df0d2e14e2d0de2e54ea4a303227085c8c71f25b7fe2d86904a4eca136c66e8b

Sharing

Copy URL

Twitter E-mail

General

Target

df0d2e14e2d0de2e54ea4a303227085c8c71f25b7fe2d86904a4eca136c66e8b
Size

1.9MB
MD5

b164a76f59a284c121cb715eebeb7aaa
SHA1

6b944e907351d707ed2ee156cba4ebfda88576a1
SHA256

df0d2e14e2d0de2e54ea4a303227085c8c71f25b7fe2d86904a4eca136c66e8b
SHA512

d237d2cb7593fb1a14406e5ee8ff78541d5b65fc277c12fb580e8c5fc0f45bd1242800852da6fe7000fa474b7781e2e27bbabf00cc398243c921cc7f83da08c0
SSDEEP

24576:m+iEb/S3LCZIA4ocNyyIzujoNZw5JFYgeDz02BJ0TffR9G+BryMPwoMepSjsRnaZ:gmSEPVyUgswrFYgeT37QFlKjuxx0P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df0d2e14e2d0de2e54ea4a303227085c8c71f25b7fe2d86904a4eca136c66e8b

Files

df0d2e14e2d0de2e54ea4a303227085c8c71f25b7fe2d86904a4eca136c66e8b
.exe windows:4 windows x86 arch:x86

d097b591cae173a6556745d657b03de8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyA
RegOpenKeyA

dinput8

DirectInput8Create

dsound

DirectSoundCreate

gdi32

GetObjectA
CreateDCA
CreateCompatibleBitmap
BitBlt
SelectPalette
RealizePalette
GetDIBits
GetSystemPaletteEntries
CreatePalette
ExtTextOutA
GetTextExtentPoint32A
CreateDIBSection
SetTextColor
SetBkColor
SetTextAlign
SetMapMode
GetDeviceCaps
DeleteDC
CreateCompatibleDC
CreateFontA
SelectObject
DeleteObject
GetStockObject
SetBkMode
SetROP2

imm32

ImmSetStatusWindowPos
ImmGetContext
ImmIsIME
ImmReleaseContext

kernel32

GlobalLock
GlobalReAlloc
GetTempFileNameA
CreateMutexA
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
SetStdHandle
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
FlushFileBuffers
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
HeapSize
HeapReAlloc
RaiseException
HeapAlloc
GetVersion
GetCommandLineA
GetStartupInfoA
MoveFileA
GetSystemTime
GetTimeZoneInformation
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
GlobalUnlock
FindFirstFileA
GetCurrentProcess
TerminateProcess
ExitProcess
RtlUnwind
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetCurrentDirectoryA
SetCurrentDirectoryA
lstrcmpA
GetTickCount
lstrcpyA
GetUserDefaultLangID
GetLastError
FindResourceA
LoadResource
SizeofResource
LockResource
Sleep
MultiByteToWideChar
GetModuleFileNameA
QueryPerformanceFrequency
QueryPerformanceCounter
lstrcatA
DeleteFileA
SetFilePointer
GetLocalTime
GetFileSize
MulDiv
CreateFileA
CloseHandle
WriteFile
GetModuleHandleA
LoadLibraryA
GetProcAddress
HeapFree
CreateFileW
WideCharToMultiByte
ReadFile
lstrcmpiA
lstrlenA
GlobalFree
GlobalAlloc
lstrcpynA
GetVersionExA
GetPrivateProfileIntA
FindNextFileA
GetPrivateProfileStringA

shell32

ShellExecuteA

user32

SetRectEmpty
EqualRect
SetCursorPos
SetRect
PtInRect
ReleaseDC
GetDC
SendMessageA
SetWindowLongA
CreateWindowExA
GetKeyboardLayout
CallWindowProcA
SetFocus
SetWindowTextA
GetCursorPos
GetWindowTextA
CharLowerA
MessageBoxA
GetActiveWindow
DefWindowProcA
GetClientRect
PostQuitMessage
LoadStringA
ShowCursor
ClientToScreen
SetCursor
GetCursor
LoadCursorA
ChangeDisplaySettingsA
wsprintfA
EnumDisplaySettingsA
GetWindowRect
MoveWindow
RegisterClassExA
SetActiveWindow
PeekMessageA
TranslateMessage
DispatchMessageA
RegisterClassA
LoadIconA
ShowWindow
PostMessageA
ScreenToClient
GetAsyncKeyState
GetDoubleClickTime
IsRectEmpty
FlashWindow
AdjustWindowRect

winmm

timeGetTime
mmioClose
mmioAscend
mmioDescend
mmioOpenA
mmioGetInfo
mmioCreateChunk
mmioSetInfo
mmioAdvance
mmioWrite
PlaySoundA
mmioRead
mmioSeek

wsock32

WSAStartup
WSACleanup
ntohl
htonl
send
ntohs
ioctlsocket
recv
inet_addr
htons
gethostbyname
socket
WSAGetLastError
setsockopt
connect
WSAAsyncSelect
closesocket

d3d8

Direct3DCreate8

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 82KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 40KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 75KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zero
Size: - Virtual size: 4.2MB

.as_0001
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zero
Size: - Virtual size: 3.0MB

.as_0002
Size: 114KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zero
Size: - Virtual size: 8KB

.as_0003
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d097b591cae173a6556745d657b03de8

Headers

File Characteristics

Imports

advapi32

dinput8

dsound

gdi32

imm32

kernel32

shell32

user32

winmm

wsock32

d3d8

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.data Size: 82KB - Virtual size: 84KB

Size: 40KB - Virtual size: 1.3MB

.rsrc Size: 75KB - Virtual size: 76KB

.idata Size: 5KB - Virtual size: 8KB

.zero Size: - Virtual size: 4.2MB

.as_0001 Size: 1024B - Virtual size: 4KB

.zero Size: - Virtual size: 3.0MB

.as_0002 Size: 114KB - Virtual size: 120KB

.zero Size: - Virtual size: 8KB

.as_0003 Size: 32KB - Virtual size: 32KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 82KB - Virtual size: 84KB

.rsrc
Size: 75KB - Virtual size: 76KB

.idata
Size: 5KB - Virtual size: 8KB

.zero
Size: - Virtual size: 4.2MB

.as_0001
Size: 1024B - Virtual size: 4KB

.zero
Size: - Virtual size: 3.0MB

.as_0002
Size: 114KB - Virtual size: 120KB

.zero
Size: - Virtual size: 8KB

.as_0003
Size: 32KB - Virtual size: 32KB