05890a3e26febd1fd3bbcf6639a646bec64b23331356ea9693d3f532c563bbb9

Sharing

Copy URL Twitter E-mail

General

Target

05890a3e26febd1fd3bbcf6639a646bec64b23331356ea9693d3f532c563bbb9
Size

3.0MB
MD5

ddb11551ffb504ac3c2410a1ccb0c63d
SHA1

25c04d3a1503e65a8c64a8599580b79f518f6114
SHA256

05890a3e26febd1fd3bbcf6639a646bec64b23331356ea9693d3f532c563bbb9
SHA512

63adba5d94acaf91edb606bc8eb1213d1ee24786768a9601153e421d22f91eba793a46d193d30359dc51e365e464d8dcd9368ff488165618007fbc1ce934fef0
SSDEEP

49152:5y4tUPysCPhl7SbMEojLUc1zftAus1FpCDLRQVk3oJ5WZSPOcZoai:rPfSQEgzfE1nCfRQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05890a3e26febd1fd3bbcf6639a646bec64b23331356ea9693d3f532c563bbb9

Files

05890a3e26febd1fd3bbcf6639a646bec64b23331356ea9693d3f532c563bbb9
.exe windows:5 windows x86 arch:x86

30aa9b0b26feec16f4ee738bc0d9c495

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
GetExitCodeProcess
WriteConsoleW
OutputDebugStringW
HeapReAlloc
SetStdHandle
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileAttributesExW
FlushFileBuffers
CreateDirectoryW
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetOEMCP
GetACP
GetModuleHandleA
GetProcAddress
FindNextFileA
FindClose
FindFirstFileA
SetFileAttributesA
DeleteCriticalSection
GetSystemInfo
EnterCriticalSection
LeaveCriticalSection
Sleep
IsValidCodePage
GetModuleFileNameW
GetStdHandle
HeapSize
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
InitializeCriticalSection
CompareStringW
GetTimeFormatW
GetDateFormatW
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetEnvironmentVariableA
InitializeCriticalSectionAndSpinCount
SetLastError
UnhandledExceptionFilter
GetCPInfo
LoadLibraryExW
GetCurrentThreadId
RtlUnwind
RaiseException
GetCommandLineA
GetSystemTimeAsFileTime
IsDebuggerPresent
AreFileApisANSI
GetModuleHandleExW
ExitProcess
DecodePointer
EncodePointer
GetStringTypeW
CreateFileW
IsProcessorFeaturePresent
HeapValidate
QueryPerformanceCounter
SetUnhandledExceptionFilter
ReleaseSemaphore
GetLocaleInfoA
CompareStringA
WideCharToMultiByte
GetVersionExA
GetSystemDirectoryA
LoadLibraryA
lstrlenW
GlobalUnlock
GlobalLock
FreeLibrary
ReadFile
WriteFile
OutputDebugStringA
CreateFileMappingA
UnmapViewOfFile
SetEndOfFile
lstrcmpiA
WaitForSingleObject
GetCurrentProcessId
Module32Next
CreateToolhelp32Snapshot
GetLastError
Module32First
ReadProcessMemory
GetCurrentProcess
MultiByteToWideChar
GetTickCount
GetProcessHeap
HeapFree
lstrlenA
GlobalFree
GetPrivateProfileStringA
MoveFileA
GetCurrentDirectoryA
DeleteFileA
GetFileType
MapViewOfFile
GetFileSize
CreateDirectoryA
GetModuleFileNameA
GlobalAlloc
HeapAlloc
CloseHandle
DeviceIoControl
LCMapStringW
CreateFileA

