71b40499225e4bd9b837768d295a7b532858b91a3ca2e4e312da6fc0a95a3031

Sharing

Copy URL

Twitter E-mail

General

Target

71b40499225e4bd9b837768d295a7b532858b91a3ca2e4e312da6fc0a95a3031
Size

2.9MB
MD5

ab494601281ca73876577cffa63c42b9
SHA1

4ca94eff380d7b596504bde5a88cf0d062a3d1ca
SHA256

71b40499225e4bd9b837768d295a7b532858b91a3ca2e4e312da6fc0a95a3031
SHA512

c22af8bbe1aa50d78f7df52b075225a153b8a73ad138d8a706d11b41802a3cfbbbb02b560d84249bb418cf6ee6fd36048d0473a8a262950bb1c7acbd12ff46bd
SSDEEP

49152:k3SxUPRGjbw1qndNrOIERePiXHN9FnewLncjDDhJ559XNb:OGV5PeH/Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
71b40499225e4bd9b837768d295a7b532858b91a3ca2e4e312da6fc0a95a3031

Files

71b40499225e4bd9b837768d295a7b532858b91a3ca2e4e312da6fc0a95a3031
.exe windows:6 windows x86 arch:x86

f25170cd6aeace5599eb7404a33c8677

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemInfo
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
MultiByteToWideChar
GetTickCount
GetCurrentDirectoryW
K32GetModuleFileNameExA
K32EnumProcessModules
K32EnumProcesses
LoadLibraryA
GetProcAddress
GetModuleHandleA
VirtualProtect
VirtualAlloc
OpenProcess
ResumeThread
ExitThread
OpenThread
GetCurrentThreadId
CreateThread
SetEndOfFile
SetEnvironmentVariableA
CreateProcessA
GetExitCodeProcess
WriteConsoleW
OutputDebugStringW
HeapReAlloc
SetStdHandle
GetTimeZoneInformation
FreeEnvironmentStringsW
ExitProcess
GetCurrentProcessId
GetCurrentProcess
Sleep
WaitForSingleObject
GetEnvironmentStringsW
GetFileAttributesExW
CloseHandle
CreateDirectoryW
GetOEMCP
GetACP
IsValidCodePage
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
HeapSize
GetModuleFileNameW
GetStdHandle
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFileType
GetCPInfo
LoadLibraryExW
GetCommandLineA
IsDebuggerPresent
GetSystemTimeAsFileTime
AreFileApisANSI
GetModuleHandleExW
RtlUnwind
RaiseException
HeapAlloc
HeapFree
DecodePointer
EncodePointer
GetStringTypeW
CreateFileW
IsProcessorFeaturePresent
GetProcessHeap
HeapValidate
QueryPerformanceCounter
ReleaseSemaphore
GetLocaleInfoA
CompareStringA
WideCharToMultiByte
lstrlenW
GlobalUnlock
GlobalLock
FreeLibrary
GetSystemDirectoryA
WriteFile
SetFileAttributesA
GetLastError
GetVersionExA
GetCurrentDirectoryA
DeleteFileA
GetModuleFileNameA
MoveFileA
GetPrivateProfileStringA
lstrlenA
EnumSystemLocalesW
GlobalFree
ReadFile
OutputDebugStringA
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetFileSize
CreateFileA
CreateDirectoryA
GlobalAlloc
GetFileAttributesA
FindNextFileA
FindFirstFileA
FlushFileBuffers
FindClose

devil

ilShutDown
ilOriginFunc
ilSetPixels
ilTexImage
ilInit
ilLoad
ilGetInteger
ilGenImages
ilEnable
ilDeleteImages
ilCopyPixels
ilBindImage
ilConvertImage
ilSave

