BTD88 Windows 0_6[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

BTD88 Windows 0_6.zip
Size

4.2MB
MD5

d3b73b807b84624c69eae3b2ef94bfbf
SHA1

3687c535e9526b6cb6c658d7a7a06e04faca69f0
SHA256

f884988ac9aae808fc6f46a83e7697cfec610152c1186b01f0581fd2d1e3a06b
SHA512

f5dd5009420c9c854997997ad9cb77c1a034b93f9358eff37bab2038833cd8c6544ca6c8ec92f8e3679847f85d017c689113939033c229ce32ee9f1724735ed8
SSDEEP

98304:L+JIxMVUwxBK3pbm9VkkCWW9z20wb6AzOBAxv08oLK/K7q9YO8Rak:qJOQUQKZbmYknW9z20w+Az/88oL8K7qg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BTD88.exe

Files

BTD88 Windows 0_6.zip
.zip
BTD88.exe
.exe windows:6 windows x64 arch:x64

678965afe8e5d6d3443ac0b9808fd2bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\GameMaker\GameMaker\GameMaker\Runner\VC_Runner\x64\Release-Zeus\Runner.pdb

Imports

rpcrt4

UuidToStringW
UuidCreate

wininet

InternetWriteFile
InternetOpenA
InternetCloseHandle
InternetCrackUrlA
InternetCanonicalizeUrlA
HttpOpenRequestA
HttpQueryInfoA
HttpEndRequestW
HttpSendRequestA
InternetConnectA
InternetReadFile
InternetGetConnectedState

d3d11

D3D11CreateDevice

dbghelp

SymInitialize
MiniDumpWriteDump
SymFromAddr

winmm

mciGetErrorStringA
joyGetPosEx
joyGetPos
timeGetTime
timeGetDevCaps
timeEndPeriod
timeBeginPeriod
mciSendStringA

ws2_32

WSAAddressToStringA
send
getsockname
connect
inet_ntoa
gethostname
recvfrom
recv
getsockopt
freeaddrinfo
WSAStartup
ioctlsocket
setsockopt
WSAGetLastError
getpeername
__WSAFDIsSet
select
ntohl
ntohs
htonl
htons
inet_addr
getaddrinfo
listen
closesocket
bind
accept
WSACleanup
sendto
inet_ntop
socket

gdiplus

GdiplusShutdown
GdiplusStartup

comctl32

InitCommonControlsEx

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

mfplat

MFStartup
MFCreateSourceResolver
MFCreateMediaType
MFShutdown

mf

MFCreateAudioRendererActivate
MFCreateTopologyNode
MFCreateMediaSession
MFCreateSampleGrabberSinkActivate
MFGetService
MFCreateTopology

kernel32

LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetTempPathW
SetConsoleCtrlHandler
GetCurrentThread
WriteFile
GetStdHandle
FreeLibraryAndExitThread
ResumeThread
ExitThread
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
MoveFileExW
SetFileAttributesW
GetFileAttributesExW
GetModuleHandleExW
HeapWalk
HeapValidate
RtlUnwind
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlPcToFileHeader
RtlUnwindEx
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
InitializeSListHead
RaiseException
GetStartupInfoW
IsDebuggerPresent
GetFileSizeEx
SetFilePointerEx
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
RtlVirtualUnwind
ReadConsoleW
SetStdHandle
GetTimeZoneInformation
HeapReAlloc
SetCurrentDirectoryW
GetUserDefaultLCID
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryW
GetProcAddress
WideCharToMultiByte
MultiByteToWideChar
GetLastError
LoadLibraryA
CreateEventExW
WaitForSingleObjectEx
CloseHandle
OutputDebugStringA
GetConsoleWindow
SetLastError
GetFullPathNameW
GetExitCodeThread
FormatMessageW
DeleteFileW
CreateThread
GetCurrentDirectoryW
LocalFree
GetModuleHandleW
ReadFile
SetFilePointer
CreateFileW
GetFileAttributesW
GetCurrentDirectoryA
SetCurrentDirectoryA
GetFileSize
SetEnvironmentVariableW
FormatMessageA
CreateDirectoryW
FindFirstFileW
FindNextFileW
RemoveDirectoryW
GetModuleFileNameW
GetEnvironmentVariableW
EnumSystemLocalesW
Sleep
CreateProcessW
GetExitCodeProcess
SetWaitableTimer
CreateWaitableTimerW
WaitForSingleObject
GetTickCount64
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentProcess
K32GetProcessMemoryInfo
GlobalAlloc
GlobalLock
GlobalUnlock
GetLocaleInfoW
GetVersionExW
GetSystemInfo
GlobalMemoryStatusEx
VerSetConditionMask
VerifyVersionInfoW
GlobalFree
GetCurrentProcessId
DebugBreak
GetEnvironmentVariableA
ExitProcess
lstrlenA
GetVersion
MoveFileA
GetCommandLineW
ExpandEnvironmentStringsW
GetFinalPathNameByHandleW
SetErrorMode
GetCurrentThreadId
SetUnhandledExceptionFilter
OutputDebugStringW
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
ResetEvent
SetEvent
GetStringTypeW
GetLocaleInfoEx
GetCPInfo
CompareStringEx
LCMapStringEx
DecodePointer
EncodePointer
CreateSymbolicLinkW
GetFileInformationByHandleEx
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
GetSystemTimeAsFileTime
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
InitOnceExecuteOnce
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetFileInformationByHandle
GetNativeSystemInfo
SwitchToThread
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryEnterCriticalSection
SetEndOfFile
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
TlsFree
TlsGetValue
TlsAlloc
SetThreadPriority
TlsSetValue
DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
RtlCaptureStackBackTrace
IsValidLocale
FlushFileBuffers
GetConsoleOutputCP
FindClose
GetConsoleMode
HeapSize
FreeLibrary
WriteConsoleW

