af6b31a71c4497870876190a1d21e1a01e2adefd257ded9b0decbf8f11c859ae

Sharing

Copy URL

Twitter E-mail

General

Target

af6b31a71c4497870876190a1d21e1a01e2adefd257ded9b0decbf8f11c859ae
Size

3.9MB
MD5

b88cfeb47a97e19fdcb8056224236f4a
SHA1

ddfe11a310d4b65a9008a82f191070173611acd1
SHA256

af6b31a71c4497870876190a1d21e1a01e2adefd257ded9b0decbf8f11c859ae
SHA512

512ff72c992bc637b3bb18645b9408966f162b01d7bd54ea860d7e032dbb32bb40e2c551309b6e9201907cb556c25c4636cba40959eb014a134f82866fe7df9b
SSDEEP

98304:bsW3PurZYTd2GYFhEXP5/l5cs+lzamVqIARzAXos3wcYM1dYoUAxdEZCWacwErVD:AW3PurSjcuR/l5cs+lzamVqIARzAXosk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af6b31a71c4497870876190a1d21e1a01e2adefd257ded9b0decbf8f11c859ae

Files

af6b31a71c4497870876190a1d21e1a01e2adefd257ded9b0decbf8f11c859ae
.exe windows:4 windows x86 arch:x86

1f429f226c167918d922fb2d71743699

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

d3dx9_25

D3DXCompileShader
D3DXDisassembleShader

dsound

ord1

winmm

timeKillEvent
timeSetEvent
mixerSetControlDetails
waveOutSetVolume
waveOutGetVolume
timeBeginPeriod
timeEndPeriod

ddraw

DirectDrawCreateEx

kernel32

HeapReAlloc
ExitProcess
GetStartupInfoA
GetCommandLineA
GetFileType
ExitThread
SetStdHandle
GetStringTypeA
GetStringTypeW
HeapDestroy
HeapCreate
IsBadWritePtr
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
SetUnhandledExceptionFilter
GetTimeZoneInformation
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
IsBadCodePtr
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetEnvironmentVariableA
GetLocaleInfoW
GetSystemTimeAsFileTime
IsBadReadPtr
HeapFree
HeapAlloc
RtlUnwind
SetErrorMode
FindResourceExA
GetOEMCP
GetCPInfo
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
GlobalFlags
GetFileTime
GetFileAttributesA
ConvertDefaultLocale
EnumResourceLanguagesA
LocalAlloc
lstrcpyA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetProfileIntA
SuspendThread
ResumeThread
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
GlobalSize
GlobalFree
FreeResource
GetFileSize
SetFilePointer
DebugBreak
IsDBCSLeadByteEx
DeviceIoControl
GetVolumeInformationA
GetTickCount
GetCurrentThread
GetThreadPriority
SetThreadPriority
VirtualAlloc
CreateSemaphoreA
VirtualFree
GetSystemInfo
ReleaseSemaphore
WaitForMultipleObjects
ResetEvent
CreateEventA
InterlockedDecrement
InterlockedIncrement
GetCurrentProcessId
ReleaseMutex
GetModuleHandleA
VirtualQuery
FlushInstructionCache
VirtualProtect
SetLastError
GetTempPathA
GetTempFileNameA
CreatePipe
DuplicateHandle
GetEnvironmentStrings
FreeEnvironmentStringsA
CreateProcessA
CreateThread
WriteFile
ReadFile
TerminateProcess
FileTimeToLocalFileTime
RaiseException
GetWindowsDirectoryA
CopyFileA
FileTimeToSystemTime
GetDateFormatA
GetTimeFormatA
GlobalAlloc
DeleteFileA
GetFileAttributesExA
CreateDirectoryA
GetFullPathNameA
GetModuleFileNameA
CloseHandle
CreateFileW
CreateFileA
IsDebuggerPresent
CreateMutexA
FindNextFileA
GetCurrentDirectoryA
GlobalLock
GlobalUnlock
GetDriveTypeA
GetCurrentThreadId
Sleep
FindFirstFileA
FindClose
GetDiskFreeSpaceExA
SetPriorityClass
MulDiv
TerminateThread
GetCurrentProcess
lstrcpynA
WaitForSingleObject
SetEvent
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
FormatMessageA
LocalFree
GetUserDefaultLCID
GetStringTypeExA
CompareStringW
CompareStringA
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrlenA
lstrlenW
lstrcmpiA
GetVersion
GetLastError
MultiByteToWideChar
GetPrivateProfileSectionA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapSize

