3cac26266bc50530e1aae375e652a8f56197d1184c790501633fbff923f157f7

Sharing

Copy URL

Twitter E-mail

General

Target

3cac26266bc50530e1aae375e652a8f56197d1184c790501633fbff923f157f7
Size

2.4MB
MD5

07ef137719538f5820fbf3b9f4ce6db8
SHA1

7ce8c2968b84382955a4ea63ab65ee6e9ee31940
SHA256

3cac26266bc50530e1aae375e652a8f56197d1184c790501633fbff923f157f7
SHA512

5791df56fa5e924fbf1dbff2a31479fd5c382afa912d8b1601fc0332275591d1e3461855b466fc8d96729661ee48f2d95267a22685643af903b1112db7466354
SSDEEP

49152:GgyGeJeeL+zi/bG2wKtSgg6ihkOGVZIUnkOZvuarVT53qLv:GgyGeJ1Ke/bGPgghTIFqL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3cac26266bc50530e1aae375e652a8f56197d1184c790501633fbff923f157f7

Files

3cac26266bc50530e1aae375e652a8f56197d1184c790501633fbff923f157f7
.exe windows:4 windows x86 arch:x86

de85546021e5c16f6f5e2a0a01dcbf0d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Work\Farmer\bin\Farmer.pdb

Imports

kernel32

WideCharToMultiByte
Beep
SetEnvironmentVariableA
CompareStringW
CompareStringA
LocalFree
FormatMessageA
GetLastError
Sleep
GetCurrentProcess
CreateDirectoryA
CreateDirectoryW
FindClose
FindNextFileA
FindFirstFileA
CreateFileA
CreateFileW
DeleteFileA
GetFileSize
SetFilePointer
ReadFile
WriteFile
CloseHandle
MultiByteToWideChar
RaiseException
RtlUnwind
ExitProcess
HeapFree
GetProcAddress
GetModuleHandleA
TerminateProcess
GetStartupInfoW
GetVersionExA
GetLocalTime
GetCPInfo
GetSystemTimeAsFileTime
HeapReAlloc
HeapAlloc
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameA
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetStdHandle
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
FlushFileBuffers
GetTimeZoneInformation
GetLocaleInfoA
VirtualProtect
GetSystemInfo
VirtualQuery
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadReadPtr
IsBadCodePtr
LoadLibraryA
InterlockedExchange
GetLocaleInfoW
SetStdHandle
SetEndOfFile
GetACP
GetOEMCP

squall

SQUALL_Channel_Stop
SQUALL_Channel_Status
SQUALL_Init
SQUALL_SetFileCallbacks
SQUALL_Listener_EAX_SetPreset
SQUALL_Stop
SQUALL_Free
SQUALL_Sample_GetFileFrequency
SQUALL_Sample_PlayEx
SQUALL_Channel_Pause
SQUALL_Channel_Start
SQUALL_Pause
SQUALL_ChannelGroup_SetVolume
SQUALL_Sample_LoadFile
SQUALL_Sample_Unload

jngload

?readMNG@@YAXPBXAAK1AAPAK@Z
?freeData@@YAXAAPAK@Z

d3d8

Direct3DCreate8

dinput8

DirectInput8Create

winmm

timeEndPeriod
timeGetTime
timeBeginPeriod

user32

UpdateWindow
SetWindowPos
AdjustWindowRect
CreateWindowExW
RegisterClassExW
LoadIconW
GetWindowInfo
GetWindowLongW
GetKeyboardLayout
GetCursorPos
DrawTextA
DrawTextW
DestroyIcon
DispatchMessageW
PeekMessageW
TranslateMessage
DestroyWindow
DefWindowProcW
LoadCursorW
SetCursor
PostQuitMessage
MessageBoxA
ShowWindow

gdi32

CreateFontW
CreateCompatibleDC
CreateDIBSection
SetBkMode
SetBkColor
SetTextColor
SelectObject
DeleteDC
DeleteObject
GetObjectA
CreateFontIndirectA

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

SHGetFolderPathA

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 448KB - Virtual size: 446KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de85546021e5c16f6f5e2a0a01dcbf0d

Headers

File Characteristics

PDB Paths

Imports

kernel32

squall

jngload

d3d8

dinput8

winmm

user32

gdi32

advapi32

shell32

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 448KB - Virtual size: 446KB

.data Size: 12KB - Virtual size: 26KB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 448KB - Virtual size: 446KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 8KB - Virtual size: 4KB