c9890a0b65e886d3649d233765733fbca2e8aa860ba3b48a37c898624327a1f0

Sharing

Copy URL Twitter E-mail

General

Target

c9890a0b65e886d3649d233765733fbca2e8aa860ba3b48a37c898624327a1f0
Size

590KB
MD5

1cc7e435c87a2c5f48f3ddd7c932cd6d
SHA1

65a59d274b017a22d2833b54d0225154a380160e
SHA256

c9890a0b65e886d3649d233765733fbca2e8aa860ba3b48a37c898624327a1f0
SHA512

a074c964ad4e065244eb91aa6a52aff15133f3715f131b9ef4c8b7ff794008a9cfeea9966379622f8bf3b0622736cd7972bf1a86608ecf7713f9b2b00adaab25
SSDEEP

6144:HjoTxemrpU6ITIpUYPcMfB7TtXOCh+gZzPUHPXGzaysGNqz1kTBrmOvCGho3:DoFem3ITIp/EOBPlOZEFYxkTpI3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c9890a0b65e886d3649d233765733fbca2e8aa860ba3b48a37c898624327a1f0

Files

c9890a0b65e886d3649d233765733fbca2e8aa860ba3b48a37c898624327a1f0
.exe windows:6 windows x86 arch:x86

4cd6a497b56d17932037446f9417abf4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\guillemaj\Desktop\Dev_class6_handout\Debug\Development - Class 6.pdb

Imports

kernel32

CreateFileA
DeleteFileA
FindClose
FindFirstFileA
FindNextFileA
FlushFileBuffers
GetDriveTypeA
GetFileAttributesA
GetFileSize
GetFileTime
ReadFile
RemoveDirectoryA
SetFilePointer
WriteFile
CloseHandle
GetLastError
SetErrorMode
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetCurrentProcess
GetCurrentThreadId
GetVersionExA
FreeLibrary
GetModuleFileNameA
CreateDirectoryA
FormatMessageA
LoadLibraryA
GetVolumeInformationA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTimeZoneInformation
MultiByteToWideChar
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
RaiseException
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
GetCommandLineW
GetProcAddress
OutputDebugStringA
GetCurrentDirectoryA

msvcp140

?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_BADOFF@std@@3_JB
?eof@ios_base@std@@QBE_NXZ
?fail@ios_base@std@@QBE_NXZ
?bad@ios_base@std@@QBE_NXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PB_W_J@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?tellg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_JH@Z
?seekg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?gcount@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QBE_JXZ
?read@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PA_W_J@Z
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QBE_JXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?_Xbad_alloc@std@@YAXXZ

sdl2

SDL_free
SDL_RWFromConstMem
SDL_FreeRW
SDL_GetBasePath
SDL_GetPrefPath
SDL_GetError
SDL_SetMainReady
SDL_iconv_string
SDL_wcslen
SDL_malloc
SDL_isspace
SDL_Quit
SDL_DestroyWindow
SDL_GetWindowSurface
SDL_SetWindowTitle
SDL_CreateWindow
SDL_DestroyTexture
SDL_CreateTextureFromSurface
SDL_FreeSurface
SDL_DestroyRenderer
SDL_RenderPresent
SDL_ShowSimpleMessageBox
SDL_Init
SDL_RenderFillRect
SDL_RenderDrawRect
SDL_RenderDrawLine
SDL_RenderDrawPoints
SDL_RenderClear
SDL_SetRenderDrawBlendMode
SDL_SetRenderDrawColor
SDL_RenderGetViewport
SDL_RenderSetViewport
SDL_CreateRenderer
SDL_QueryTexture
SDL_PollEvent
SDL_StopTextInput
SDL_GetKeyboardState
SDL_QuitSubSystem
SDL_InitSubSystem
SDL_RenderCopyEx

sdl2_mixer

Mix_PlayChannelTimed
Mix_OpenAudio
Mix_Quit
Mix_LoadWAV_RW
Mix_LoadMUS_RW
Mix_FreeChunk
Mix_FreeMusic
Mix_PlayMusic
Mix_CloseAudio
Mix_FadeInMusic
Mix_HaltMusic
Mix_FadeOutMusic
Mix_Init

sdl2_image

IMG_Load_RW
IMG_Quit
IMG_Init

vcruntime140

_except_handler4_common
__vcrt_GetModuleFileNameW
strrchr
_purecall
__std_type_info_destroy_list
__CxxFrameHandler3
memset
strstr
memcpy
memmove
_CxxThrowException
strchr
__std_exception_copy
__std_exception_destroy
__vcrt_LoadLibraryExW