user32

GetForegroundWindow
DispatchMessageW
IsDialogMessageW
PeekMessageW
EnumDisplaySettingsA
UpdateWindow
SetProcessDPIAware
SetDlgItemTextA
MessageBoxA
GetFocus
OpenClipboard
CloseClipboard
GetMonitorInfoW
MonitorFromWindow
TranslateMessage
SetCapture
GetRawInputDeviceList
GetRawInputDeviceInfoA
MessageBoxW
LoadImageW
EmptyClipboard
GetClipboardData
SetClipboardData
IsClipboardFormatAvailable
keybd_event
SetForegroundWindow
ReleaseCapture
FindWindowA
EnumDisplaySettingsW
GetClientRect
GetAsyncKeyState
IsWindowVisible
GetWindowLongPtrW
GetLayeredWindowAttributes
IntersectRect
wsprintfW
GetCursorPos
GetActiveWindow
SetWindowLongPtrW
ClientToScreen
MoveWindow
SetCursorPos
CreateDialogParamW
GetDC
SetWindowTextW
SetDlgItemTextW
GetDlgItemTextW
GetDlgItem
DrawTextW
DialogBoxParamW
ReleaseDC
DefWindowProcW
AdjustWindowRectEx
GetKeyState
PostMessageW
GetWindowRect
DestroyWindow
SetWindowPos
CreateWindowExW
ScreenToClient
SendMessageW
CallNextHookEx
GetSystemMetrics
RegisterClassExW
ShowWindow
FindWindowExA
MapWindowPoints
UnhookWindowsHookEx
EnumWindows
SetFocus
BringWindowToTop
EnumDisplayDevicesW
LoadCursorW
SendMessageA
SetParent
EndDialog
SetWindowsHookExW
SetCursor

gdi32

GetStockObject
DeleteObject
CombineRgn
GetRgnBox
CreateRectRgnIndirect
GetDeviceCaps
SelectObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegOpenKeyExW
RegCloseKey
CryptGenRandom
CryptReleaseContext
RegQueryValueExW
CryptAcquireContextA

shell32

ShellExecuteW
SHGetFolderPathW

ole32

CoCreateInstance
CoTaskMemFree
CoInitialize
CoCreateFreeThreadedMarshaler

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext
ImmSetCandidateWindow

dwmapi

DwmGetCompositionTimingInfo
DwmGetWindowAttribute

Sections

.text
Size: 8.6MB - Virtual size: 8.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 429KB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 406KB - Virtual size: 405KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

minATL
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mydata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
data.win
options.ini

Sharing

General

Malware Config

Signatures

Files

678965afe8e5d6d3443ac0b9808fd2bb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

wininet

d3d11

dbghelp

winmm

ws2_32

gdiplus

comctl32

version

mfplat

mf

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

imm32

dwmapi

Sections

.text Size: 8.6MB - Virtual size: 8.6MB

.rdata Size: 2.0MB - Virtual size: 2.0MB

.data Size: 429KB - Virtual size: 2.8MB

.pdata Size: 406KB - Virtual size: 405KB

_RDATA Size: 512B - Virtual size: 244B

minATL Size: 512B - Virtual size: 24B

.mydata Size: 512B - Virtual size: 24B

.rsrc Size: 43KB - Virtual size: 42KB

.text
Size: 8.6MB - Virtual size: 8.6MB

.rdata
Size: 2.0MB - Virtual size: 2.0MB

.data
Size: 429KB - Virtual size: 2.8MB

.pdata
Size: 406KB - Virtual size: 405KB

_RDATA
Size: 512B - Virtual size: 244B

minATL
Size: 512B - Virtual size: 24B

.mydata
Size: 512B - Virtual size: 24B

.rsrc
Size: 43KB - Virtual size: 42KB