user32

ReleaseDC
GetDC
GetClientRect
ClientToScreen
FillRect
SetRect
OffsetRect
PostQuitMessage
FlashWindowEx
SetWindowPos
GetCursorPos
ScreenToClient
CharPrevExA
CharNextExA
CharNextW
GetClipboardData
CloseClipboard
OpenClipboard
GetKeyboardLayout
GetKeyboardLayoutNameA
DispatchMessageA
TranslateMessage
GetMessageA
LoadCursorA
AdjustWindowRectEx
GetMenu
RegisterClassA
SetWindowLongA
GetWindowLongA
UpdateWindow
GetAsyncKeyState
PeekMessageA
GetWindowThreadProcessId
GetClassNameA
EnumWindows
FindWindowA
MessageBoxA
GetWindowTextA
GetSystemMetrics
SetFocus
MoveWindow
DestroyWindow
IsWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
DefWindowProcA
LoadIconA
SystemParametersInfoA
GetKeyState
ShowCursor
SetCursor
DestroyCursor
LoadImageA
SetCursorPos
ShowWindow
GetCapture
SetCapture
ReleaseCapture
ChangeDisplaySettingsA
LoadStringA
InvalidateRect

gdi32

CreateDIBSection
SetBkMode
DeleteDC
CreateCompatibleDC
TextOutW
SetTextColor
SetBkColor
SelectObject
GetTextExtentPoint32W
GetCharABCWidthsFloatW
CreateFontIndirectA
EnumFontFamiliesExA
GetStockObject
CreateSolidBrush
DeleteObject
StretchBlt
GetTextExtentPoint32A
TextOutA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ole32

CoInitializeEx
OleUninitialize
OleInitialize
CoGetClassObject
OleSetContainedObject
CoInitialize
CoUninitialize
CoCreateInstance

winmm

timeGetTime
timeGetDevCaps
timeBeginPeriod
timeEndPeriod

d3d8

Direct3DCreate8

python27

PyImport_ImportModule
PyImport_AddModule
PyRun_StringFlags
Py_BuildValue
PyErr_SetString
PyExc_RuntimeError
PyInt_AsLong
PyString_FromString
PyTuple_GetItem
PyList_New
PyList_Append
PyModule_AddIntConstant
Py_InitModule4
PyLong_AsLong
PyTuple_Size
PyDict_GetItemString
PyArg_ParseTuple
PyLong_FromLongLong
PyTuple_New
PyTuple_SetItem
PyDict_Next
PyDict_Size
PyLong_AsLongLong
PyString_InternFromString
PyObject_GetAttrString
PyObject_GetAttr
PyCallable_Check
PyFloat_AsDouble
PyString_AsString
PyErr_Clear
PyErr_BadArgument
Py_Finalize
PyErr_Print
PyObject_CallObject
PyNumber_Check
_Py_NoneStruct
PyDict_SetItemString
PyModule_GetDict
PyErr_Fetch
Py_SetProgramName
Py_Initialize

iphlpapi

GetAdaptersInfo

imm32

ImmGetOpenStatus
ImmSetConversionStatus
ImmGetConversionStatus
ImmGetCandidateListW
ImmSetCompositionStringW
ImmGetCompositionStringW
ImmAssociateContext
ImmReleaseContext
ImmGetContext
ImmIsIME
ImmGetIMEFileNameA
ImmNotifyIME

