383bc05cf1b27b91af6f145c2d1199e79b704183ff4530f2dd94ba8f528dcf59

Sharing

Copy URL Twitter E-mail

General

Target

383bc05cf1b27b91af6f145c2d1199e79b704183ff4530f2dd94ba8f528dcf59
Size

7.3MB
MD5

056ff27d147abd4065aacdfbeb8fcf82
SHA1

f68e3e03279a34716908bd092e2fe0bfba3f84d4
SHA256

383bc05cf1b27b91af6f145c2d1199e79b704183ff4530f2dd94ba8f528dcf59
SHA512

158825355cfccfa5312bd97570e6c79bc2a996cb35d4d2b8c9f17cecf27151481e4805097fd479658879822a6e425f766a7eea9b64f049645a51f390f432cb12
SSDEEP

98304:0aqmmAk9C26k7ZXwpnjrTYSEDABJdONECKFiK/tfapEY6:smgZX+nRsABJdONr2iKuEY6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
383bc05cf1b27b91af6f145c2d1199e79b704183ff4530f2dd94ba8f528dcf59

Files

383bc05cf1b27b91af6f145c2d1199e79b704183ff4530f2dd94ba8f528dcf59
.exe windows:5 windows x86 arch:x86

720ea47670cd38a24e10731f0b2d5401

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\tannoy\zscs\[JP_Live]\CWorking\EDDAClient.pdb

Imports

d3d9

Direct3DCreate9

dinput8

DirectInput8Create

soundlib

CreateSoundLib

ss3dgfunc

_MatrixMultiply2@12
_COLORtoDWORD@16
_WriteTGA@24
_CrossProduct@12
_VBHSelect@20
_VECTOR3_MUL_FLOAT@12
_VBHDeleteAll@4
_VBHRelease@4
_VBHCreate@0
_VBHInitialize@16
_VBHInsert@16
_VECTOR3Length@4
_Normalize@8
_GetNameRemovePath@8
_SetRotationXMatrix@8
_SetRotationYMatrix@8
_TransformVector3_VPTR2@16
_CalcDistance@8

winmm

timeBeginPeriod
timeGetTime

freeimage

_FreeImage_Load@12
_FreeImage_GetInfo@4
_FreeImage_ConvertTo16Bits565@4
_FreeImage_Unload@4
_FreeImage_SaveJPEG@12
_FreeImage_GetBits@4

kernel32

GetCurrentThread
SetUnhandledExceptionFilter
SetThreadAffinityMask
OutputDebugStringA
MultiByteToWideChar
GetSystemDirectoryA
GetWindowsDirectoryA
WideCharToMultiByte
GetExitCodeProcess
CreateProcessA
CreateMutexA
UnmapViewOfFile
MapViewOfFile
lstrcpynA
OpenEventA
IsProcessorFeaturePresent
FileTimeToLocalFileTime
OpenFileMappingA
GetTickCount
CreateFileA
GetFileSizeEx
CloseHandle
GetLocalTime
CreateDirectoryA
ReleaseMutex
GetProfileIntA
LocalFree
FormatMessageA
lstrlenA
GlobalUnlock
GlobalLock
GlobalAlloc
GetLastError
CreateFileMappingA
MulDiv
lstrlenW
SetEnvironmentVariableA
CompareStringW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
VirtualFree
HeapCreate
HeapDestroy
HeapReAlloc
HeapSize
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
LCMapStringW
LCMapStringA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
GetStringTypeA
GetDateFormatA
GetTimeFormatA
GetProcessHeap
HeapAlloc
HeapFree
LoadLibraryW
SetConsoleCtrlHandler
FatalAppExitA
SetHandleCount
OutputDebugStringW
ExitProcess
GetStartupInfoA
GetCommandLineA
ExitThread
CreateThread
IsBadReadPtr
HeapValidate
VirtualQuery
VirtualAlloc
GetSystemTimeAsFileTime
IsValidCodePage
GetACP
DebugBreak
GetStdHandle
GetFileType
WriteConsoleW
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetDiskFreeSpaceA
GetTempFileNameA
GetPrivateProfileStringA
SetFileTime
LocalFileTimeToFileTime
GetFileAttributesExA
GetFileTime
FindResourceExA
GetLocaleInfoA
ConvertDefaultLocale
EnumResourceLanguagesA
GetOEMCP
GetCPInfo
GlobalFlags
GetShortPathNameA
GetStringTypeExA
GetVolumeInformationA
FindFirstFileA
FindClose
MoveFileA
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
DuplicateHandle
GetHandleInformation
lstrcmpA
VirtualProtect
SuspendThread
ResumeThread
GetThreadPriority
SetThreadPriority
lstrcmpW
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeResource
GetThreadLocale
SystemTimeToFileTime
FileTimeToSystemTime
CompareStringA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
GetAtomNameA
GlobalGetAtomNameA
CopyFileA
GlobalSize
GetModuleFileNameA
SetFileAttributesA
GetCurrentDirectoryW
GetComputerNameA
GlobalMemoryStatusEx
GetModuleHandleW
GetSystemInfo
GetModuleFileNameW
CreateFileW
GetCurrentProcessId
GetCurrentThreadId
lstrcatA
SetCurrentDirectoryA
CreateEventA
WaitForSingleObject
InterlockedCompareExchange
SetEvent
GetFileAttributesA
DeleteFileA
ReadFile
Beep
GetVersionExA
LoadLibraryA
QueryPerformanceCounter
QueryPerformanceFrequency
InterlockedExchange
InitializeCriticalSectionAndSpinCount
LockResource
lstrcpyA
GlobalFree
GetSystemTime
WritePrivateProfileStringA
WriteFile
GetCurrentDirectoryA
GetPrivateProfileIntA
Sleep
RaiseException
IsDBCSLeadByte
GetProcAddress
lstrcmpiA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
GetModuleHandleA
LeaveCriticalSection
SetLastError
InitializeCriticalSection
GetCurrentProcess
FlushInstructionCache
EnterCriticalSection
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
GetFullPathNameA