user32

SetRect
GetAsyncKeyState
InvalidateRect
GetDC
BeginPaint
GetClientRect
PeekMessageA
ClientToScreen
EndPaint
FindWindowA
SystemParametersInfoA
GetCursorPos
SetWindowPos
FlashWindowEx
LoadIconA
PostQuitMessage
GetTopWindow
GetParent
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
GetWindow
CharPrevExA
CharNextExA
CharNextW
GetClipboardData
CloseClipboard
OpenClipboard
GetKeyboardLayout
GetKeyboardLayoutNameA
AdjustWindowRectEx
SetWindowTextA
GetMenu
ReleaseDC
RegisterClassA
SetFocus
MoveWindow
IsWindow
ScreenToClient
GetKeyState
LoadImageA
DestroyCursor
ShowCursor
SetCursor
SetCursorPos
ChangeDisplaySettingsA
ReleaseCapture
ShowWindow
GetCapture
SetCapture
GetSystemMetrics
LoadCursorA
UpdateWindow
DispatchMessageA
DefWindowProcA
CreateWindowExA
GetWindowLongA
UnregisterClassA
SetWindowLongA
TranslateMessage
RegisterClassExA
GetMessageA
DestroyWindow
MessageBoxA
LoadStringA

gdi32

GetObjectA
GetStockObject
CreateCompatibleDC
DeleteObject
EnumFontFamiliesExA
CreateFontIndirectA
GetCharABCWidthsFloatW
GetTextExtentPoint32W
SetBkColor
SetTextColor
TextOutW
GetTextExtentPointA
SetBkMode
SelectObject
DeleteDC
GetTextExtentPoint32A
BitBlt
TextOutA
CreateDIBSection

advapi32

RegOpenKeyExA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyA
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom

ole32

OleSetContainedObject
OleUninitialize
OleInitialize
CoGetClassObject
CoInitializeEx
CoUninitialize
CoCreateInstance

winmm

timeGetTime
timeEndPeriod
timeBeginPeriod
timeGetDevCaps

d3d8

Direct3DCreate8

python27

PyImport_ImportModule
PyImport_AddModule
PyRun_StringFlags
Py_Finalize
Py_Initialize
Py_SetProgramName
PyErr_Fetch
PyModule_GetDict
_Py_NoneStruct
PyNumber_Check
PyObject_CallObject
PyErr_Print
PyErr_BadArgument
Py_BuildValue
PyErr_SetString
PyExc_RuntimeError
PyString_FromString
PyInt_AsLong
PyTuple_GetItem
PyModule_AddIntConstant
PyList_New
Py_InitModule4
PyList_Append
PyArg_ParseTuple
PyTuple_Size
PyDict_GetItemString
PyLong_AsLong
PyString_AsString
PyThreadState_Get
PyTuple_New
PyDict_New
PyInt_FromLong
PyTuple_SetItem
PyDict_SetItemString
PyDict_Next
PyDict_Size
PyString_InternFromString
PyObject_GetAttrString
PyObject_GetAttr
PyCallable_Check
PyLong_AsLongLong
PyLong_AsUnsignedLongLong
PyFloat_AsDouble
PyErr_Clear

iphlpapi

GetAdaptersInfo
GetPerAdapterInfo

devil

ilConvertImage
ilShutDown
ilLoad
ilBindImage
ilGenImages
ilInit
ilEnable
ilDeleteImages
ilCopyPixels
ilOriginFunc
ilTexImage
ilGetInteger
ilSetPixels
ilSave

imm32

ImmGetOpenStatus
ImmSetConversionStatus
ImmGetConversionStatus
ImmGetCandidateListW
ImmSetCompositionStringW
ImmGetCompositionStringW
ImmAssociateContext
ImmReleaseContext
ImmGetContext
ImmIsIME
ImmGetIMEFileNameA
ImmNotifyIME

