AoK HD[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

AoK HD.exe
Size

4.2MB
MD5

312f4086bd9ac4bd0640193eb0b9fb11
SHA1

7b88438ed0b43973ed036614013232cb38ac41b3
SHA256

e23272e21014fb281f71a21ef96a6437ab8b322f4978fd4998be835be219edcc
SHA512

0cbe9a30d2adaf35256bb7d63febeab0a66b5349747c40eacbbd4d898d7732c2c564484f32fc700cc9d8332d677d68394e5f93d014cd37d9a59750ba984c684e
SSDEEP

98304:fiTdKvpwTTCAVvx/wkfYonXpull5isN6mI4aqscD7YH9MJ25UMjoJXLfU:6dAwauvxMYj6X4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AoK HD.exe

Files

AoK HD.exe
.exe windows:4 windows x86 arch:x86

846c0d07a253046ea729416bf703ccac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

d3d9

Direct3DCreate9

dsound

ord1

imm32

ImmAssociateContext
ImmGetContext
ImmGetOpenStatus
ImmGetDefaultIMEWnd
ImmReleaseContext
ImmNotifyIME
ImmSetOpenStatus

steam_api

SteamFriends
SteamAPI_UnregisterCallResult
SteamAPI_RegisterCallResult
SteamMatchmaking
SteamUser
SteamAPI_UnregisterCallback
SteamAPI_Shutdown
SteamAPI_RegisterCallback
SteamNetworking
SteamUtils
SteamClient
SteamAPI_RunCallbacks
SteamUserStats
SteamAPI_RestartAppIfNecessary
SteamAPI_Init
SteamRemoteStorage
SteamAPI_WriteMiniDump

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

winmm

timeEndPeriod
mixerGetLineInfoA
timeGetTime
mciGetErrorStringA
mciSendCommandA
mixerClose
mixerGetControlDetailsA
mixerGetLineControlsA
timeBeginPeriod
mixerSetControlDetails
mixerGetNumDevs
mixerOpen

zlibwapi

ord81
ord82
ord83
ord84
ord61
ord63
ord65
ord64
ord67
ord68
ord72
ord66
ord80

kernel32

GetStartupInfoA
InterlockedIncrement
InterlockedDecrement
TlsGetValue
TlsAlloc
IsDebuggerPresent
CloseHandle
ReleaseSemaphore
SetThreadPriority
SetPriorityClass
GetPriorityClass
GetThreadPriority
WaitForSingleObject
CreateSemaphoreA
GetCurrentProcess
GetCurrentThread
GetTimeFormatA
GetDateFormatA
GetFileAttributesA
CompareStringA
GlobalLock
GlobalAlloc
GlobalReAlloc
GlobalUnlock
GlobalHandle
GlobalFree
LockResource
LoadResource
FindResourceA
GetModuleHandleA
GetLastError
CreateDirectoryA
ReadFile
SetFilePointerEx
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
DeleteFileA
MoveFileA
VirtualFree
SetEndOfFile
WriteFile
FlushFileBuffers
FindClose
FindFirstFileA
CreateFileA
UnmapViewOfFile
FindNextFileA
GetTempPathA
MapViewOfFile
TlsSetValue
GetFileSizeEx
GetCurrentDirectoryA
GetTempFileNameA
OutputDebugStringA
GetProcAddress
FreeLibrary
WinExec
IsDBCSLeadByte
SetLastError
LoadLibraryA
QueryPerformanceCounter
GetTickCount
MulDiv
ReleaseMutex
CreateMutexA
GlobalMemoryStatus
MultiByteToWideChar
HeapFree
GetProcessHeap
GetFileInformationByHandle
CreateFileW
GetCommandLineA
GetFileInformationByHandleEx
OpenFileById
lstrlenW
GetFullPathNameW
HeapAlloc
HeapSize
RemoveVectoredExceptionHandler
SetEvent
InterlockedCompareExchange
GetCurrentThreadId
InterlockedExchange
AddVectoredExceptionHandler
VirtualQuery
OpenFileMappingA
GetTimeZoneInformation
GetComputerNameA
GetSystemTime
GetSystemTimeAsFileTime
HeapCreate
HeapDestroy
GetWindowsDirectoryW
GetSystemDirectoryW
RaiseException
ExitProcess
GetModuleFileNameW
CreateEventA
SizeofResource
FindResourceW
GetConsoleWindow
GetCurrentDirectoryW
GetEnvironmentStringsW
GetCommandLineW
GetStartupInfoW
GetFullPathNameA
GetModuleFileNameA
GetCurrentProcessId
GetModuleHandleExA
OpenEventA
WideCharToMultiByte
GetSystemInfo
IsProcessorFeaturePresent
EnterCriticalSection
InitializeCriticalSection
Sleep
DeleteCriticalSection
LeaveCriticalSection
GetFileSize
GetVersionExA
SetEnvironmentVariableA
lstrcmpiA
TlsFree
HeapReAlloc
GetStdHandle
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
SetStdHandle
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
TerminateProcess
UnhandledExceptionFilter
lstrcmpiW
SetUnhandledExceptionFilter
GetLocaleInfoW
CreateFileMappingA
VirtualAlloc

