32

DragQueryFileW
DragQueryPoint
DragFinish
DragAcceptFiles
ShellExecuteA

msvcp140

?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?_Xlength_error@std@@YAXPEBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?good@ios_base@std@@QEBA_NXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
_Cnd_do_broadcast_at_thread_exit
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

d3dx9_43

D3DXMatrixTranspose
D3DXVec3Transform

normaliz

IdnToAscii

wldap32

ord143
ord217
ord33
ord35
ord79
ord30
ord27
ord46
ord200
ord301
ord26
ord22
ord211
ord41
ord50
ord60
ord45
ord32

crypt32

CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertFreeCertificateChain
CertAddCertificateContextToStore
CertGetNameStringA
CertFindExtension
CertEnumCertificatesInStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CertOpenStore

ws2_32

WSAStartup
WSAIoctl
htonl
listen
WSASetLastError
socket
setsockopt
ioctlsocket
__WSAFDIsSet
WSACleanup
htons
getsockopt
getsockname
getpeername
connect
bind
WSAGetLastError
send
recv
closesocket
ntohs
select
getaddrinfo
freeaddrinfo
recvfrom
sendto
gethostname
ntohl
accept

rpcrt4

UuidCreate
RpcStringFreeA
UuidToStringA

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception_context
__C_specific_handler_noexcept
__vcrt_GetModuleFileNameW
__vcrt_LoadLibraryExW
memcmp
memmove
__current_exception
memcpy
__C_specific_handler
strchr
strstr
__std_terminate
__std_exception_copy
__std_exception_destroy
memchr
strrchr
memset
_CxxThrowException

api-ms-win-crt-utility-l1-1-0

qsort
abs
rand

api-ms-win-crt-runtime-l1-1-0

_wassert
_beginthreadex
strerror
_register_thread_local_exe_atexit_callback
__sys_nerr
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
system
_c_exit
__p___argv
exit
_getpid
__p___argc
terminate
_configure_narrow_argv
_exit
_resetstkoflw
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_errno

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
calloc
free
realloc
malloc

api-ms-win-crt-filesystem-l1-1-0

_mkdir
_lock_file
_stat64
_fstat64
_access
_unlock_file
_unlink

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64

api-ms-win-crt-stdio-l1-1-0

fread
_wfopen
_lseeki64
__acrt_iob_func
__stdio_common_vsprintf
ftell
fputs
fopen
__stdio_common_vfprintf
__stdio_common_vsscanf
_open
_close
__p__commode
_popen
_pclose
fgets
fputc
ferror
_write
fclose
_read
__stdio_common_vsprintf_s
fgetc
fwrite
fseek
_get_stream_buffer_pointers
_fseeki64
_set_fmode
fsetpos
feof
ungetc
setvbuf
fgetpos
fopen_s
fflush

api-ms-win-crt-string-l1-1-0

strcspn
strlen
strspn
strcpy
wcscmp
wcscpy
tolower
strncmp
strpbrk
isupper
strcmp
_strdup
strncpy
strcat_s
strcpy_s

api-ms-win-crt-convert-l1-1-0

strtol
atoi
atof
strtoll
strtoul
strtoull
strtod

api-ms-win-crt-math-l1-1-0

ldexp
sqrtf
cosf
__setusermatherr
acosf
atan2f
pow
sinf
powf
fmodf
sqrt
_dsign
_dclass
ceilf

api-ms-win-crt-conio-l1-1-0

_getch

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale

api-ms-win-crt-multibyte-l1-1-0

_mbsicmp

advapi32

AddAccessAllowedAce
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
ConvertSidToStringSidA
CopySid
SetSecurityInfo
IsValidSid
InitializeAcl
GetTokenInformation
GetLengthSid
OpenProcessToken
CryptEncrypt

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 290KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1002KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5cb0be0146e8249b1b430e8a941159ad

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

opengl32

kernel32

user32

gdi32

shell32

msvcp140

imm32

d3dx9_43

normaliz

wldap32

crypt32

ws2_32

rpcrt4

psapi

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-conio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

advapi32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 290KB - Virtual size: 289KB

.data Size: 1002KB - Virtual size: 1.0MB

.pdata Size: 44KB - Virtual size: 43KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 290KB - Virtual size: 289KB

.data
Size: 1002KB - Virtual size: 1.0MB

.pdata
Size: 44KB - Virtual size: 43KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 7KB - Virtual size: 6KB