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

granny2

_GrannyNewLocalPose@4
_GrannyFreeLocalPose@4
_GrannyGetWorldPoseComposite4x4Array@4
GrannyPNT332VertexType
_GrannyDeformVertices@24
_GrannyFreeMeshDeformer@4
_GrannyNewMeshDeformer@16
_GrannyCopyMeshIndices@12
_GrannyUpdateModelMatrix@20
_GrannySampleModelAnimationsAccelerated@20
_GrannyFreeCompletedModelControls@4
_GrannySetModelClock@8
_GrannyGetSourceSkeleton@4
_GrannyGetFileInfo@4
_GrannyFreeFile@4
_GrannyFreeFileSection@8
_GrannyReadEntireFileFromMemory@8
_GrannyConvertSingleObject@20
_GrannyFindMatchingMember@16
_GrannyGetMaterialTextureByType@8
_GrannyGetMeshVertices@4
_GrannyCopyMeshVertices@12
_GrannyGetMeshVertexType@4
_GrannyGetMeshTriangleGroups@4
_GrannyGetMeshTriangleGroupCount@4
_GrannyPlayControlledAnimation@12
_GrannySetControlRawLocalClock@8
_GrannyGetControlRawLocalClock@4
_GrannySetControlEaseOutCurve@28
_GrannySetControlEaseOut@8
_GrannySetControlEaseInCurve@28
_GrannySetControlEaseIn@8
_GrannyGetControlLocalDuration@4
_GrannySetControlSpeed@8
_GrannyGetControlSpeed@4
_GrannySetControlLoopCount@8
_GrannyGetControlLoopCount@4
_GrannyFreeControlIfComplete@4
_GrannyControlIsComplete@4
_GrannyCompleteControlAt@8
_GrannyFreeControlOnceUnused@4
_GrannyFreeControl@4
_GrannyGetMeshIndexCount@4
_GrannyMeshIsRigid@4
_GrannyGetMeshVertexCount@4
_GrannyGetTotalTypeSize@4
_GrannyGetWorldPoseComposite4x4@8
_GrannyGetWorldPose4x4@8
_GrannyFreeWorldPose@4
_GrannyNewWorldPose@4
_GrannyFindBoneByName@12
_GrannyGetMeshBindingToBoneIndices@4
_GrannyFreeMeshBinding@4
_GrannyNewMeshBinding@12
_GrannyFreeModelInstance@4
_GrannyInstantiateModel@4

mss32

_AIL_shutdown@0
_AIL_file_read@8
_AIL_set_file_callbacks@16
_AIL_WAV_info@8
_AIL_decompress_ASI@24
_AIL_decompress_ADPCM@12
_AIL_file_type@8
_AIL_open_digital_driver@16
_AIL_open_stream@12
_AIL_close_digital_driver@4
_AIL_enumerate_3D_providers@12
_AIL_open_3D_provider@4
_AIL_close_3D_provider@4
_AIL_open_3D_listener@4
_AIL_close_3D_listener@4
_AIL_set_3D_position@16
_AIL_set_3D_velocity@20
_AIL_set_3D_orientation@28
_AIL_startup@0
_AIL_set_redist_directory@4
_AIL_close_stream@4
_AIL_start_stream@4
_AIL_pause_stream@8
_AIL_set_stream_volume_levels@12
_AIL_stream_volume_levels@12
_AIL_set_stream_loop_count@8
_AIL_stream_status@4
_AIL_last_error@0
_AIL_allocate_sample_handle@4
_AIL_release_sample_handle@4
_AIL_init_sample@4
_AIL_set_sample_file@12
_AIL_start_sample@4
_AIL_stop_sample@4
_AIL_resume_sample@4
_AIL_end_sample@4
_AIL_set_sample_volume_pan@12
_AIL_set_sample_loop_count@8
_AIL_sample_status@4
_AIL_sample_volume_pan@12
_AIL_allocate_3D_sample_handle@4
_AIL_release_3D_sample_handle@4
_AIL_start_3D_sample@4
_AIL_stop_3D_sample@4
_AIL_resume_3D_sample@4
_AIL_end_3D_sample@4
_AIL_set_3D_sample_file@8
_AIL_set_3D_sample_volume@8
_AIL_set_3D_sample_loop_count@8
_AIL_3D_sample_status@4
_AIL_3D_sample_volume@4
_AIL_auto_update_3D_position@8
_AIL_mem_free_lock@4