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode
fwrite
__stdio_common_vsprintf
__stdio_common_vsprintf_s
_wfopen
__stdio_common_vsscanf
fclose
ferror
fopen
fread
_fseeki64
_ftelli64

api-ms-win-crt-string-l1-1-0

strlen
strcpy_s
strcmp
strncpy_s
strncpy
strncmp

api-ms-win-crt-runtime-l1-1-0

terminate
_wassert
_errno
strerror
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_invalid_parameter_noinfo_noreturn
_cexit
_seh_filter_exe
_set_app_type
_get_narrow_winmain_command_line
_initterm
_controlfp_s
_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit
exit
_exit

api-ms-win-crt-math-l1-1-0

_except1
__setusermatherr
sin
cos
floor
ceil
fmod
_isnan
_finite

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
_callnewh
malloc
realloc

api-ms-win-crt-convert-l1-1-0

atof
strtod
strtol
strtoul
_strtoi64
_ecvt_s
_strtoui64

api-ms-win-crt-time-l1-1-0

_mktime64

api-ms-win-crt-utility-l1-1-0

bsearch

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

advapi32

OpenProcessToken
GetUserNameA

Exports

Exports

PHYSFS_addToSearchPath
PHYSFS_close
PHYSFS_deinit
PHYSFS_delete
PHYSFS_enumerateFiles
PHYSFS_enumerateFilesCallback
PHYSFS_eof
PHYSFS_exists
PHYSFS_fileLength
PHYSFS_flush
PHYSFS_freeList
PHYSFS_getBaseDir
PHYSFS_getCdRomDirs
PHYSFS_getCdRomDirsCallback
PHYSFS_getDirSeparator
PHYSFS_getLastError
PHYSFS_getLastModTime
PHYSFS_getLinkedVersion
PHYSFS_getMountPoint
PHYSFS_getRealDir
PHYSFS_getSearchPath
PHYSFS_getSearchPathCallback
PHYSFS_getUserDir
PHYSFS_getWriteDir
PHYSFS_init
PHYSFS_isDirectory
PHYSFS_isInit
PHYSFS_isSymbolicLink
PHYSFS_mkdir
PHYSFS_mount
PHYSFS_openAppend
PHYSFS_openRead
PHYSFS_openWrite
PHYSFS_permitSymbolicLinks
PHYSFS_read
PHYSFS_readSBE16
PHYSFS_readSBE32
PHYSFS_readSBE64
PHYSFS_readSLE16
PHYSFS_readSLE32
PHYSFS_readSLE64
PHYSFS_readUBE16
PHYSFS_readUBE32
PHYSFS_readUBE64
PHYSFS_readULE16
PHYSFS_readULE32
PHYSFS_readULE64
PHYSFS_removeFromSearchPath
PHYSFS_seek
PHYSFS_setAllocator
PHYSFS_setBuffer
PHYSFS_setSaneConfig
PHYSFS_setWriteDir
PHYSFS_supportedArchiveTypes
PHYSFS_swapSBE16
PHYSFS_swapSBE32
PHYSFS_swapSBE64
PHYSFS_swapSLE16
PHYSFS_swapSLE32
PHYSFS_swapSLE64
PHYSFS_swapUBE16
PHYSFS_swapUBE32
PHYSFS_swapUBE64
PHYSFS_swapULE16
PHYSFS_swapULE32
PHYSFS_swapULE64
PHYSFS_symbolicLinksPermitted
PHYSFS_tell
PHYSFS_utf8FromLatin1
PHYSFS_utf8FromUcs2
PHYSFS_utf8FromUcs4
PHYSFS_utf8ToUcs2
PHYSFS_utf8ToUcs4
PHYSFS_write
PHYSFS_writeSBE16
PHYSFS_writeSBE32
PHYSFS_writeSBE64
PHYSFS_writeSLE16
PHYSFS_writeSLE32
PHYSFS_writeSLE64
PHYSFS_writeUBE16
PHYSFS_writeUBE32
PHYSFS_writeUBE64
PHYSFS_writeULE16
PHYSFS_writeULE32
PHYSFS_writeULE64

Sections

.textbss
Size: - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 481KB - Virtual size: 480KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4cd6a497b56d17932037446f9417abf4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcp140

sdl2

sdl2_mixer

sdl2_image

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-locale-l1-1-0

advapi32

Exports

Exports

Sections

.textbss Size: - Virtual size: 223KB

.text Size: 481KB - Virtual size: 480KB

.rdata Size: 75KB - Virtual size: 74KB

.data Size: 2KB - Virtual size: 24KB

.idata Size: 12KB - Virtual size: 11KB

.gfids Size: 512B - Virtual size: 332B

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 16KB - Virtual size: 16KB

.textbss
Size: - Virtual size: 223KB

.text
Size: 481KB - Virtual size: 480KB

.rdata
Size: 75KB - Virtual size: 74KB

.data
Size: 2KB - Virtual size: 24KB

.idata
Size: 12KB - Virtual size: 11KB

.gfids
Size: 512B - Virtual size: 332B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 16KB