CoD_SP[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

CoD_SP.exe
Size

26.9MB
MD5

f0aa1e05e6069e14cf9afc666166f380
SHA1

9e99932307e274b1529814634b8ca783f0dbd4a6
SHA256

900896ca0c1b770f2bde1fbaf8ce5e710a92481a104d26cb4237a178c0d3f908
SHA512

29486482085f3293b6ed530e7f2f3afcc2aba80b860df6543b707727cd6f15dbd5a7d6decc2325e1bb2dc0f9b8cf4ac26f7f861b9ccc6000512a08f3083a2fd0
SSDEEP

786432:vCUsQI314YYV4tP0KBKyZbKOyOXYjmkX+8DeA:KJQIhC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CoD_SP.exe

Files

CoD_SP.exe
.exe windows:6 windows x64 arch:x64

a79d9efdb5cffdecf5a2b32ba3e7aad3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

winmm

waveOutGetDevCapsW
timeGetTime
timeEndPeriod
timeBeginPeriod
mixerGetLineInfoW
mixerGetID
mixerGetLineControlsW
mixerGetControlDetailsW
waveInGetDevCapsW

clientdll

SteamAPI_GetHSteamPipe
SteamInternal_ContextInit
SteamAPI_Shutdown
SteamAPI_RunCallbacks
SteamAPI_GetSteamInstallPath
SteamAPI_Init
SteamAPI_GetHSteamUser
SteamAPI_RestartAppIfNecessary
SteamAPI_RegisterCallback
SteamAPI_RegisterCallResult
SteamAPI_UnregisterCallResult
SteamInternal_CreateInterface
SteamAPI_UnregisterCallback

amd_ags_x64

agsDriverExtensionsDX11_SetDepthBounds
agsDriverExtensionsDX11_Init
agsDriverExtensionsDX11_BeginUAVOverlap
agsDriverExtensionsDX11_EndUAVOverlap
agsGetCrossfireGPUCount
agsDeInit
agsDriverExtensionsDX11_DeInit
agsInit

bink2w64

BinkGoto
BinkPause
BinkClose
BinkWait
BinkNextFrame
BinkDoFrame
BinkRegisterFrameBuffers
BinkGetFrameBuffersInfo
BinkOpen
BinkGetError
BinkSetError
BinkGetKeyFrame
BinkSetVideoOnOff
BinkSetSoundOnOff
BinkSetSpeakerVolumes
BinkControlBackgroundIO
BinkGetRealtime
BinkSetSoundTrack
BinkSetSoundSystem2
BinkOpenXAudio2
BinkSetMemory

d3d11

D3D11CreateDevice

dxgi

CreateDXGIFactory

powrprof

CallNtPowerInformation

xinput9_1_0

XInputGetState
XInputSetState

oo2core_5_win64

OodleLZ_Decompress

hid

HidD_GetProductString
HidD_GetManufacturerString
HidD_SetFeature
HidD_GetFeature
HidD_FreePreparsedData
HidD_GetPreparsedData
HidD_GetHidGuid
HidD_GetAttributes
HidP_GetValueCaps
HidP_GetButtonCaps
HidP_GetCaps
HidD_GetSerialNumberString