user32

TabbedTextOutA
SetMenuItemBitmaps
ModifyMenuA
CheckMenuItem
GetMenuCheckMarkDimensions
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
CheckDlgButton
WinHelpA
SetWindowsHookExA
CallNextHookEx
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
GetTopWindow
TrackPopupMenu
GetScrollPos
GetClassInfoA
RegisterClassA
SetWindowPos
GetWindowPlacement
UnhookWindowsHookEx
GetMenuState
GetMenuStringA
GetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetIconInfo
SetWindowRgn
DeferWindowPos
GetClassNameA
GetScrollInfo
GetWindowRgn
AdjustWindowRectEx
GetMenu
BeginDeferWindowPos
EndDeferWindowPos
GetClassLongA
GetDCEx
MessageBoxA
IntersectRect
MsgWaitForMultipleObjects
PeekMessageA
GetQueueStatus
wsprintfA
GetMessageA
UnregisterClassA
CopyIcon
CreateWindowExA
GetMessageTime
DestroyIcon
GetCapture
EmptyClipboard
SetClipboardData
CloseClipboard
ReleaseCapture
OpenClipboard
SetCapture
DrawTextA
ClientToScreen
GetDlgCtrlID
TranslateMessage
DispatchMessageA
SetWindowLongA
GetDlgItemTextA
CallWindowProcA
DefWindowProcA
FindWindowA
IsIconic
ShowWindow
CreateAcceleratorTableA
DestroyAcceleratorTable
ChangeDisplaySettingsA
EnumDisplaySettingsA
ChangeDisplaySettingsExW
ChangeDisplaySettingsExA
UpdateWindow
GetMenuItemRect
SystemParametersInfoA
IsMenu
GetAsyncKeyState
GetKeyState
GetWindowLongA
PostQuitMessage
GetMenuBarInfo
GetSystemMetrics
GetMonitorInfoA
SetMenu
GetCursorPos
ExitWindowsEx
RegisterClipboardFormatA
PostThreadMessageA
SetForegroundWindow
WindowFromPoint
IsChild
GetDesktopWindow
KillTimer
ReleaseDC
GetDC
LoadMenuA
RemoveMenu
InsertMenuA
GetSubMenu
SetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
EnableMenuItem
DeleteMenu
PtInRect
RegisterWindowMessageA
RedrawWindow
GetFocus
FillRect
FrameRect
GetSysColorBrush
DrawTextExA
GrayStringA
GetWindowDC
BeginPaint
EndPaint
ValidateRect
MapDialogRect
GetMenuItemInfoA
DestroyMenu
TranslateAcceleratorA
BringWindowToTop
EqualRect
SetRectEmpty
MonitorFromWindow
CopyRect
MessageBeep
GetMessagePos
LoadIconA
SetTimer
ScreenToClient
AppendMenuA
CreatePopupMenu
LoadBitmapA
GetDlgItem
UnionRect
SetRect
IsRectEmpty
LoadImageA
GetSysColor
InflateRect
SetCursor
GetParent
InvalidateRect
GetWindowRect
OffsetRect
CharUpperA
InsertMenuItemA
LoadAcceleratorsA
ReuseDDElParam
UnpackDDElParam
IsClipboardFormatAvailable
WaitMessage
GetSystemMenu
SetParent
ShowOwnedPopups
SetWindowContextHelpId
DrawFocusRect
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
LockWindowUpdate
SetActiveWindow
CharNextA
PostMessageA
IsWindowVisible
MapWindowPoints
GetClientRect
IsWindow
GetWindow
LoadCursorA
SendMessageA
EnableWindow
CharLowerBuffA

gdi32

CreateSolidBrush
StretchDIBits
GetCharWidthA
EnumFontFamiliesExA
GetRgnBox
SetRectRgn
PatBlt
CloseFigure
EndPath
GetPath
AbortPath
BeginPath
AddFontResourceA
SetBkMode
SetMapMode
GetTextExtentPoint32W
TextOutW
GetTextMetricsA
TranslateCharsetInfo
CreateFontA
EqualRgn
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
RectVisible
OffsetRgn
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetStretchBltMode
RestoreDC
SaveDC
DPtoLP
CreatePatternBrush
GetMapMode
ExtTextOutA
GetClipBox
CopyMetaFileA
GetCurrentObject
GetPixel
CreatePolygonRgn
CreateBitmap
FillRgn
ScaleWindowExtEx
SetWindowExtEx
CreateCompatibleBitmap
CreatePen
GetTextExtentPoint32A
SetBkColor
SetTextColor
TextOutA
CreateRectRgn
GetRegionData
CreateDIBSection
GetObjectA
DeleteObject
StretchBlt
SetDIBColorTable
PtVisible
SelectObject
DeleteDC
GetBkColor
CreateCompatibleDC
CombineRgn
GetTextColor
CreateFontIndirectA
GetStockObject
ExtSelectClipRgn
SetPixel
CreateRectRgnIndirect
GetDeviceCaps
BitBlt