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

granny2

_GrannyGetSourceSkeleton@4
_GrannySetModelClock@8
_GrannyFreeCompletedModelControls@4
GrannyPNT332VertexType
_GrannyDeformVertices@24
_GrannyFreeMeshDeformer@4
_GrannyGetFileInfo@4
_GrannyFreeFile@4
_GrannyFreeFileSection@8
_GrannyReadEntireFileFromMemory@8
_GrannyConvertSingleObject@20
_GrannyFindMatchingMember@16
_GrannyGetMaterialTextureByType@8
_GrannyNewMeshDeformer@16
_GrannyCopyMeshIndices@12
_GrannyGetMeshVertices@4
_GrannyCopyMeshVertices@12
_GrannyGetMeshVertexType@4
_GrannyGetMeshTriangleGroups@4
_GrannyGetMeshTriangleGroupCount@4
_GrannyPlayControlledAnimation@12
_GrannySetControlRawLocalClock@8
_GrannyGetControlRawLocalClock@4
_GrannySetControlEaseOutCurve@28
_GrannySetControlEaseOut@8
_GrannySetControlEaseInCurve@28
_GrannySetControlEaseIn@8
_GrannyGetControlLocalDuration@4
_GrannySetControlSpeed@8
_GrannyGetControlSpeed@4
_GrannySetControlLoopCount@8
_GrannyGetControlLoopCount@4
_GrannyFreeControlIfComplete@4
_GrannyControlIsComplete@4
_GrannyCompleteControlAt@8
_GrannyFreeControlOnceUnused@4
_GrannyFreeControl@4
_GrannyGetMeshIndexCount@4
_GrannyMeshIsRigid@4
_GrannyGetMeshVertexCount@4
_GrannyGetTotalTypeSize@4
_GrannyGetWorldPoseComposite4x4@8
_GrannyGetWorldPose4x4@8
_GrannyFreeWorldPose@4
_GrannyNewWorldPose@4
_GrannyFindBoneByName@12
_GrannyGetMeshBindingToBoneIndices@4
_GrannyFreeMeshBinding@4
_GrannyNewMeshBinding@12
_GrannyFreeModelInstance@4
_GrannyInstantiateModel@4
_GrannyGetWorldPoseComposite4x4Array@4
_GrannyFreeLocalPose@4
_GrannyNewLocalPose@4
_GrannyUpdateModelMatrix@20
_GrannySampleModelAnimationsAccelerated@20

mss32

_AIL_set_3D_velocity@20
_AIL_file_read@8
_AIL_set_file_callbacks@16
_AIL_WAV_info@8
_AIL_decompress_ASI@24
_AIL_decompress_ADPCM@12
_AIL_file_type@8
_AIL_open_digital_driver@16
_AIL_open_stream@12
_AIL_close_digital_driver@4
_AIL_enumerate_3D_providers@12
_AIL_open_3D_provider@4
_AIL_close_3D_provider@4
_AIL_open_3D_listener@4
_AIL_close_3D_listener@4
_AIL_set_3D_position@16
_AIL_set_3D_orientation@28
_AIL_startup@0
_AIL_shutdown@0
_AIL_set_redist_directory@4
_AIL_close_stream@4
_AIL_start_stream@4
_AIL_pause_stream@8
_AIL_set_stream_volume_levels@12
_AIL_stream_volume_levels@12
_AIL_set_stream_loop_count@8
_AIL_stream_status@4
_AIL_last_error@0
_AIL_allocate_sample_handle@4
_AIL_release_sample_handle@4
_AIL_init_sample@4
_AIL_set_sample_file@12
_AIL_start_sample@4
_AIL_stop_sample@4
_AIL_resume_sample@4
_AIL_end_sample@4
_AIL_set_sample_volume_pan@12
_AIL_set_sample_loop_count@8
_AIL_sample_status@4
_AIL_sample_volume_pan@12
_AIL_allocate_3D_sample_handle@4
_AIL_release_3D_sample_handle@4
_AIL_start_3D_sample@4
_AIL_stop_3D_sample@4
_AIL_resume_3D_sample@4
_AIL_end_3D_sample@4
_AIL_set_3D_sample_file@8
_AIL_set_3D_sample_volume@8
_AIL_set_3D_sample_loop_count@8
_AIL_3D_sample_status@4
_AIL_3D_sample_volume@4
_AIL_auto_update_3D_position@8
_AIL_mem_free_lock@4

