88cb67b97c7c5cc65262a8e55af2169d91272b0f75485490e73dbd62f02fbd75

Sharing

Copy URL Twitter E-mail

General

Target

88cb67b97c7c5cc65262a8e55af2169d91272b0f75485490e73dbd62f02fbd75
Size

2.6MB
MD5

a5b5bd5db865abecbe30bee769b8e3e1
SHA1

839e386649f7b6526960fa9b55c2fd81deb8a78c
SHA256

88cb67b97c7c5cc65262a8e55af2169d91272b0f75485490e73dbd62f02fbd75
SHA512

eba73467cf0a44636e4759bcf3693a6c5af3e461f97ab4e3421fd9a062c9d6d10c6e731d6deafd15bc5da10c4e1c3b3817011141ff9bed100db3bb9fc381601b
SSDEEP

49152:T7Ft7arLsUgwm3uKK3/5nYIQKcK60SbazB7Ku0GaXO94IBAUZLYq17Zh/Bj2:ttxTwzJ/xFcK60JtBAUZLtP/12

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
88cb67b97c7c5cc65262a8e55af2169d91272b0f75485490e73dbd62f02fbd75

Files

88cb67b97c7c5cc65262a8e55af2169d91272b0f75485490e73dbd62f02fbd75
.exe windows:5 windows x86 arch:x86

3446e0a3cfc67f691019b6deb67529e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\Code\Audit\InsideSrc\0801106204_proto_changed\target\release\symbols\Client\RzxClient.pdb

Imports

dsound

ord12
ord7

lame

ord1
ord6
ord4
ord14
ord24
ord41
ord154
ord148
ord163
ord22
ord139
ord164

netapi32

Netbios

setupapi

SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList

psapi

EnumProcesses
EnumProcessModules
GetModuleFileNameExA

ws2_32

WSAStartup
WSASetLastError
gethostbyaddr
getservbyname
WSASocketA
WSAGetLastError
gethostname
gethostbyname
htonl
ntohs
WSAWaitForMultipleEvents
WSASendTo
WSACleanup
select
setsockopt
listen
bind
getsockname
inet_ntoa
socket
htons
inet_addr
connect
closesocket
send
recv
WSAEventSelect
WSASend
ntohl
WSACloseEvent
WSARecvFrom
WSARecv
WSASetEvent
WSAEnumNetworkEvents
WSACreateEvent
getsockopt
ioctlsocket
shutdown
__WSAFDIsSet
getpeername
accept
WSAResetEvent

gdi32

GetStockObject
StretchBlt
CreateCompatibleDC
DeleteObject
DeleteDC
GetObjectA
CreateCompatibleBitmap
GetDIBits
SelectObject

gdiplus

GdipFree
GdipAlloc
GdipLoadImageFromFile
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageWidth
GdipGetImageThumbnail
GdipCloneImage
GdiplusStartup
GdiplusShutdown
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipGetImageHeight

ntdll

ZwQuerySystemInformation
NtClose
ZwQueryInformationFile
NtFreeVirtualMemory
NtAllocateVirtualMemory
RtlConvertSidToUnicodeString
NtQuerySecurityObject
NtTerminateThread
NtOpenKey
NtQuerySystemInformation
NtQueryInformationThread
NtOpenSymbolicLinkObject
NtSetInformationFile
NtQuerySymbolicLinkObject
NtQueryInformationProcess
NtWaitForSingleObject
NtReadVirtualMemory
NtOpenProcessToken
NtQueryVirtualMemory
NtQueryInformationToken
NtSetSecurityObject
NtOpenProcess
NtDuplicateObject
NtSetEvent
NtCreateEvent
NtQueryObject
RtlInitializeSListHead
RtlFreeHeap
RtlMultiByteToUnicodeSize
RtlInterlockedPopEntrySList
RtlInterlockedPushEntrySList
RtlAllocateHeap
RtlRaiseStatus
RtlMultiByteToUnicodeN
RtlUpcaseUnicodeChar
RtlCreateHeap
RtlGetVersion
NtDeviceIoControlFile
RtlUnwind
NtCreateKeyedEvent
NtWaitForKeyedEvent
NtReleaseKeyedEvent
RtlStringFromGUID
RtlFreeUnicodeString
NtQueryValueKey
NtReleaseSemaphore
NtCreateSemaphore
NtWriteFile

