trl[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

trl.exe
Size

13.0MB
MD5

ce1b8fd9143bcfe22fb285de48e5e5c5
SHA1

499990bc6b35555d64794c60fe8965d439dc2403
SHA256

f58cd4378056075503fb6f0db6019043803dbfb708b30fcecc4d6e5f50eaa7d2
SHA512

f6685a482943f90a2c0012f69e7f942134278c1a34605d4c87f89243aad7e4b9e31577e17cdd3f59630a19c8baf7019f08fc6ce622a7088dda5c831fec7e853e
SSDEEP

98304:Cl1bBlnUAd87D3tfs1A6TS+pctU2Ip7ihEGVt:CTBlUAd87D3tfst

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
trl.exe

Files

trl.exe
.exe windows:4 windows x86 arch:x86

7c4cb3748362c1303ea20f10e7b5e159

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\tr7\output\win32_gm\game\tr7.pdb

Imports

kernel32

DuplicateHandle
GetCurrentThread
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleHandleA
OutputDebugStringA
Sleep
ReadFile
CreateFileA
GetVolumeInformationA
GetDriveTypeA
GetLogicalDriveStringsA
GetProcAddress
LoadLibraryA
FreeLibrary
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateDirectoryW
MultiByteToWideChar
CreateFileW
GetFileSize
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
WriteFile
DeleteFileW
GetOverlappedResult
FindClose
FindNextFileW
FindFirstFileW
WideCharToMultiByte
VirtualAlloc
VirtualFree
GlobalFree
GlobalAlloc
SetThreadAffinityMask
LCMapStringA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
GetACP
FlushFileBuffers
SetStdHandle
GetSystemInfo
SetFilePointer
GetCurrentProcessId
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
RaiseException
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
HeapSize
HeapCreate
HeapDestroy
VirtualQuery
InterlockedExchange
GetCommandLineA
GetStartupInfoA
GetSystemTimeAsFileTime
SetThreadPriority
GetVersionExA
SetPriorityClass
GetCurrentThreadId
SuspendThread
GetCurrentProcess
TerminateProcess
GetSystemTime
ExitProcess
CreateMutexA
GetLastError
CloseHandle
LCMapStringW
HeapReAlloc
HeapAlloc
HeapFree
RtlUnwind
DeleteCriticalSection
VirtualProtect
VirtualLock
TerminateThread
CreateThread

user32

ShowCursor
SetCursor
LoadCursorA
SetForegroundWindow
SetWindowPos
ShowWindow
GetWindowPlacement
SetFocus
GetClassNameA
EnumWindows
MessageBoxA
SystemParametersInfoA
DestroyWindow
SetWindowTextA
GetWindowRect
SendMessageA
LoadIconA
GetDlgItem
EndDialog
DialogBoxParamW
DefWindowProcA
SetCursorPos
ClientToScreen
EndPaint
FillRect
GetClientRect
BeginPaint
MessageBoxW
SetWindowTextW
IsDlgButtonChecked
PostQuitMessage
CreateWindowExA
RegisterClassA
GetMessageA
mouse_event
MonitorFromWindow
GetMonitorInfoA
GetDesktopWindow
SendDlgItemMessageW
CheckDlgButton
GetForegroundWindow
EnableWindow
SendDlgItemMessageA
InvalidateRect
DispatchMessageA
GetCursorPos
PeekMessageA
TranslateMessage

gdi32

GetStockObject

advapi32

RegEnumValueA
RegQueryValueExA
RegOpenKeyW
RegQueryValueExW
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey

comctl32

ord17

ole32

CoInitialize
CoCreateInstance
CoSetProxyBlanket
CoUninitialize

oleaut32

SysFreeString
SysAllocString

binkw32

_BinkSetVolume@12
_BinkOpenDirectSound@4
_BinkSetSoundSystem@8
_BinkOpen@8
_BinkPause@8
_BinkClose@4
_BinkWait@4
_BinkDoFrame@4
_BinkCopyToBuffer@28
_BinkNextFrame@4

winmm

waveOutGetNumDevs
waveOutOpen
waveOutClose
waveOutReset
waveOutPrepareHeader
waveOutWrite
waveOutUnprepareHeader
waveOutGetPosition
timeGetTime
waveOutGetDevCapsA

Sections

.text
Size: 11.0MB - Virtual size: 11.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shad
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bind
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c4cb3748362c1303ea20f10e7b5e159

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

comctl32

ole32

oleaut32

binkw32

winmm

Sections

.text Size: 11.0MB - Virtual size: 11.0MB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 116KB - Virtual size: 4.5MB

.shad Size: 1.8MB - Virtual size: 1.8MB

.rsrc Size: 16KB - Virtual size: 14KB

.bind Size: 4KB - Virtual size: 4KB

.text
Size: 11.0MB - Virtual size: 11.0MB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 116KB - Virtual size: 4.5MB

.shad
Size: 1.8MB - Virtual size: 1.8MB

.rsrc
Size: 16KB - Virtual size: 14KB

.bind
Size: 4KB - Virtual size: 4KB