speedtreert

?GetFrondMaterial@CSpeedTreeRT@@QBEPBMXZ
?GetLeafMaterial@CSpeedTreeRT@@QBEPBMXZ
?GetBranchMaterial@CSpeedTreeRT@@QBEPBMXZ
?SetFrondLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetLeafLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetBranchLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetTreePosition@CSpeedTreeRT@@QAEXMMM@Z
?GetTreePosition@CSpeedTreeRT@@QBEPBMXZ
?SetTreeSize@CSpeedTreeRT@@QAEXMM@Z
?LoadTree@CSpeedTreeRT@@QAE_NPBEI@Z
?LoadTree@CSpeedTreeRT@@QAE_NPBD@Z
?MakeInstance@CSpeedTreeRT@@QAEPAV1@XZ
?Compute@CSpeedTreeRT@@QAE_NPBMI_N@Z
??3CSpeedTreeRT@@SAXPAX@Z
??2CSpeedTreeRT@@SAPAXI@Z
??1CSpeedTreeRT@@QAE@XZ
?SetLeafRockingState@CSpeedTreeRT@@QAEX_N@Z
??1STextures@CSpeedTreeRT@@QAE@XZ
??0STextures@CSpeedTreeRT@@QAE@XZ
??1SGeometry@CSpeedTreeRT@@QAE@XZ
??0SGeometry@CSpeedTreeRT@@QAE@XZ
?SetCamera@CSpeedTreeRT@@SAXPBM0@Z
?SetLightAttributes@CSpeedTreeRT@@SAXIPBM@Z
?SetLightState@CSpeedTreeRT@@SAXI_N@Z
?SetNumWindMatrices@CSpeedTreeRT@@SAXI@Z
?SetWindStrength@CSpeedTreeRT@@QAEMMMM@Z
?GetTextures@CSpeedTreeRT@@QBEXAAUSTextures@1@@Z
?GetGeometry@CSpeedTreeRT@@QAEXAAUSGeometry@1@KFFF@Z
?GetNumFrondLodLevels@CSpeedTreeRT@@QBEGXZ
?GetNumLeafLodLevels@CSpeedTreeRT@@QBEGXZ
?GetNumBranchLodLevels@CSpeedTreeRT@@QBEGXZ
?SetLodLimits@CSpeedTreeRT@@QAEXMM@Z
?SetDropToBillboard@CSpeedTreeRT@@SAX_N@Z
?SetLodLevel@CSpeedTreeRT@@QAEXM@Z
?SetTime@CSpeedTreeRT@@SAXM@Z
?ComputeLodLevel@CSpeedTreeRT@@QAEXXZ
?SetNumLeafRockingGroups@CSpeedTreeRT@@QAEXI@Z
?SetLeafWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetTextureFlip@CSpeedTreeRT@@SAX_N@Z
?GetCurrentError@CSpeedTreeRT@@SAPBDXZ
?GetBoundingBox@CSpeedTreeRT@@QBEXPAM@Z
?GetCollisionObjectCount@CSpeedTreeRT@@QAEIXZ
?GetCollisionObject@CSpeedTreeRT@@QAEXIAAW4ECollisionObjectType@1@PAM1@Z
?SetFrondWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
??0CSpeedTreeRT@@QAE@XZ
?SetBranchWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetLocalMatrices@CSpeedTreeRT@@QAEXII@Z

dinput8

DirectInput8Create

ws2_32

gethostbyname
send
recv
WSAGetLastError
closesocket
socket
WSACleanup
sendto
htons
inet_addr
WSAStartup
__WSAFDIsSet
connect
ioctlsocket
select

shell32

SHGetSpecialFolderPathA

oleaut32

SysAllocString
VariantInit
VariantClear
SysFreeString

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 507KB - Virtual size: 506KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 191KB - Virtual size: 472KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30aa9b0b26feec16f4ee738bc0d9c495

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

winmm

d3d8

python27

iphlpapi

devil

imm32

version

granny2

mss32

speedtreert

dinput8

ws2_32

shell32

oleaut32

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 507KB - Virtual size: 506KB

.data Size: 191KB - Virtual size: 472KB

.data1 Size: 2KB - Virtual size: 2KB

.rsrc Size: 47KB - Virtual size: 46KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 507KB - Virtual size: 506KB

.data
Size: 191KB - Virtual size: 472KB

.data1
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 47KB - Virtual size: 46KB