1abde3ff17846cc473082ca8d993237a14712a7e9792b363ba8d6ca48e5ec5c0

Sharing

Copy URL Twitter E-mail

General

Target

1abde3ff17846cc473082ca8d993237a14712a7e9792b363ba8d6ca48e5ec5c0
Size

5.6MB
MD5

2358466d1d8230901ba886a9446914af
SHA1

b8a6983bdda275a6041098069a4cabf09caa6bff
SHA256

1abde3ff17846cc473082ca8d993237a14712a7e9792b363ba8d6ca48e5ec5c0
SHA512

cc530b8003808cea10beae9b483d1c178a513881d21e17a1d4ae58fb7524bba5fcc21b687aa9ec0ea8a311480b8e02c3ff692f8a50ff53c08c2f7f89712feba8
SSDEEP

98304:w2I11ds5NCetA550lK0GqOafVlJ0AWAiOAS0y4ByGFnyBqKIbjEw1rqc:w2I113U6QWAiOA3y+GgjFrh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1abde3ff17846cc473082ca8d993237a14712a7e9792b363ba8d6ca48e5ec5c0

Files

1abde3ff17846cc473082ca8d993237a14712a7e9792b363ba8d6ca48e5ec5c0
.exe windows:5 windows x86 arch:x86

3586a2cfe9ca859d92a48c471bb9bddc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
OutputDebugStringA
GlobalMemoryStatusEx
LeaveCriticalSection
EnterCriticalSection
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetProcessHeap
SetEndOfFile
SetStdHandle
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetLocaleInfoA
ReadFile
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
CreateFileW
CreateFileA
CloseHandle
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
Sleep
GetLongPathNameW
GetCurrentProcess
MultiByteToWideChar
SleepEx
SwitchToThread
LocalFree
FormatMessageA
GetLastError
OutputDebugStringW
MulDiv
CreateDirectoryA
CreateDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetSystemTimeAsFileTime
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
HeapFree
GetStartupInfoW
HeapAlloc
GetModuleHandleW
GetProcAddress
ExitProcess
MoveFileA
MoveFileW
DeleteFileW
HeapReAlloc
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeW
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetModuleHandleA
HeapCreate
VirtualFree
VirtualAlloc
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
DeleteFileA

user32

MessageBoxW
GetCursor
DrawTextW
GetWindowLongW
UpdateWindow
SetActiveWindow
SetWindowLongW
SetWindowPos
GetDC
GetClientRect
ReleaseDC
DrawTextA
ShowWindow
GetKeyboardLayout
UnregisterClassW
DestroyWindow
DispatchMessageW
TranslateMessage
PeekMessageW
DefWindowProcW
SendMessageW
IsIconic
PostQuitMessage
DestroyIcon
SetCursor
CreateWindowExW
RegisterClassExW
LoadCursorW
LoadIconW
SetForegroundWindow
FindWindowW
GetCursorPos
MessageBoxA
SystemParametersInfoW
AdjustWindowRect
GetWindowInfo

squall

SQUALL_Channel_GetVolume
SQUALL_Channel_SetVolume
SQUALL_Channel_Pause
SQUALL_Channel_Start
SQUALL_Channel_Stop
SQUALL_Sample_Unload
SQUALL_Sample_PlayEx
SQUALL_Sample_GetFileFrequency
SQUALL_Sample_LoadFile
SQUALL_Free
SQUALL_Listener_EAX_SetPreset
SQUALL_Stop
SQUALL_Init
SQUALL_Channel_Status
SQUALL_ChannelGroup_SetVolume
SQUALL_SetFileCallbacks

jngload

?readMNG@@YAXPBXAAK1AAPAK@Z
?freeData@@YAXAAPAK@Z

shlwapi

PathFindFileNameW

psapi

EnumProcessModules
GetModuleFileNameExW

winmm

timeEndPeriod
timeBeginPeriod
timeGetTime

d3d8

Direct3DCreate8

dinput8

DirectInput8Create

ws2_32

WSAGetLastError
socket
closesocket
connect
ioctlsocket
recv
__WSAFDIsSet
select
send
setsockopt
htons
inet_addr

pyro

??1CPyroException@PyroParticles@@QAE@XZ
?GetExceptionMessage@CPyroException@PyroParticles@@QBEPBDXZ
?CreateParticleLibrary@@YAPAVIPyroParticleLibrary@PyroParticles@@IK@Z
?DestroyParticleLibrary@@YAXPAVIPyroParticleLibrary@PyroParticles@@@Z
??0CPyroException@PyroParticles@@QAA@PBDZZ
??0CPyroException@PyroParticles@@QAE@ABV01@@Z

gdi32

BitBlt
GetDIBits
DeleteObject
CreateFontW
CreateSolidBrush
CreateCompatibleBitmap
SelectObject
CreateDIBSection
SetBkMode
CreateFontIndirectA
GetObjectA
GetDeviceCaps
CreateFontIndirectW
GetTextExtentPoint32W
SetTextColor
SetBkColor
DeleteDC
CreateCompatibleDC

advapi32

RegOpenKeyExA
RegQueryValueExA
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey

shell32

SHGetFolderPathW

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 469KB - Virtual size: 469KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3586a2cfe9ca859d92a48c471bb9bddc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

squall

jngload

shlwapi

psapi

winmm

d3d8

dinput8

ws2_32

pyro

gdi32

advapi32

shell32

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 41KB - Virtual size: 58KB

.rsrc Size: 469KB - Virtual size: 469KB

.text
Size: 4.0MB - Virtual size: 4.0MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 41KB - Virtual size: 58KB

.rsrc
Size: 469KB - Virtual size: 469KB