user32

SetCaretPos
GetCaretPos
CreateCaret
GetClipboardViewer
GetClipboardOwner
GetOpenClipboardWindow
SetClipboardViewer
ChangeClipboardChain
FlashWindow
WindowFromPoint
SetParent
FindWindowExA
FindWindowA
ChildWindowFromPointEx
ChildWindowFromPoint
ShowScrollBar
GetNextDlgTabItem
GetNextDlgGroupItem
DlgDirSelectComboBoxExA
DlgDirSelectExA
DlgDirListComboBoxA
DlgDirListA
KillTimer
SetTimer
DrawCaption
DrawAnimatedRects
EnableScrollBar
LockWindowUpdate
GetDCEx
ShowOwnedPopups
IsWindowVisible
ValidateRgn
ValidateRect
GetUpdateRgn
GetUpdateRect
GetWindowDC
BringWindowToTop
GetWindowRgn
SetWindowRgn
ArrangeIconicWindows
IsZoomed
HiliteMenuItem
DrawMenuBar
DragDetect
GetMenuCheckMarkDimensions
GetClassInfoA
RegisterClassA
SendDlgItemMessageA
MapWindowPoints
AdjustWindowRectEx
EqualRect
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
GetCapture
WinHelpA
TrackPopupMenuEx
TrackPopupMenu
SetWindowPlacement
GetKeyState
GetDlgCtrlID
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
SetMenu
GetMenu
GetMessageTime
GetMessagePos
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
EndDialog
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
CheckMenuRadioItem
GetMenuContextHelpId
SetMenuContextHelpId
LoadMenuIndirectA
LoadMenuA
SetMenuItemBitmaps
ModifyMenuA
InsertMenuItemA
SetMenuItemInfoA
GetMenuItemInfoA
GetMenuDefaultItem
SetMenuDefaultItem
EnableMenuItem
CheckMenuItem
DeleteMenu
CreatePopupMenu
CreateMenu
ScrollDC
GrayStringA
GetTabbedTextExtentA
DrawTextExA
HideCaret
DrawFocusRect
DrawFrameControl
DrawEdge
DrawStateA
DrawIcon
InvertRect
FrameRect
ExcludeUpdateRgn
WindowFromDC
LoadBitmapA
GetSysColorBrush
UnhookWindowsHookEx
GetLastActivePopup
IsWindowEnabled
EnableWindow
GetWindowThreadProcessId
TabbedTextOutA
MapDialogRect
RemoveMenu
IsMenu
GetMenuItemCount
GetSubMenu
GetMenuState
GetMenuStringA
AppendMenuA
InsertMenuA
GetMenuItemID
LoadCursorW
RegisterClassExW
CreateWindowExW
GetMessageW
DispatchMessageW
DefWindowProcW
PostQuitMessage
MessageBoxW
GetCursorPos
IsClipboardFormatAvailable
UnionRect
InflateRect
IsRectEmpty
MsgWaitForMultipleObjects
OpenClipboard
GetClipboardData
CloseClipboard
SetCursor
LoadCursorFromFileA
CreateDialogParamA
CharPrevA
PtInRect
CopyRect
OffsetRect
PostMessageA
CallWindowProcA
DestroyWindow
GetDlgItem
SendMessageA
InvalidateRgn
InvalidateRect
ShowCaret
SetForegroundWindow
GetForegroundWindow
SendNotifyMessageA
SetWindowContextHelpId
GetWindowContextHelpId
PostThreadMessageA
CloseWindow
OpenIcon
CheckDlgButton
CheckRadioButton
GetDlgItemInt
GetDlgItemTextA
SetDlgItemInt
SetDlgItemTextA
SetCapture
ReleaseCapture
ScreenToClient
ClientToScreen
MoveWindow
CreateAcceleratorTableA
GetDesktopWindow
CharNextA
IsWindowUnicode
LoadStringA
CharUpperBuffA
GetParent
GetClassNameA
SetWindowPos
RedrawWindow
GetClientRect
BeginPaint
FillRect
EndPaint
GetDC
ReleaseDC
IsWindow
IsChild
SetFocus
GetFocus
GetWindow
GetSysColor
DestroyAcceleratorTable
GetSystemMetrics
CreateWindowExA
ShowWindow
UpdateWindow
ShowCursor
LoadIconA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
GetWindowLongA
SetWindowLongA
DefWindowProcA
RegisterWindowMessageA
GetClassInfoExA
LoadCursorA
RegisterClassExA
PeekMessageA
TranslateMessage
DispatchMessageA
SetRect
MessageBoxA
wsprintfA
SubtractRect
IsDlgButtonChecked
ScrollWindowEx
IsDialogMessageA
GetAsyncKeyState
SetRectEmpty
GetMessageA
LoadAcceleratorsA
TranslateAcceleratorA
DestroyMenu
ReuseDDElParam
UnpackDDElParam
GetMenuBarInfo
UnregisterClassA
GetKeyNameTextA
MapVirtualKeyA
DestroyIcon
CharUpperA
GetDialogBaseUnits
GetClipboardFormatNameA
DrawTextA
GetSystemMenu