comdlg32

ChooseFontA
ChooseColorA
GetFileTitleA
GetOpenFileNameA
GetSaveFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA
RegFlushKey
RegCreateKeyA
RegCreateKeyW
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyA
RegDeleteKeyW
RegDeleteValueA
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyA
RegOpenKeyW
RegOpenKeyExW
RegQueryInfoKeyA
RegQueryInfoKeyW
RegQueryValueA
RegQueryValueW
RegQueryValueExW
RegSetValueA
RegSetValueW
RegSetValueExA
RegSetValueExW
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegEnumKeyA
RegCloseKey

shell32

ShellExecuteA
Shell_NotifyIconA
DragFinish
DragAcceptFiles
ExtractIconExA
ord195
SHGetPathFromIDListA
SHBrowseForFolderA
DragQueryFileA

comctl32

ImageList_DragLeave
ImageList_DragEnter
ImageList_Remove
ImageList_DragShowNolock
ImageList_DragMove
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Draw
ImageList_GetImageCount
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_GetImageInfo
ord17
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA
ImageList_Destroy
ImageList_Create
ImageList_LoadImageA

shlwapi

PathCombineA
PathAddExtensionA
PathAddBackslashA
PathRemoveFileSpecA
PathStripPathA
PathRemoveExtensionA
PathFindExtensionA
PathCompactPathA
PathIsDirectoryA
PathRelativePathToA
PathRenameExtensionA
PathCanonicalizeA
PathMakePrettyA
PathAppendA
PathStripToRootA
PathIsUNCA
UrlUnescapeA
PathFileExistsA
PathFindFileNameA

oledlg

ord8

ole32

OleInitialize
OleUninitialize
StringFromGUID2
CoFreeUnusedLibraries
CreateItemMoniker
GetRunningObjectTable
CoFreeLibrary
StringFromCLSID
CoLoadLibrary
OleLoadFromStream
CoTaskMemAlloc
OleSaveToStream
CoUninitialize
CoInitialize
CreateBindCtx
MkParseDisplayName
CLSIDFromString
CoCreateInstance
CoTaskMemFree
CoRegisterMessageFilter
OleFlushClipboard
ReleaseStgMedium
OleDuplicateData
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleGetClipboard
CLSIDFromProgID
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
OleIsCurrentClipboard

oleaut32

VariantCopy
SafeArrayDestroy
SystemTimeToVariantTime
OleCreateFontIndirect
VarBstrCmp
OleCreatePropertyFrame
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SafeArrayAccessData
SafeArrayUnaccessData
SysFreeString
VariantInit
VariantClear
VariantChangeType
SysAllocString
SysAllocStringLen

ws2_32

getpeername
connect
sendto
recvfrom
WSAAsyncSelect
send
recv
listen
WSAGetLastError
getsockname
bind
inet_addr
htons
WSASetLastError
ntohs
inet_ntoa
WSAStartup
closesocket
accept
socket
select
gethostbyname
WSACleanup
htonl

wininet

InternetQueryDataAvailable
InternetCloseHandle
InternetGetLastResponseInfoA
InternetOpenA
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
InternetReadFile
InternetQueryOptionA
InternetCrackUrlA
InternetOpenUrlA
InternetCanonicalizeUrlA

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT64
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 652KB - Virtual size: 650KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 220KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 832KB - Virtual size: 828KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f429f226c167918d922fb2d71743699

Headers

File Characteristics

Imports

d3dx9_25

dsound

winmm

ddraw

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

wininet

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

_TEXT64 Size: 4KB - Virtual size: 1KB

.rdata Size: 652KB - Virtual size: 650KB

.data Size: 220KB - Virtual size: 280KB

.rsrc Size: 832KB - Virtual size: 828KB

.text
Size: 2.2MB - Virtual size: 2.2MB

_TEXT64
Size: 4KB - Virtual size: 1KB

.rdata
Size: 652KB - Virtual size: 650KB

.data
Size: 220KB - Virtual size: 280KB

.rsrc
Size: 832KB - Virtual size: 828KB