kernel32

VirtualProtect
GetVersionExW
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
WriteConsoleW
SetEndOfFile
FreeEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
HeapSize
HeapFree
SetEnvironmentVariableW
SetEnvironmentVariableA
CreatePipe
GetFileAttributesExW
GetExitCodeProcess
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
VerifyVersionInfoA
ExpandEnvironmentStringsA
GetProcessHeap
LoadLibraryW
GetUserDefaultUILanguage
GetLocaleInfoW
GetEnvironmentStringsW
GetTimeZoneInformation
GetSystemInfo
CreateFileW
ReadFile
WriteFile
CloseHandle
GetLastError
PeekNamedPipe
WaitNamedPipeW
GetCurrentProcessId
GetCurrentProcess
lstrcpyW
lstrlenW
MultiByteToWideChar
K32GetModuleFileNameExW
ReleaseMutex
WaitForSingleObject
GetCurrentThreadId
GetModuleHandleW
GetProcAddress
Sleep
RtlCaptureStackBackTrace
CreateFileA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentThread
GetModuleFileNameA
LoadLibraryA
GetFileSizeEx
GetOverlappedResult
CancelIoEx
CreateEventA
RaiseException
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
WideCharToMultiByte
GetGeoInfoW
GetUserGeoID
InitializeCriticalSectionAndSpinCount
SetEvent
ReleaseSemaphore
CreateSemaphoreA
DuplicateHandle
ResetEvent
CreateThread
SetThreadPriority
GetThreadPriority
SuspendThread
DeviceIoControl
SetPriorityClass
GetModuleHandleA
GetProcessAffinityMask
SetThreadAffinityMask
CreateEventExA
WaitForMultipleObjects
GetFileAttributesA
VirtualAlloc
VirtualFree
ReadFileEx
SleepEx
GetCurrentDirectoryA
TryEnterCriticalSection
GetVersionExA
GetLogicalProcessorInformation
GlobalMemoryStatus
FreeLibrary
VerSetConditionMask
DeleteFileA
FlushFileBuffers
SetUnhandledExceptionFilter
SetErrorMode
VerifyVersionInfoW
GetLocaleInfoA
GetUserDefaultLCID
K32EnumProcessModulesEx
K32GetModuleBaseNameA
GetSystemTime
SystemTimeToFileTime
GetTickCount64
SetThreadExecutionState
GlobalMemoryStatusEx
CreateMutexA
FormatMessageA
GetFileInformationByHandle
LocalAlloc
GetSystemDirectoryW
GetFileAttributesW
LocalFree
SetLastError
LoadLibraryExW
GetFullPathNameW
OutputDebugStringW
CreateProcessA
VirtualQuery
TerminateThread
GetExitCodeThread
CreateSemaphoreW
HeapReAlloc
HeapAlloc
DecodePointer
GetThreadContext
GetThreadId
GetTempPathW
MoveFileExW
FormatMessageW
IsDebuggerPresent
GetModuleFileNameW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
WaitForSingleObjectEx
CreateEventW
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
EncodePointer
CompareStringW
LCMapStringW
GetStringTypeW
GetCPInfo
RtlPcToFileHeader
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
ExitProcess
GetModuleHandleExW
ExitThread
FreeLibraryAndExitThread
GetFileType
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetStdHandle
GetStdHandle
GetACP
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetDiskFreeSpaceExW
GetDriveTypeW
CreateDirectoryW
GetVolumeInformationW
GetVolumePathNameW
DeleteFileW
FindClose
FindFirstFileExW
FindNextFileW
ResumeThread
GetCurrentDirectoryW
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler

user32

LoadStringA
ClipCursor
ScreenToClient
ClientToScreen
GetActiveWindow
MessageBoxA
LoadCursorA
LoadStringW
MessageBoxW
DefWindowProcA
RegisterClassA
CreateWindowExA
DestroyWindow
SetWindowPos
UpdateWindow
GetWindowRect
AdjustWindowRect
LoadImageA
RegisterClassExW
TranslateMessage
GetKeyboardLayout
LoadIconA
DefWindowProcW
GetCursorPos
SetCursorPos
GetClientRect
SetFocus
PostMessageA
ChangeDisplaySettingsA
EnumThreadWindows
GetDesktopWindow
SetWindowLongA
GetWindowLongA
GetWindowTextA
ReleaseDC
GetDC
GetForegroundWindow
SendMessageA
DisplayConfigGetDeviceInfo
QueryDisplayConfig
GetDisplayConfigBufferSizes
DispatchMessageW
PeekMessageA
ShowWindow
GetMessageW
CreateWindowExW
IsRectEmpty
UnionRect
CopyRect
SetRectEmpty
GetSystemMetrics
ShowCursor
GetWindowPlacement
MapVirtualKeyA
EnumDisplayDevicesW
GetMonitorInfoW
BeginPaint
EndPaint
SetCursor
SystemParametersInfoA
GetRawInputBuffer
RegisterRawInputDevices
IsWindow
SetWindowPlacement
RedrawWindow
SetWindowLongPtrA
AdjustWindowRectEx

