clicker[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

clicker.exe
Size

1.1MB
MD5

e4351251a86ccc3c94b78977e82dd39c
SHA1

2ce7c59450521c1dd11a97dc5168869ef5fdb48c
SHA256

05220145202a334d59660387adb23a936acc0a36a0130aec086d3340ce610169
SHA512

1514d69e0faa6f507cab6ca74f6d9a05da8a6ef566157d17c2f000f892ff3ac4e75334a0a392410028d0129ff452cbfbdbc2747c669465e4018e951fd52392f1
SSDEEP

12288:RhCftpg4R+BfMeASuhUgH1lbXkGqR099jElxfnBQd7tW+x/UsFtcBdNkUCMVnU6o:jfl0eDgHkPROEZM7X/HkBMjMZzU6nYV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
clicker.exe

Files

clicker.exe
.exe windows:6 windows x64 arch:x64

0279147e75edebd5c128ee845abf3c4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d9

Direct3DCreate9

kernel32

GetProcAddress
GetProcessHeap
MultiByteToWideChar
LoadLibraryA
FreeLibrary
CreateFileW
Sleep
lstrcmpiW
GetModuleHandleW
GetComputerNameA
GetComputerNameExA
lstrcmpiA
GetWindowsDirectoryW
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
ExpandEnvironmentStringsW
SetLastError
CreateMutexA
GetTickCount64
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
TerminateProcess
IsDebuggerPresent
CheckRemoteDebuggerPresent
GetLogicalDrives
GetDriveTypeW
QueryDosDeviceW
DeviceIoControl
SetThreadPriority
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
QueryPerformanceFrequency
QueryPerformanceCounter
GetStdHandle
AllocConsole
GetConsoleWindow
SetConsoleTitleA
FreeConsole
SetPriorityClass
GetCurrentProcessId
EncodePointer
WriteConsoleW
HeapSize
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
GetSystemFirmwareTable
GetModuleHandleA
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
ReadConsoleW
GetFileSizeEx
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
GetFileType
HeapFree
HeapAlloc
WriteFile
GetModuleFileNameW
ReadFile
FreeLibraryAndExitThread
ExitThread
CreateThread
GetModuleHandleExW
ExitProcess
LoadLibraryExW
K32GetModuleBaseNameW
OpenProcess
K32EnumProcesses
GlobalMemoryStatusEx
GetPhysicallyInstalledSystemMemory
GetDiskFreeSpaceExW
CloseHandle
GetCurrentProcess
GetLastError
GetFileAttributesA
GetSystemInfo
LocalAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
EnumSystemLocalesW
IsWow64Process
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
CompareStringEx
LocalFree
VerifyVersionInfoW
VerSetConditionMask
SetEndOfFile
IsValidCodePage
RtlUnwind
LCMapStringEx
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetNativeSystemInfo
FormatMessageA
GetStringTypeW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetLocaleInfoEx
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
AreFileApisANSI
GetFileInformationByHandleEx
WakeAllConditionVariable
SleepConditionVariableSRW
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
DecodePointer

user32

FindWindowW
GetCursorPos
SetClipboardData
CharUpperW
EnumWindows
GetAsyncKeyState
FindWindowA
GetWindowTextW
SetCursorPos
PostMessageW
GetClipboardData
GetWindowThreadProcessId
UpdateWindow
CreateWindowExW
RegisterClassExW
DispatchMessageW
TranslateMessage
PeekMessageW
UnregisterClassW
DestroyWindow
DefWindowProcW
PostQuitMessage
ShowWindow
EmptyClipboard
MoveWindow
GetWindowRect
SetWindowPos
GetKeyState
ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
GetForegroundWindow
LoadCursorW
SetCapture
SetCursor
GetClientRect
SetProcessDPIAware
ReleaseCapture
OpenClipboard
CloseClipboard
PostMessageA

advapi32

RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExA
RegOpenKeyExW
RegCloseKey
GetUserNameW
RegQueryValueExA

shell32

SHGetKnownFolderPath
SHGetSpecialFolderPathW

ole32

CoTaskMemFree
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CoInitialize

oleaut32

SysAllocString
VariantClear
SysFreeString
VariantInit

iphlpapi

GetAdaptersInfo

shlwapi

PathCombineW

mpr

WNetGetProviderNameW

winmm

PlaySoundW

imm32

ImmSetCandidateWindow
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmAssociateContextEx

Sections

.text
Size: 732KB - Virtual size: 731KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 318KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0279147e75edebd5c128ee845abf3c4c

Headers

DLL Characteristics

File Characteristics

Imports

d3d9

kernel32

user32

advapi32

shell32

ole32

oleaut32

iphlpapi

shlwapi

mpr

winmm

imm32

Sections

.text Size: 732KB - Virtual size: 731KB

.rdata Size: 318KB - Virtual size: 317KB

.data Size: 8KB - Virtual size: 30KB

.pdata Size: 31KB - Virtual size: 31KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 732KB - Virtual size: 731KB

.rdata
Size: 318KB - Virtual size: 317KB

.data
Size: 8KB - Virtual size: 30KB

.pdata
Size: 31KB - Virtual size: 31KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 3KB - Virtual size: 3KB