Animal Well[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Animal Well.exe
Size

33.1MB
MD5

0d21ac9b7fd9ab9c6424c848c18df8ac
SHA1

bf1fc789cfaab82eae7db3555ab33d4f34c3058e
SHA256

6381dac857e0e2b4f5f11791f164c1ba2bd7e6a73fd1f7ea98e0d4a96a29d0d3
SHA512

14b91db0c9099b0988b990a8fbaede267e9980c8e679da6f459fbd8298601dc120b25e9255825ed373a82ae229fa38da8c78537b2b4c4e8097c93f1f80453d7e
SSDEEP

786432:WPKQHF5nLw0b5gPeP8RAGjfdteBp1ttr7Lz6hv3:On/w0b5g2Psf3eBp1tFH6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Animal Well.exe

Files

Animal Well.exe
.exe windows:6 windows x64 arch:x64

9b99b847baba03200c1f9d96eb53b805

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\bigdo\source\repos\BeanTech\x64\Release\Animal Well.pdb

Imports

kernel32

CancelIo
CloseHandle
CreateEventA
CreateEventW
CreateFileW
CreateSemaphoreW
CreateThread
DebugBreak
DeleteCriticalSection
DeleteFileW
EncodePointer
EnterCriticalSection
ExitProcess
ExitThread
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FormatMessageA
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetExitCodeThread
GetFileAttributesW
GetFileSizeEx
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoEx
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetOverlappedResult
GetOverlappedResultEx
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleW
ReadFile
ReleaseSemaphore
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
SetEvent
SetFilePointerEx
SetLastError
SetStdHandle
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrcmpiW
lstrlenA

ole32

CLSIDFromString
CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoUninitialize
CreateStreamOnHGlobal

user32

AdjustWindowRect
AttachThreadInput
CreateWindowExA
DefWindowProcA
DispatchMessageA
GetCursorInfo
GetCursorPos
GetForegroundWindow
GetKeyboardState
GetMonitorInfoA
GetWindowLongA
GetWindowPlacement
GetWindowRect
LoadCursorA
LoadIconA
MessageBoxA
MonitorFromWindow
PeekMessageA
PostQuitMessage
RegisterClassExA
ScreenToClient
SetCursor
SetFocus
SetForegroundWindow
SetWindowLongA
SetWindowPlacement
SetWindowPos
ShowCursor
ShowWindow
TranslateMessage

shell32

SHCreateDirectoryExW
SHGetKnownFolderPath

winspool.drv

EnumPrintersW

propsys

PropVariantToGUID

steam_api64

SteamAPI_GetHSteamUser
SteamAPI_Init
SteamAPI_RegisterCallback
SteamAPI_RestartAppIfNecessary
SteamAPI_RunCallbacks
SteamAPI_Shutdown
SteamAPI_UnregisterCallback
SteamInternal_ContextInit
SteamInternal_FindOrCreateUserInterface

xinput9_1_0

XInputGetState
XInputSetState

xaudio2_9

ord2

d3d12

ord101
D3D12SerializeRootSignature

dxgi

CreateDXGIFactory1

xpsprint

StartXpsPrintJob

winmm

timeBeginPeriod
timeEndPeriod
timeGetDevCaps
timeGetTime

hid

HidD_FreePreparsedData
HidD_GetAttributes
HidD_GetFeature
HidD_GetHidGuid
HidD_GetManufacturerString
HidD_GetPreparsedData
HidD_GetProductString
HidD_GetSerialNumberString
HidD_SetFeature
HidP_GetCaps
HidP_GetValueCaps

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceRegistryPropertyW

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement
setupGame
updateGame

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31.6MB - Virtual size: 31.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 12.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 512B - Virtual size: 52B

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b99b847baba03200c1f9d96eb53b805

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

user32

shell32

winspool.drv

propsys

steam_api64

xinput9_1_0

xaudio2_9

d3d12

dxgi

xpsprint

winmm

hid

setupapi

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 31.6MB - Virtual size: 31.6MB

.data Size: 50KB - Virtual size: 12.9MB

.pdata Size: 27KB - Virtual size: 26KB

.00cfg Size: 512B - Virtual size: 40B

.gehcont Size: 512B - Virtual size: 60B

.tls Size: 512B - Virtual size: 9B

.voltbl Size: 512B - Virtual size: 52B

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 90KB - Virtual size: 90KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 31.6MB - Virtual size: 31.6MB

.data
Size: 50KB - Virtual size: 12.9MB

.pdata
Size: 27KB - Virtual size: 26KB

.00cfg
Size: 512B - Virtual size: 40B

.gehcont
Size: 512B - Virtual size: 60B

.tls
Size: 512B - Virtual size: 9B

.voltbl
Size: 512B - Virtual size: 52B

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 90KB - Virtual size: 90KB

.reloc
Size: 4KB - Virtual size: 4KB