gdi32

CreateDCW
CreateSolidBrush
SetDeviceGammaRamp
GetDeviceCaps

advapi32

CryptGenRandom
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetKeyValueW
OpenProcessToken
OpenThreadToken
AdjustTokenPrivileges
LookupPrivilegeValueA
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
CryptCreateHash
CryptAcquireContextA
CryptDestroyHash
CryptHashData

shell32

ShellExecuteA

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
PropVariantClear
OleRun
CoInitializeSecurity
CoTaskMemFree

ws2_32

getsockopt
getpeername
WSASetLastError
WSACleanup
WSAIoctl
freeaddrinfo
recvfrom
ntohs
getsockname
connect
WSAStringToAddressA
WSAAddressToStringA
getaddrinfo
sendto
inet_addr
WSAGetLastError
WSAStartup
socket
setsockopt
send
select
recv
ntohl
htons
htonl
ioctlsocket
closesocket
bind
__WSAFDIsSet
gethostname

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiDeleteDeviceInterfaceData
SetupDiOpenDeviceInterfaceW
SetupDiDeleteDeviceInfo
SetupDiGetDeviceInstanceIdW
CM_Get_Sibling
CM_Get_Parent
CM_Get_Device_IDW
CM_Get_Child
SetupDiOpenDevRegKey
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdA
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoList
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

shlwapi

PathIsRelativeW
PathRelativePathToW

bcrypt

BCryptDecrypt
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptSetProperty
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptDestroyKey
BCryptOpenAlgorithmProvider

rpcrt4

UuidFromStringA
UuidToStringA
UuidCreate
RpcStringFreeA

oleaut32

SysFreeString
SysAllocString
VariantChangeType
VariantInit
SysStringLen
VariantClear

Exports

Exports

NvOptimusEnablement

Sections

.text
Size: 8.8MB - Virtual size: 8.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.interpr
Size: 45KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 666KB - Virtual size: 217.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 483KB - Virtual size: 484KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 12.0MB - Virtual size: 12.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a79d9efdb5cffdecf5a2b32ba3e7aad3

Headers

DLL Characteristics

File Characteristics

Imports

winmm

clientdll

amd_ags_x64

bink2w64

d3d11

dxgi

powrprof

xinput9_1_0

oo2core_5_win64

hid

kernel32

user32

gdi32

advapi32

shell32

ole32

ws2_32

setupapi

shlwapi

bcrypt

rpcrt4

oleaut32

Exports

Exports

Sections

.text Size: 8.8MB - Virtual size: 8.8MB

.interpr Size: 45KB - Virtual size: 48KB

.rdata Size: 2.3MB - Virtual size: 2.3MB

.data Size: 666KB - Virtual size: 217.4MB

.pdata Size: 483KB - Virtual size: 484KB

.tls Size: 1024B - Virtual size: 4KB

_RDATA Size: 8KB - Virtual size: 8KB

.rsrc Size: 2.5MB - Virtual size: 2.5MB

.reloc Size: 44KB - Virtual size: 44KB

.idata Size: 17KB - Virtual size: 20KB

.text Size: 12.0MB - Virtual size: 12.0MB

.text
Size: 8.8MB - Virtual size: 8.8MB

.interpr
Size: 45KB - Virtual size: 48KB

.rdata
Size: 2.3MB - Virtual size: 2.3MB

.data
Size: 666KB - Virtual size: 217.4MB

.pdata
Size: 483KB - Virtual size: 484KB

.tls
Size: 1024B - Virtual size: 4KB

_RDATA
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

.reloc
Size: 44KB - Virtual size: 44KB

.idata
Size: 17KB - Virtual size: 20KB

.text
Size: 12.0MB - Virtual size: 12.0MB