stealing-the-diamond[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

stealing-the-diamond.exe
Size

18.2MB
MD5

6652eb2e561bc63ca3db0a714fa9f757
SHA1

5740b93dcf7346b44b3d1d6270014a6e16caa7d0
SHA256

78b8afbfd812ff2abd6f5e016ac23fcf539db9dcc57a76c94bfcad409f9ba631
SHA512

593461b54fe745f37b33e3144edb4ae11a3cafb2b1a7f37411ff0c715a335729b71bb4d237f24ad95e5e9d9188b31881b4d5504b213b8c31f70091ac0ebdd048
SSDEEP

393216:ndMmf+y8Kl9bgo3sbQUOrRJwIF0Wi4pwLIgKccRn7GTSH54qoSy:ndP8ITs4lyinpFgKccR9Z4qfy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
stealing-the-diamond.exe

Files

stealing-the-diamond.exe
.exe windows:5 windows x86 arch:x86

eaeb57ec58e31b1fec8341e07fe60199

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\flashfarm\depot\main\player\branches\FlashPlayer\FlashPlayer10_Squirt\platform\win32\obj\player\Release\FlashPlayer.pdb

Imports

wininet

HttpQueryInfoA

crypt32

CryptGetMessageCertificates
CertCreateCertificateContext
CertFindCertificateInStore
CertVerifySubjectCertificateContext
CertFreeCertificateContext
CryptVerifyMessageSignature
CertCloseStore

urlmon

CopyStgMedium

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

winmm

waveOutGetDevCapsA
waveInGetDevCapsA
waveOutGetNumDevs
waveOutOpen
waveInStart
waveInAddBuffer
waveInGetNumDevs
waveInOpen
timeSetEvent
timeKillEvent
waveOutGetPosition
timeBeginPeriod
timeGetTime
waveInStop
waveInReset
waveInUnprepareHeader
waveInClose
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutWrite
waveOutClose
waveOutReset
timeGetDevCaps
waveInPrepareHeader
timeEndPeriod

oleaut32

SysFreeString

kernel32

FreeLibrary
GetSystemInfo
GetModuleHandleA
GetSystemDefaultLangID
MoveFileA
DeleteFileA
GetFileAttributesA
GetUserDefaultLangID
ExitThread
GlobalFree
WriteFile
SetFilePointer
CreateFileA
ReadFile
GetFileSize
LockResource
LoadResource
FindResourceExA
FindResourceExW
GetFileAttributesW
SetUnhandledExceptionFilter
GetTempPathA
FindClose
FindNextFileA
FindFirstFileA
InterlockedIncrement
InterlockedDecrement
GetTimeZoneInformation
GetSystemTime
SystemTimeToFileTime
CreateDirectoryA
GetModuleFileNameA
CreateMutexA
CreateFileW
GlobalAlloc
GetTempFileNameA
GetFullPathNameA
GetSystemDirectoryA
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
GetFileAttributesExA
SetCurrentDirectoryA
RemoveDirectoryA
SetFilePointerEx
GetFileSizeEx
UnmapViewOfFile
ReleaseMutex
MapViewOfFile
CreateFileMappingA
TerminateThread
lstrcpyA
lstrlenA
IsDBCSLeadByteEx
GetCommandLineW
DeleteFileW
SetEndOfFile
SetFileAttributesA
CopyFileA
GetStartupInfoA
GetCommandLineA
GetProcessHeap
HeapFree
VirtualAlloc
VirtualFree
VirtualProtect
CreateSemaphoreA
ReleaseSemaphore
UnhandledExceptionFilter
GetStdHandle
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
TerminateProcess
GlobalSize
GetCurrentProcessId
GlobalLock
GlobalUnlock
WideCharToMultiByte
GetCurrentProcess
GetProcessTimes
CreateWaitableTimerA
CreateThread
SetWaitableTimer
WaitForSingleObject
SetThreadPriority
QueryPerformanceFrequency
QueryPerformanceCounter
CreateProcessA
LCMapStringW
LCMapStringA
GetTickCount
GetCurrentThreadId
FlushInstructionCache
GetLocaleInfoA
SetErrorMode
GetLastError
GetVersionExA
LoadLibraryA
GetProcAddress
GetCurrentThread
SetThreadAffinityMask
VirtualQuery
IsDBCSLeadByte
GetACP
GetCPInfo
MultiByteToWideChar
ResetEvent
CreateEventA
CloseHandle
WaitForMultipleObjects
SetEvent
InterlockedExchange
InterlockedCompareExchange
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
HeapAlloc
VirtualProtectEx
IsDebuggerPresent
HeapCreate
HeapReAlloc
GetOEMCP
IsValidCodePage
RtlUnwind
HeapSize
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
RaiseException
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
GetCurrentDirectoryA

