Cars[.]exe | Triage

Resubmissions

17/05/2024, 17:16

240517-vtgtpaaa93 9

17/05/2024, 17:13

240517-vrg2nsaa55 6

Sharing

Copy URL Twitter E-mail

General

Target

Cars.exe
Size

17.1MB
MD5

937ab1102af423ce8c6f3166f1ebe317
SHA1

09102cf2185420529a36135be0d2a51b5128e0f8
SHA256

346830f5a837ba8e46657f5dc3625ed1555c8656f7ea3020123923c720f114e2
SHA512

6cec44754451aaaa35836eeeca23771a69cf9353b378522f78e95edba4ca35a9f9f76c2da3471ebcb5ae4af968cdba500a530599c2ae380a283cc5897d4442ab
SSDEEP

98304:1Wr5T7RlkJSl0VMt24GGPQdpAhqnyvAOO0biclBHxATNUWoaa+ve3:AFJlkJSlx+ZyoO5ruqn+v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Cars.exe

Files

Cars.exe
.exe windows:4 windows x86 arch:x86

95c84fc9c0ee95be8c1d3d9f478d2cb6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeGetTime

d3d9

Direct3DCreate9

dsound

ord11

binkw32

_BinkWait@4
_BinkDoFrame@4
_BinkCopyToBuffer@28
_BinkSetVolume@12
_BinkClose@4
_BinkNextFrame@4
_BinkOpen@8
_BinkSetSoundSystem@8
_BinkGoto@12
_BinkOpenDirectSound@4

kernel32

InterlockedIncrement
SetFilePointer
InterlockedDecrement
GetProcessHeap
GetFullPathNameA
UnmapViewOfFile
CreateFileW
GetSystemTime
GetVersionExA
FreeLibrary
LoadLibraryA
QueryPerformanceFrequency
GetTickCount
QueryPerformanceCounter
Sleep
GetCurrentDirectoryA
GlobalMemoryStatus
GetSystemInfo
GetLastError
CreateMutexA
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
WaitForMultipleObjects
CreateEventA
WaitForSingleObject
SetEvent
CloseHandle
InitializeCriticalSection
DeleteCriticalSection
CreateThread
CreateFileA
GetVolumeInformationA
FindClose
FindFirstFileA
DeleteFileA
FindNextFileA
RemoveDirectoryA
ExitThread
DuplicateHandle
GetCurrentProcess
GetCurrentThread
GetDiskFreeSpaceExA
GetFileAttributesA
CreateDirectoryA
WriteFile
ReadFile
GetFileSize
GetExitCodeThread
ResumeThread
SuspendThread
FileTimeToSystemTime
FileTimeToLocalFileTime
ExitProcess
SetThreadPriority
HeapFree
HeapAlloc
HeapReAlloc
RtlUnwind
GetProcAddress
GetModuleHandleA
TerminateProcess
RaiseException
SetEnvironmentVariableA
SetCurrentDirectoryA
GetCurrentThreadId
GetStartupInfoA
GetCommandLineA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetCurrentProcessId
GetSystemTimeAsFileTime
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapSize
GetACP
GetOEMCP
GetCPInfo
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
FlushFileBuffers
GetLocalTime
GetStdHandle
SetUnhandledExceptionFilter
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
VirtualProtect
VirtualQuery
UnhandledExceptionFilter
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
InterlockedExchange
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetTimeZoneInformation
GetLocaleInfoW
SetEndOfFile
CompareStringA
CompareStringW
GetSystemDirectoryA
GetDriveTypeA
GetLogicalDrives
ReadFileEx
WriteFileEx
CancelIo
GetOverlappedResult
IsProcessorFeaturePresent
OutputDebugStringA

user32

RegisterClassExA
SystemParametersInfoA
GetKeyboardState
MapVirtualKeyA
SetCursorPos
AdjustWindowRectEx
CreateWindowExW
UnregisterClassA
LoadIconA
ShowWindow
GetWindowTextA
DefWindowProcA
ClientToScreen
GetClientRect
IsIconic
DispatchMessageA
TranslateMessage
PeekMessageA
PostQuitMessage
DestroyWindow
UpdateWindow
ShowCursor
EnumWindows
LoadStringA
MessageBoxA
CreateWindowExA
GetSystemMetrics
SetWindowPos
wsprintfA
wsprintfW
ChangeDisplaySettingsA
RegisterClassExW

advapi32

RegOpenKeyA
RegCreateKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 368KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 654KB - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

deviance
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

is the
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fixed
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

by.SKULL
Size: 585KB - Virtual size: 7.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

FAITHBIG
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Resubmissions

Sharing

General

Malware Config

Signatures

Files

95c84fc9c0ee95be8c1d3d9f478d2cb6

Headers

File Characteristics

Imports

winmm

d3d9

dsound

binkw32

kernel32

user32

advapi32

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 368KB - Virtual size: 372KB

.data Size: 654KB - Virtual size: 656KB

.rsrc Size: 3KB - Virtual size: 4KB

deviance Size: 4.3MB - Virtual size: 4.3MB

is the Size: 47KB - Virtual size: 48KB

fixed Size: 2.1MB - Virtual size: 2.1MB

by.SKULL Size: 585KB - Virtual size: 7.8MB

FAITHBIG Size: 6.0MB - Virtual size: 6.0MB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 368KB - Virtual size: 372KB

.data
Size: 654KB - Virtual size: 656KB

.rsrc
Size: 3KB - Virtual size: 4KB

deviance
Size: 4.3MB - Virtual size: 4.3MB

is the
Size: 47KB - Virtual size: 48KB

fixed
Size: 2.1MB - Virtual size: 2.1MB

by.SKULL
Size: 585KB - Virtual size: 7.8MB

FAITHBIG
Size: 6.0MB - Virtual size: 6.0MB