kernel32

FileTimeToLocalFileTime
FindFirstFileExA
MoveFileA
GetDriveTypeW
FindFirstFileExW
GetTimeZoneInformation
SetConsoleCtrlHandler
HeapSetInformation
GetStartupInfoW
GetCPInfo
GetStringTypeW
IsProcessorFeaturePresent
RaiseException
IsDebuggerPresent
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
EncodePointer
TlsFree
GetStdHandle
SetHandleCount
GetFileType
GetOEMCP
IsValidCodePage
LCMapStringW
PeekNamedPipe
GetCurrentDirectoryW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
DecodePointer
GetLocaleInfoW
UnhandledExceptionFilter
GetDateFormatA
GetTimeFormatA
GetLocaleInfoA
TlsAlloc
TlsSetValue
TlsGetValue
lstrcmpW
GetVolumeInformationA
lstrcpynA
lstrlenA
IsBadWritePtr
GetACP
SetErrorMode
SetUnhandledExceptionFilter
CreateIoCompletionPort
GetQueuedCompletionStatus
ReadDirectoryChangesW
PostQueuedCompletionStatus
CancelIo
ReleaseSemaphore
OpenSemaphoreA
CreateSemaphoreA
GetFileInformationByHandle
GetWindowsDirectoryA
GetExitCodeThread
GetCommandLineA
GetExitCodeProcess
Module32Next
TerminateProcess
VirtualFreeEx
ReadProcessMemory
FlushInstructionCache
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
CopyFileA
MoveFileExA
RemoveDirectoryA
CreateDirectoryA
OpenEventA
SetProcessWorkingSetSize
ExitProcess
GetModuleFileNameW
OpenMutexA
InterlockedExchange
GetCurrentDirectoryA
SetCurrentDirectoryA
InterlockedIncrement
InterlockedDecrement
WTSGetActiveConsoleSessionId
InitializeCriticalSection
CloseHandle
WriteFile
CreateFileA
ReadFile
SetFilePointer
GetFileSize
GetLastError
Sleep
SetFileTime
FindClose
FindFirstFileA
GetProcAddress
GetModuleHandleA
WaitForSingleObject
CreateProcessA
OutputDebugStringA
CreateMutexA
GetLocalTime
ReleaseMutex
GetFileAttributesExA
FlushFileBuffers
SetEndOfFile
LoadLibraryA
GetSystemDirectoryA
FreeLibrary
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
UnmapViewOfFile
GetTickCount
SetFileAttributesA
GetFileAttributesA
GetDiskFreeSpaceExA
GetDriveTypeA
GetLogicalDriveStringsA
GetLogicalDrives
GetModuleFileNameA
GetPrivateProfileStringA
WritePrivateProfileStringA
FlushViewOfFile
GetCurrentThreadId
SetLastError
GetComputerNameA
CreateThread
GetTempPathA
CreateEventA
SetEvent
ResetEvent
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
LoadLibraryW
GetModuleHandleW
OpenProcess
WideCharToMultiByte
Module32First
CreateToolhelp32Snapshot
Process32Next
Process32First
GetTempPathW
MultiByteToWideChar
CopyFileW
GetTempFileNameW
MoveFileExW
TerminateThread
FindResourceA
QueryPerformanceCounter
GetFullPathNameA
DuplicateHandle
GetCurrentProcess
LocalFree
FileTimeToSystemTime
FindNextFileA
GetProcessHeap
OutputDebugStringW
UnlockFileEx
UnlockFile
SystemTimeToFileTime
LockFileEx
LockFile
HeapValidate
HeapSize
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GetVersionExA
GetSystemTimeAsFileTime
GetSystemTime
GetSystemInfo
GetFullPathNameW
GetFileAttributesExW
GetFileAttributesW
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetCurrentProcessId
FormatMessageW
FormatMessageA
DeleteFileW
DeleteFileA
CreateMutexW
CreateFileMappingW
CreateFileW
AreFileApisANSI
DeleteCriticalSection
InterlockedCompareExchange
EnterCriticalSection
LeaveCriticalSection