user32

InvalidateRect
PostQuitMessage
KillTimer
ShowWindow
IsZoomed
SetWindowTextA
SetCapture
ReleaseCapture
GetCapture
CharUpperA
AdjustWindowRect
GetUpdateRect
ValidateRect
DefWindowProcA
GetWindowThreadProcessId
IsWindow
GetFocus
SetWindowPos
GetMonitorInfoA
MonitorFromWindow
SetWindowLongA
FindWindowA
SystemParametersInfoA
BringWindowToTop
GetLastActivePopup
SetForegroundWindow
SetTimer
SetFocus
wsprintfA
MapVirtualKeyA
GetKeyNameTextA
CallWindowProcA
GetSysColor
SetSysColors
DrawTextExA
MoveWindow
GetCaretBlinkTime
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
GetKeyState
IsIconic
GetParent
GetWindowTextA
UpdateWindow
FillRect
LoadIconA
RegisterClassA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
GetWindowLongA
CreateWindowExA
DestroyWindow
SendMessageA
LoadStringA
MessageBoxA
GetCursorPos
SetClassLongA
GetSystemMetrics
SetRect
ScreenToClient
ClientToScreen
GetClientRect
GetDC
ReleaseDC
SetCursorPos
GetWindowRect
GetAsyncKeyState
DrawTextA
GetForegroundWindow
GetKeyboardState
MessageBeep
GetActiveWindow
WinHelpA
PostMessageA
LoadCursorA

gdi32

SetPaletteEntries
ResizePalette
GetSystemPaletteEntries
RealizePalette
SelectPalette
GetPaletteEntries
CreateFontIndirectA
DeleteObject
GetObjectA
LineTo
MoveToEx
CreateRectRgn
GetTextExtentPoint32A
SetBkColor
SetTextAlign
GetNearestPaletteIndex
CreatePalette
SetBkMode
GetTextMetricsA
SetTextColor
TextOutA
AddFontResourceA
GetStockObject
SelectObject
GetDeviceCaps
SelectClipRgn

comdlg32

GetOpenFileNameA

advapi32

RegOpenKeyExW
RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyA

ole32

CoCreateGuid
CoCreateInstance
CoInitialize
CoUninitialize

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 800KB - Virtual size: 797KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.version
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Inf32Dat
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

846c0d07a253046ea729416bf703ccac

Headers

File Characteristics

Imports

d3d9

dsound

imm32

steam_api

version

winmm

zlibwapi

kernel32

user32

gdi32

comdlg32

advapi32

ole32

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 800KB - Virtual size: 797KB

.data Size: 92KB - Virtual size: 1.1MB

.version Size: 4KB - Virtual size: 4B

Inf32Dat Size: 44KB - Virtual size: 43KB

.rsrc Size: 16KB - Virtual size: 14KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 800KB - Virtual size: 797KB

.data
Size: 92KB - Virtual size: 1.1MB

.version
Size: 4KB - Virtual size: 4B

Inf32Dat
Size: 44KB - Virtual size: 43KB

.rsrc
Size: 16KB - Virtual size: 14KB