e2b84208656628898bfa340b38aaab6cf7cf253a64c68b3bf84b85a170bd01eb

Sharing

Copy URL Twitter E-mail

General

Target

e2b84208656628898bfa340b38aaab6cf7cf253a64c68b3bf84b85a170bd01eb
Size

2.8MB
MD5

1a9c8dbd9d9952abefb7ad8bc69f55c8
SHA1

95bf7ad6f9b0c7da3a9eddc77ed51e312a4b2e27
SHA256

e2b84208656628898bfa340b38aaab6cf7cf253a64c68b3bf84b85a170bd01eb
SHA512

4a9dd6c8d99d4b7fff8b0b6df577f169a6783eccedea0ccf305e8cb02d8605e06d9830e1cb964b5be90db9f98d7bdf8fe7bcc8bd016526638394c4d2e690f639
SSDEEP

49152:Sqn+Wo6b4wOwkG2Bugcl4Yo8xHH4Qdc+GiRH1SZkIST5Xu14yA5nQS2nRuc/A32:Si+Wo6zDkxZceYo8xHH4/+GiRWqT1u1c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e2b84208656628898bfa340b38aaab6cf7cf253a64c68b3bf84b85a170bd01eb

Files

e2b84208656628898bfa340b38aaab6cf7cf253a64c68b3bf84b85a170bd01eb
.exe windows:4 windows x86 arch:x86

42c4e06ab2a73d0692734f435628ad1a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\CoCDCoTe\Engine\CoCMainWin32.pdb

Imports

fmodex

FMOD_Channel_SetPriority
FMOD_Channel_Set3DMinMaxDistance
FMOD_Channel_SetPaused
FMOD_Channel_Set3DAttributes
FMOD_Channel_SetVolume
FMOD_Channel_SetFrequency
FMOD_System_CreateDSPByType
FMOD_DSP_GetNumParameters
FMOD_DSP_SetParameter
FMOD_Channel_AddDSP
FMOD_DSP_Remove
FMOD_Channel_SetMode
FMOD_System_PlaySound
FMOD_Channel_Stop
FMOD_Channel_IsPlaying
FMOD_Sound_Release
FMOD_DSP_Release
FMOD_System_Set3DListenerAttributes
FMOD_System_Update
FMOD_System_Create
FMOD_Sound_GetLength
FMOD_System_CreateSound
FMOD_System_Set3DSettings
FMOD_System_Init
FMOD_System_Release

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

shlwapi

SHSetValueA
SHGetValueA

dinput8

DirectInput8Create

d3dx9_28

D3DXMatrixReflect
D3DXMatrixLookAtLH
D3DXMatrixLookAtRH
D3DXMatrixInverse
D3DXMatrixTranspose
D3DXMatrixPerspectiveFovRH
D3DXMatrixMultiply
D3DXCreateTextureFromFileInMemoryEx
D3DXPlaneNormalize
D3DXMatrixTranslation
D3DXVec3Normalize
D3DXMatrixRotationYawPitchRoll
D3DXPlaneTransform
D3DXMatrixOrthoLH
D3DXCreateTextureFromFileExA
D3DXCreateTexture
D3DXCreateTextureFromFileInMemory
D3DXVec3Transform
D3DXVec4Transform
D3DXGetFVFVertexSize
D3DXMatrixOrthoRH
D3DXCreateTextureFromFileA

d3d9

Direct3DCreate9

kernel32

LocalFree
LocalAlloc
GetThreadPriority
WaitForMultipleObjects
MulDiv
ResetEvent
InterlockedDecrement
GetComputerNameA
GetModuleHandleW
RemoveDirectoryA
GetDiskFreeSpaceA
WaitForSingleObjectEx
CreateDirectoryA
GetLocalTime
SetEvent
CreateEventA
CreateThread
SetThreadPriority
GlobalMemoryStatus
InterlockedIncrement
DeviceIoControl
lstrcpyA
lstrcatA
lstrlenA
FindFirstFileA
FindNextFileA
FindClose
GetFileAttributesA
GetSystemTimeAsFileTime
VirtualProtect
DeleteFileA
LCMapStringA
GetModuleHandleA
GetVersionExA
CreateProcessA
GetCommandLineA
FreeLibrary
GetProcAddress
GetVersionExW
ReadFile
CloseHandle
GetFileSize
WideCharToMultiByte
GetCurrentDirectoryW
CreateFileW
OutputDebugStringA
WriteFile
CreateFileA
WaitForSingleObject
ReleaseMutex
CreateMutexA
Sleep
RaiseException
SetFilePointer
SetEndOfFile
QueryPerformanceCounter
QueryPerformanceFrequency
GetStartupInfoA
ExitProcess
TerminateProcess
GetCurrentProcess
RtlUnwind
HeapFree
HeapAlloc
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsAlloc
SetLastError
GetCurrentThreadId
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
HeapSize
SetUnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
InitializeCriticalSection
InterlockedExchange
VirtualQuery
SetStdHandle
FlushFileBuffers
IsBadReadPtr
IsBadCodePtr
GetCurrentProcessId
MultiByteToWideChar
LCMapStringW
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetTickCount
GetSystemInfo

user32

PostQuitMessage
DispatchMessageA
TranslateMessage
PeekMessageA
SetMenu
ShowWindow
IsWindowVisible
SetWindowPos
AdjustWindowRect
GetWindowLongA
SetWindowPlacement
GetWindowPlacement
SetWindowLongA
SetWindowsHookExA
UnhookWindowsHookEx
MessageBoxA
GetClientRect
GetWindowRect
UpdateWindow
CreateWindowExA
SetCursor
DestroyWindow
DefWindowProcA
RegisterClassExA
LoadCursorA
LoadIconA
PostMessageA
MsgWaitForMultipleObjects
RegisterWindowMessageA
GetQueueStatus
CallNextHookEx
PostThreadMessageA

advapi32

RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
GetUserNameA

winmm

timeEndPeriod
timeBeginPeriod
timeKillEvent
timeGetTime
timeSetEvent

shell32

SHGetSpecialFolderPathA

ole32

CoFreeUnusedLibraries
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoInitialize

Sections

.text
Size: 2.2MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 568KB - Virtual size: 565KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42c4e06ab2a73d0692734f435628ad1a

Headers

File Characteristics

PDB Paths

Imports

fmodex

version

shlwapi

dinput8

d3dx9_28

d3d9

kernel32

user32

advapi32

winmm

shell32

ole32

Sections

.text Size: 2.2MB - Virtual size: 2.1MB

.rdata Size: 568KB - Virtual size: 565KB

.data Size: 72KB - Virtual size: 2.1MB

.rsrc Size: 44KB - Virtual size: 43KB

.text
Size: 2.2MB - Virtual size: 2.1MB

.rdata
Size: 568KB - Virtual size: 565KB

.data
Size: 72KB - Virtual size: 2.1MB

.rsrc
Size: 44KB - Virtual size: 43KB