user32

EnumChildWindows
GetDesktopWindow
FindWindowA
SendMessageA
RegisterShellHookWindow
SetWindowLongA
GetMessageA
TranslateMessage
DispatchMessageA
LoadCursorA
RegisterClassExA
ReleaseDC
GetSystemMetrics
GetDC
MsgWaitForMultipleObjects
GetWindowTextA
GetClassNameA
EnumWindows
IsWindowVisible
FindWindowExA
GetWindowThreadProcessId
GetForegroundWindow
RegisterWindowMessageA
ShowWindow
CreateWindowExA
DefWindowProcA
PostMessageA

advapi32

OpenSCManagerA
OpenServiceA
ChangeServiceConfigA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegOpenKeyA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
ImpersonateLoggedOnUser
RevertToSelf
RegDeleteValueA
RegEnumKeyExA
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetFileSecurityA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA
CreateProcessAsUserA
SetTokenInformation
GetTokenInformation
DuplicateTokenEx
RegFlushKey
StartServiceA
CloseServiceHandle
LsaOpenPolicy
LsaLookupSids
LsaFreeMemory
LsaClose
CreateServiceA

shell32

SHGetFolderPathA

ole32

CoCreateGuid
CoInitializeEx
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysAllocString
SysStringLen
SysFreeString
VariantClear

iphlpapi

GetPerAdapterInfo
GetAdaptersInfo

winmm

waveInAddBuffer
waveInUnprepareHeader
waveInStart
waveInStop
waveInOpen
waveInClose
mmioOpenA
mmioClose
mmioDescend
mmioWrite
mmioAdvance
mmioSetInfo
mmioRead
mmioSeek
mmioCreateChunk
mmioGetInfo
waveInPrepareHeader
mmioAscend

wininet

InternetOpenA
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetConnectA

wtsapi32

WTSQueryUserToken

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

mswsock

AcceptEx

Exports

Exports

?AnalyseInitialize@@YG_NXZ
?GetGameAccountFromProcess@@YG_NP6GHPAU_ANALYSER_PROCESS_GAME@@@Z@Z
?GetRunningBrowserFromProcessList@@YG_NPAU_BROWSER_INFO@@@Z
?ftplib_debug@@3HA
FtpAccess
FtpCDUp
FtpChdir
FtpClearCallback
FtpClose
FtpDelete
FtpDir
FtpGet
FtpGetFered
FtpGetResponseCode
FtpLastResponse
FtpMkdir
FtpModDate
FtpNlst
FtpPut
FtpPwd
FtpRead
FtpRename
FtpRmdir
FtpSetCallback
FtpSite
FtpSize
FtpSysType
FtpWrite
_getAccount@0

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1009KB - Virtual size: 1009KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 23KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3446e0a3cfc67f691019b6deb67529e6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dsound

lame

netapi32

setupapi

psapi

ws2_32

gdi32

gdiplus

ntdll

kernel32

user32

advapi32

shell32

ole32

oleaut32

iphlpapi

winmm

wininet

wtsapi32

version

mswsock

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 1009KB - Virtual size: 1009KB

.data Size: 23KB - Virtual size: 62KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 148KB - Virtual size: 148KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 1009KB - Virtual size: 1009KB

.data
Size: 23KB - Virtual size: 62KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 148KB - Virtual size: 148KB