286e16284ab7a382ce00649ce3d67f4f36c444500c342629c229cc6f0b229fbc

Sharing

Copy URL

Twitter E-mail

General

Target

286e16284ab7a382ce00649ce3d67f4f36c444500c342629c229cc6f0b229fbc
Size

1.8MB
MD5

4437ae761c60dc03a59226221e49494b
SHA1

8a31912d7b50ffd116cbf9f8103ffdda871cd1dd
SHA256

286e16284ab7a382ce00649ce3d67f4f36c444500c342629c229cc6f0b229fbc
SHA512

047743a61a4c50a7258bf389a0f273625dfac0d539a7027d0b295a3b4cb577426a4fa1b347a4eeba134ddd92d7e7285974c79a03baba5adeb3675581c8e3313a
SSDEEP

24576:6C0zr2yEbl4CWriJg6sVC1syU5QeJ0bWr3Z3ChpegV:kcBnJg6jgv0b2p3aegV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
286e16284ab7a382ce00649ce3d67f4f36c444500c342629c229cc6f0b229fbc

Files

286e16284ab7a382ce00649ce3d67f4f36c444500c342629c229cc6f0b229fbc
.exe windows:5 windows x86 arch:x86

18f136f98d511bf5aa5abad766c7940e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

hge-core-dll

hgeCreate

magic

Magic_UTF16to8
Magic_OpenFileInMemory
Magic_SetCurrentFolder
Magic_FindFirst
Magic_FindNext
Magic_GetEmitterID
Magic_DuplicateEmitter
Magic_LoadEmitter
Magic_GetFileName
Magic_HasTextures
Magic_SetInterpolationMode
Magic_GetStaticAtlasCount
Magic_StreamOpenMemory
Magic_StreamClose
Magic_OpenFile
Magic_CreateAtlases
Magic_UnloadEmitter
Magic_IsInterpolationMode
Magic_GetUpdateTime
Magic_Update
Magic_IsInterrupt
Magic_Stop
Magic_StreamSetPosition
Magic_EmitterToInterval1_Stream
Magic_UTF8to16
Magic_CloseFile
Magic_InInterval
Magic_CreateFirstRenderedParticlesList
Magic_GetNextParticleVertexes
Magic_CreateNextRenderedParticlesList
Magic_GetScale
Magic_SetScale
Magic_GetEmitterDirectionMode
Magic_SetEmitterDirectionMode
Magic_GetEmitterDirection
Magic_SetEmitterDirection
Magic_GetEmitterPositionMode
Magic_SetEmitterPositionMode
Magic_SetEmitterPosition
Magic_GetEmitterPosition
Magic_Restart
Magic_CreateAtlasesForEmitters
Magic_GetNextAtlasChange
Magic_CloseAllFiles
Magic_SetCleverModeForAtlas
Magic_SetStartingScaleForAtlas
Magic_GetEmitterName
Magic_SetLoopMode
Magic_SetInterrupt
Magic_EmitterToInterval1

shlwapi

PathFileExistsW

shell32

SHGetSpecialFolderPathW
ShellExecuteW

user32

SetCursor
SetForegroundWindow
FindWindowA
MessageBoxA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
IsClipboardFormatAvailable
SystemParametersInfoA
GetSystemMetrics
ScreenToClient
GetCursorPos
LoadCursorA
PeekMessageA

kernel32

SetEndOfFile
CreateFileW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetExitCodeProcess
CreatePipe
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
CreateFileA
GetFileAttributesA
GetTimeZoneInformation
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetFilePointer
ReadFile
IsValidCodePage
GetOEMCP
GetACP
FlushFileBuffers
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
VirtualAlloc
VirtualFree
HeapCreate
HeapSize
SetHandleCount
LoadLibraryW
GetModuleHandleA
WriteFile
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
CompareStringW
CompareStringA
GetCPInfo
LCMapStringW
CreateThread
GetCurrentThreadId
ExitThread
DuplicateHandle
CreateProcessA
GetDateFormatA
GetProcessHeap
MoveFileA
HeapAlloc
HeapReAlloc
GetStartupInfoA
GetCommandLineA
DeleteFileW
DeleteFileA
GetSystemTimeAsFileTime
ExitProcess
HeapFree
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetProcAddress
LoadLibraryA
GetVersion
SetCurrentDirectoryW
GetModuleFileNameW
GetModuleHandleW
GetTickCount
CopyFileW
GlobalUnlock
GlobalLock
GlobalAlloc
CreateDirectoryW
GetDriveTypeW
GetCurrentDirectoryW
MultiByteToWideChar
OutputDebugStringA
GetLocaleInfoA
GetUserDefaultLCID
FreeLibrary
GetPrivateProfileStringA
GetTempPathW
GetModuleFileNameA
FormatMessageA
GetLastError
CloseHandle
WaitForSingleObject
TerminateThread
TerminateProcess
GetStdHandle
GetFileType
WriteConsoleW
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
Sleep
InterlockedExchange
InterlockedCompareExchange
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GetTimeFormatA
SetEnvironmentVariableA
LCMapStringA

ws2_32

ntohl
getsockname
connect
htons
socket
gethostbyname
inet_addr
inet_ntoa
send
recv
setsockopt
getpeername
select
listen
bind
accept
ntohs
WSACleanup
WSAStartup
WSAGetLastError
ioctlsocket
htonl
closesocket

comdlg32

GetOpenFileNameW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

18f136f98d511bf5aa5abad766c7940e

Headers

DLL Characteristics

File Characteristics

Imports

hge-core-dll

magic

shlwapi

shell32

user32

kernel32

ws2_32

comdlg32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 285KB - Virtual size: 285KB

.data Size: 31KB - Virtual size: 67KB

.rsrc Size: 99KB - Virtual size: 98KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 285KB - Virtual size: 285KB

.data
Size: 31KB - Virtual size: 67KB

.rsrc
Size: 99KB - Virtual size: 98KB