speedtreert

?GetFrondMaterial@CSpeedTreeRT@@QBEPBMXZ
?GetLeafMaterial@CSpeedTreeRT@@QBEPBMXZ
?GetBranchMaterial@CSpeedTreeRT@@QBEPBMXZ
?SetFrondLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetLeafLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetBranchLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetTreePosition@CSpeedTreeRT@@QAEXMMM@Z
?GetTreePosition@CSpeedTreeRT@@QBEPBMXZ
?SetTreeSize@CSpeedTreeRT@@QAEXMM@Z
?LoadTree@CSpeedTreeRT@@QAE_NPBEI@Z
?LoadTree@CSpeedTreeRT@@QAE_NPBD@Z
?SetLeafRockingState@CSpeedTreeRT@@QAEX_N@Z
?Compute@CSpeedTreeRT@@QAE_NPBMI_N@Z
??3CSpeedTreeRT@@SAXPAX@Z
??2CSpeedTreeRT@@SAPAXI@Z
?SetBranchWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
??0CSpeedTreeRT@@QAE@XZ
??1STextures@CSpeedTreeRT@@QAE@XZ
?GetTextures@CSpeedTreeRT@@QBEXAAUSTextures@1@@Z
?GetGeometry@CSpeedTreeRT@@QAEXAAUSGeometry@1@KFFF@Z
?GetNumFrondLodLevels@CSpeedTreeRT@@QBEGXZ
?GetNumLeafLodLevels@CSpeedTreeRT@@QBEGXZ
?GetNumBranchLodLevels@CSpeedTreeRT@@QBEGXZ
?SetLodLimits@CSpeedTreeRT@@QAEXMM@Z
?SetDropToBillboard@CSpeedTreeRT@@SAX_N@Z
?SetLodLevel@CSpeedTreeRT@@QAEXM@Z
?ComputeLodLevel@CSpeedTreeRT@@QAEXXZ
?SetLocalMatrices@CSpeedTreeRT@@QAEXII@Z
??0STextures@CSpeedTreeRT@@QAE@XZ
?SetNumLeafRockingGroups@CSpeedTreeRT@@QAEXI@Z
?SetTextureFlip@CSpeedTreeRT@@SAX_N@Z
?GetCurrentError@CSpeedTreeRT@@SAPBDXZ
?GetBoundingBox@CSpeedTreeRT@@QBEXPAM@Z
?GetCollisionObjectCount@CSpeedTreeRT@@QAEIXZ
?GetCollisionObject@CSpeedTreeRT@@QAEXIAAW4ECollisionObjectType@1@PAM1@Z
?MakeInstance@CSpeedTreeRT@@QAEPAV1@XZ
??1CSpeedTreeRT@@QAE@XZ
??1SGeometry@CSpeedTreeRT@@QAE@XZ
??0SGeometry@CSpeedTreeRT@@QAE@XZ
?SetCamera@CSpeedTreeRT@@SAXPBM0@Z
?SetLightAttributes@CSpeedTreeRT@@SAXIPBM@Z
?SetLightState@CSpeedTreeRT@@SAXI_N@Z
?SetNumWindMatrices@CSpeedTreeRT@@SAXI@Z
?SetWindStrength@CSpeedTreeRT@@QAEMMMM@Z
?SetTime@CSpeedTreeRT@@SAXM@Z
?SetLeafWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetFrondWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z

dinput8

DirectInput8Create

ws2_32

gethostbyname
inet_addr
htons
WSAStartup
WSAGetLastError
WSACleanup
__WSAFDIsSet
closesocket
connect
ioctlsocket
recv
select
send
socket

ddraw

DirectDrawCreate

advapi32

RegOpenKeyExA
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegCloseKey
RegQueryValueExA
RegOpenKeyA

oleaut32

SysAllocString
VariantInit
VariantClear
SysFreeString

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 501KB - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 152KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f25170cd6aeace5599eb7404a33c8677

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

devil

user32

gdi32

shell32

ole32

winmm

d3d8

python27

iphlpapi

imm32

version

granny2

mss32

speedtreert

dinput8

ws2_32

ddraw

advapi32

oleaut32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 501KB - Virtual size: 500KB

.data Size: 152KB - Virtual size: 428KB

.data1 Size: 2KB - Virtual size: 2KB

.rsrc Size: 45KB - Virtual size: 44KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 501KB - Virtual size: 500KB

.data
Size: 152KB - Virtual size: 428KB

.data1
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 45KB - Virtual size: 44KB