user32

LoadAcceleratorsA
GetWindowTextLengthA
GetDlgItemTextA
EnableWindow
SetDlgItemTextW
SetDlgItemTextA
GetWindowTextA
ShowWindow
UpdateWindow
UnregisterClassA
RemoveMenu
InsertMenuW
InsertMenuA
SetMenu
MoveWindow
LoadStringW
EnumDisplaySettingsA
GetWindow
IsClipboardFormatAvailable
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetWindowLongA
GetWindowThreadProcessId
IsWindow
CreateWindowExA
SetCapture
ReleaseCapture
GetMenuItemID
DeleteMenu
InsertMenuItemA
TrackPopupMenu
DefWindowProcA
GetCapture
WindowFromPoint
GetFocus
DestroyWindow
GetMenu
LoadCursorA
SetCursor
GetMessageA
ScreenToClient
KillTimer
SetTimer
LoadMenuA
GetSubMenu
DestroyMenu
BeginPaint
GetWindowTextLengthW
EnableMenuItem
CheckMenuItem
InvalidateRect
MapVirtualKeyA
GetKeyState
GetForegroundWindow
WaitForInputIdle
MessageBoxA
DialogBoxParamW
DialogBoxParamA
GetClientRect
LoadStringA
RedrawWindow
DialogBoxIndirectParamW
DialogBoxIndirectParamA
PostMessageA
SetWindowLongA
GetParent
GetWindowRect
GetDesktopWindow
SetWindowPos
LoadIconA
GetDlgItem
SendMessageA
SetWindowTextA
SetFocus
GetMenuItemCount
GetMenuItemInfoA
SystemParametersInfoA
InsertMenuItemW
GetSystemMetrics
GetClipboardFormatNameA
RegisterClipboardFormatA
DdeInitializeA
DdeCreateStringHandleA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
RegisterClassA
GetMenuStringW
GetMenuStringA
GetCursorPos
PostQuitMessage
DdeConnect
DdeClientTransaction
DdeDisconnect
DdeFreeStringHandle
DdeUninitialize
SendInput
GetKeyboardLayout
FillRect
GetDC
ReleaseDC
ClientToScreen
GetMonitorInfoA
OffsetRect
SetRect
MonitorFromWindow
GetDoubleClickTime
EndPaint
GetDlgItemTextW
EndDialog

gdi32

GetPixel
GetObjectA
CreateDIBSection
DeleteObject
GetDIBits
CreateCompatibleBitmap
GetDeviceCaps
BitBlt
SelectObject
RealizePalette
SelectPalette
ExtTextOutA
SetBkColor
CreateSolidBrush
StretchBlt
SetStretchBltMode
GetStretchBltMode
GetICMProfileA
CreateDCA
GetStockObject
CreateFontIndirectA
GetTextMetricsA
EnumFontFamiliesA
MoveToEx
DeleteDC
IntersectClipRect
SelectClipRgn
ExtTextOutW
SetTextColor
GetClipRgn
CreateRectRgn
GetTextAlign
GetBkMode
GetTextColor
GetBkColor
CreateFontIndirectW
SetWorldTransform
SetGraphicsMode
GetWorldTransform
SetTextCharacterExtra
CreatePen
DPtoLP
GetTextExtentPoint32W
GetCurrentObject
GetTextExtentPoint32A
CreatePalette
GetSystemPaletteEntries
GetClipBox
LPtoDP
StartDocA
EndDoc
StrokePath
ExtCreatePen
FillPath
StretchDIBits
CreateCompatibleDC
GdiFlush
RestoreDC
SelectClipPath
PolyBezierTo
LineTo
SetTextAlign
EndPath
BeginPath
SaveDC
SetPolyFillMode
EndPage
GetFontData
SetBkMode
EnumFontFamiliesExW
StartPage

comdlg32

CommDlgExtendedError
GetOpenFileNameA
PrintDlgA
GetOpenFileNameW
GetSaveFileNameW
GetSaveFileNameA

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

shell32

DragQueryFileA
DragAcceptFiles
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHAppBarMessage
DragQueryFileW

ole32

CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CoInitialize
CreateBindCtx
ReleaseStgMedium
CoUninitialize
OleUninitialize
OleIsCurrentClipboard
OleGetClipboard
OleSetClipboard
OleInitialize
OleFlushClipboard

mscms

DeleteColorTransform
OpenColorProfileA
CloseColorProfile
CreateColorTransformW
TranslateBitmapBits

ws2_32

inet_ntoa
WSACreateEvent
WSAEventSelect
WSAEnumNetworkEvents
ntohl
select
gethostname
WSAAddressToStringA
sendto
WSACleanup
recvfrom
ioctlsocket
connect
setsockopt
WSASetLastError
getservbyport
gethostbyaddr
htons
getservbyname
htonl
closesocket
gethostbyname
inet_addr
getsockname
ntohs
bind
send
recv
WSAStartup
WSASocketA
socket
WSAAsyncSelect
WSAIoctl
WSAGetLastError
WSACloseEvent

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 504KB - Virtual size: 503KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 106KB - Virtual size: 961KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 358KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eaeb57ec58e31b1fec8341e07fe60199

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

crypt32

urlmon

version

winmm

oleaut32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

mscms

ws2_32

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 504KB - Virtual size: 503KB

.data Size: 106KB - Virtual size: 961KB

.rodata Size: 1KB - Virtual size: 1KB

.rsrc Size: 358KB - Virtual size: 357KB

.reloc Size: 98KB - Virtual size: 97KB

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 504KB - Virtual size: 503KB

.data
Size: 106KB - Virtual size: 961KB

.rodata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 358KB - Virtual size: 357KB

.reloc
Size: 98KB - Virtual size: 97KB