879e0782159a2fbf7281d837e37d66c4bfd517c4f8edd55fdb273e9a223321d0

Sharing

Copy URL

Twitter E-mail

General

Target

879e0782159a2fbf7281d837e37d66c4bfd517c4f8edd55fdb273e9a223321d0
Size

1.6MB
MD5

24c49f9f1a6d59e1b61b57c5d1533a47
SHA1

e5aceaca37e064c3d60b7e61899c667b07e182e4
SHA256

879e0782159a2fbf7281d837e37d66c4bfd517c4f8edd55fdb273e9a223321d0
SHA512

6d706c33ae9f70f5960f3f512f4e785da29eefb3a91801ce79f286f1b19f5d39faf347466f98f9586a9b87082dc406dc63f4dbf917f44dc29119a7d83a8e31e7
SSDEEP

6144:lf1W6PxUffWOyphOUqw1AzKBztFd+6mZvGZti9s+fNyDfUik00r2IZdwn8A:ltWKUffWJbACbIU4ADMV0Dn8A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
879e0782159a2fbf7281d837e37d66c4bfd517c4f8edd55fdb273e9a223321d0

Files

879e0782159a2fbf7281d837e37d66c4bfd517c4f8edd55fdb273e9a223321d0
.exe windows:6 windows x86 arch:x86

0393a034a644f59f9d3a4ed27ef9c5db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\RagClientTools\NewSetup\Release514\Setup.pdb

Imports

ddraw

DirectDrawCreateEx
DirectDrawEnumerateExA

mfc110

ord14329
ord7734
ord14327
ord9203
ord4084
ord4023
ord12720
ord7753
ord1978
ord11766
ord11765
ord14201
ord12307
ord7811
ord14401
ord6192
ord14403
ord6194
ord14402
ord6193
ord987
ord6694
ord3786
ord5765
ord12020
ord8025
ord12032
ord12000
ord5617
ord10047
ord1133
ord2826
ord14340
ord11745
ord499
ord7445
ord9032
ord2994
ord9060
ord2538
ord11998
ord1400
ord10292
ord4041
ord3177
ord918
ord7203
ord13228
ord8629
ord5277
ord4805
ord2327
ord1422
ord13641
ord3299
ord3185
ord6664
ord8936
ord1061
ord3806
ord2933
ord8556
ord4154
ord3087
ord6341
ord8943
ord1434
ord4168
ord3195
ord6672
ord8566
ord1449
ord1973
ord977
ord7444
ord10793
ord1397
ord14419
ord11717
ord11716
ord11718
ord11715
ord10961
ord10364
ord11118
ord8850
ord10814
ord11026
ord8785
ord908
ord7202
ord2245
ord2159
ord8934
ord1057
ord4151
ord3085
ord6334
ord10831
ord11912
ord6064
ord13498
ord2704
ord9017
ord11953
ord11180
ord12317
ord4025
ord3340
ord3341
ord3104
ord5975
ord6066
ord13502
ord3243
ord3240
ord10052
ord8018
ord2705
ord10082
ord10084
ord10083
ord10081
ord10085
ord5507
ord11509
ord11510
ord8947
ord11870
ord3772
ord11719
ord14322
ord8773
ord12001
ord6809
ord10795
ord9063
ord3204
ord13619
ord12318
ord2430
ord10175
ord5212
ord8130
ord4519
ord12638
ord12701
ord10228
ord12028
ord8191
ord1459
ord7470
ord12040
ord12038
ord1702
ord1711
ord1719
ord1715
ord1724
ord4842
ord4879
ord4850
ord4862
ord4858
ord8273
ord1873
ord4854
ord4885
ord4875
ord4846
ord4889
ord4867
ord4831
ord4837
ord4870
ord4432
ord5643
ord9495
ord4424
ord2995
ord14330
ord7735
ord14328
ord6710
ord11501
ord13449
ord5782
ord2626
ord11905
ord3874
ord3308
ord3309
ord3203
ord11949
ord994
ord5107
ord5404
ord5614
ord9155
ord5380
ord5110
ord5266
ord5091
ord7537
ord7538
ord7528
ord5264
ord8027
ord9016
ord3631
ord1380
ord884
ord1099
ord13054
ord3798
ord449
ord2464
ord6330
ord6333
ord3816
ord2466
ord6410
ord4746
ord1038
ord316
ord1652
ord266
ord265
ord1498
ord10266
ord1500
ord2189
ord2353