gdi32

DeleteObject
CreateCompatibleBitmap
GetDeviceCaps
GetStockObject
CreatePenIndirect
ExtCreatePen
CreateHatchBrush
CreateBrushIndirect
CreatePatternBrush
CreateDIBPatternBrushPt
CreateFontA
CreateBitmap
CreateBitmapIndirect
SetBitmapBits
GetBitmapBits
SetBitmapDimensionEx
GetBitmapDimensionEx
CreateDiscardableBitmap
CreatePalette
CreateHalftonePalette
GetPaletteEntries
SetPaletteEntries
AnimatePalette
GetNearestPaletteIndex
ResizePalette
CreateRectRgn
CreateRectRgnIndirect
CreateEllipticRgn
CreateEllipticRgnIndirect
CreatePolygonRgn
CreatePolyPolygonRgn
CreateRoundRectRgn
PathToRegion
ExtCreateRegion
GetRegionData
SetRectRgn
CombineRgn
EqualRgn
OffsetRgn
GetRgnBox
PtInRegion
RectInRegion
CreateICA
GetBrushOrgEx
SetBrushOrgEx
EnumObjects
GetNearestColor
RealizePalette
UpdateColors
GetBkColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextColor
GetMapMode
GetGraphicsMode
GetWorldTransform
GetViewportOrgEx
GetViewportExtEx
GetWindowOrgEx
GetWindowExtEx
DPtoLP
LPtoDP
FillRgn
FrameRgn
InvertRgn
PaintRgn
PtVisible
RectVisible
GetCurrentPositionEx
Arc
Polyline
Chord
Ellipse
Pie
Polygon
PolyPolygon
Rectangle
RoundRect
PatBlt
StretchBlt
GetPixel
SetPixel
FloodFill
ExtFloodFill
CreateSolidBrush
GetTextAlign
GetTextFaceA
GetTextMetricsA
GetTextCharacterExtra
GetCharWidthA
GetFontLanguageInfo
GetCharacterPlacementA
GetAspectRatioFilterEx
DeleteDC
SetBoundsRect
GetBoundsRect
ResetDCA
GetOutlineTextMetricsA
GetCharABCWidthsA
GetFontData
GetKerningPairsA
GetGlyphOutlineA
StartDocA
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
MaskBlt
PlgBlt
SetPixelV
AngleArc
GetArcDirection
PolyPolyline
GetColorAdjustment
GetCurrentObject
PolyBezier
DrawEscape
ExtEscape
GetCharABCWidthsFloatA
GetCharWidthFloatA
AbortPath
BeginPath
CloseFigure
EndPath
FillPath
FlattenPath
GetMiterLimit
GetPath
SetMiterLimit
StrokeAndFillPath
StrokePath
WidenPath
GdiComment
PlayEnhMetaFile
GetDCOrgEx
GetClipBox
SetTextColor
SetBkColor
SaveDC
RestoreDC
SelectPalette
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
MoveToEx
LineTo
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
ArcTo
SetArcDirection
PolyDraw
PolylineTo
SetColorAdjustment
PolyBezierTo
GetClipRgn
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
EnumMetaFile
PlayMetaFile
StretchDIBits
EnumFontFamiliesExA
BitBlt
SelectObject
GetObjectA
AddFontResourceExA
RemoveFontResourceExA
GetTextExtentPoint32A
CreateFontIndirectA
CopyMetaFileA
CreateDCA
CreateMetaFileA
CloseMetaFile
CreateEnhMetaFileA
CloseEnhMetaFile
ExtTextOutA
UnrealizeObject
GetObjectType
Escape
CreateCompatibleDC
TextOutA
CreatePen

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

OpenThreadToken
RevertToSelf
GetFileSecurityA
SetFileSecurityA
RegQueryValueA
RegCreateKeyA
RegEnumKeyA
RegOpenKeyA
RegQueryValueExA
RegSetValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegEnumValueA
SetThreadToken

shell32

ShellExecuteA
DragFinish
DragQueryFileA
ExtractIconA
SHGetFileInfoA
DragAcceptFiles

shlwapi

PathFindExtensionA
PathFindFileNameA
PathRemoveFileSpecW
PathRemoveExtensionA
PathIsUNCA
PathStripToRootA
PathFileExistsA

imm32

ImmSetCompositionWindow
ImmGetOpenStatus
ImmSetConversionStatus
ImmReleaseContext
ImmGetConversionStatus
ImmGetContext
ImmSetOpenStatus

ole32

OleDuplicateData
OleCreate
CreateBindCtx
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
ReleaseStgMedium
OleSetContainedObject
CoUninitialize
CoFreeUnusedLibraries
CoTaskMemRealloc
CoTaskMemFree
OleLockRunning
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoInitialize
OleInitialize
CreateStreamOnHGlobal
OleUninitialize
CoDisconnectObject
CoInitializeEx
OleRun
CoRegisterClassObject
CoRevokeClassObject
CoReleaseMarshalData
CoMarshalInterface
CoUnmarshalInterface

oleaut32

SafeArrayUnlock
VariantInit
SysAllocString
SysStringLen
SysAllocStringLen
SysFreeString
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SystemTimeToVariantTime
VarDateFromUdate
VarUdateFromDate
VariantTimeToSystemTime
DosDateTimeToVariantTime
VarBstrFromDate
VarDateFromStr
VarDecFromStr
VarBstrFromDec
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayCopy
VariantClear
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SafeArrayDestroy
SafeArrayAccessData
SafeArrayCreate
SysAllocStringByteLen
SysStringByteLen
SafeArrayGetDim
SafeArrayGetElemsize
RegisterTypeLi
SafeArrayUnaccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayRedim
VariantCopy
VariantChangeType
SysReAllocStringLen
VarCyFromStr
VarBstrFromCy

dbghelp

MiniDumpWriteDump
MakeSureDirectoryPathExists

iphlpapi

GetAdaptersInfo

wininet

InternetConnectA
HttpSendRequestA
InternetSetStatusCallback
InternetOpenA
InternetCloseHandle
HttpOpenRequestA

ws2_32

ntohs
getsockname
socket
inet_addr
htons
WSAGetLastError
accept
bind
send
WSAStartup
listen
connect
inet_ntoa
gethostbyname
closesocket
recv
gethostname
WSACleanup

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 254KB - Virtual size: 482KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

720ea47670cd38a24e10731f0b2d5401

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d9

dinput8

soundlib

ss3dgfunc

winmm

freeimage

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

imm32

ole32

oleaut32

dbghelp

iphlpapi

wininet

ws2_32

version

Sections

.text Size: 6.0MB - Virtual size: 6.0MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 254KB - Virtual size: 482KB

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 6.0MB - Virtual size: 6.0MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 254KB - Virtual size: 482KB

.rsrc
Size: 6KB - Virtual size: 5KB