msvcr110

_setmbcp
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
?terminate@@YAXXZ
_commode
_fmode
_acmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_ismbblead
_cexit
_exit
__set_app_type
__getmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
??1type_info@@UAE@XZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
_snscanf_s
_snprintf_s
??1bad_cast@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
_unlock_file
_lock_file
_fseeki64
fsetpos
fputc
fgetpos
fgetc
memcpy_s
putchar
printf
isprint
strcoll
_isatty
_fileno
signal
strpbrk
memchr
tolower
toupper
ispunct
isxdigit
islower
isupper
tmpnam
rename
remove
_mktime32
_time32
strftime
_localtime32
_gmtime32
_difftime32
clock
system
setlocale
strncpy
strncat
strcspn
strtod
sprintf
strrchr
getenv
_HUGE
_libm_sse2_tan_precise
_libm_sse2_log_precise
_libm_sse2_log10_precise
_libm_sse2_exp_precise
_libm_sse2_atan_precise
_libm_sse2_asin_precise
_libm_sse2_acos_precise
_CItanh
_CIsinh
_CIfmod
_CIcosh
_CIatan2
modf
ldexp
frexp
ceil
srand
rand
localeconv
iscntrl
isalnum
isdigit
isalpha
tmpfile
setvbuf
_popen
_pclose
fwrite
ftell
fseek
fscanf
fflush
clearerr
_setjmp3
exit
longjmp
fgets
floor
_libm_sse2_pow_precise
strtoul
fputs
isspace
strstr
strerror
strchr
realloc
free
ungetc
getc
freopen
fread
fprintf
fopen
ferror
memmove
_vsnprintf_s
_CxxThrowException
__CxxFrameHandler3
memcpy
memset
qsort
_libm_sse2_cos_precise
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
vsprintf
_purecall
strncpy_s
_errno
__iob_func
fclose
feof

kernel32

LoadLibraryA
EncodePointer
DecodePointer
FindClose
FormatMessageA
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount64
GetProcAddress
GetModuleFileNameA
FreeLibrary
GetLastError
IsProcessorFeaturePresent
FindFirstFileA
CreateDirectoryA
lstrcatA
OutputDebugStringA
lstrcpynA
GetModuleHandleA
IsDebuggerPresent
GetVersionExA

user32

LoadBitmapW
FindWindowA
MessageBoxA
ScreenToClient
GetWindowRect
wsprintfA
GetForegroundWindow
EnableWindow
GetDlgItem
EndDialog
DialogBoxParamA
SendMessageA

gdi32

SelectObject
CreateSolidBrush
CreateCompatibleDC
BitBlt
GetObjectA

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA

oleaut32

SysFreeString

msvcp110

?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
??Bios_base@std@@QBEPAXXZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?uncaught_exception@std@@YA_NXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
??0id@locale@std@@QAE@I@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Add_vtordisp2@?$basic_ostream@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Add_vtordisp1@?$basic_istream@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Add_vtordisp1@?$basic_ios@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Add_vtordisp2@?$basic_ios@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_BADOFF@std@@3_JB
?id@?$codecvt@DDH@std@@2V0locale@2@A
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z

d3d9

Direct3DCreate9

Sections

.text
Size: 189KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0393a034a644f59f9d3a4ed27ef9c5db

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ddraw

mfc110

msvcr110

kernel32

user32

gdi32

advapi32

oleaut32

msvcp110

d3d9

Sections

.text Size: 189KB - Virtual size: 188KB

.rdata Size: 50KB - Virtual size: 49KB

.data Size: 1KB - Virtual size: 27KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 189KB - Virtual size: 188KB

.rdata
Size: 50KB - Virtual size: 49KB

.data
Size: 1KB - Virtual size: 27KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB