9d7af0638939a0d680b826fc5af6f8d0bf8dd98141c5cc1529f06c36b123074c

Sharing

Copy URL Twitter E-mail

General

Target

9d7af0638939a0d680b826fc5af6f8d0bf8dd98141c5cc1529f06c36b123074c
Size

4.5MB
MD5

07efdc3256308fefda3b0db0e75a0d11
SHA1

44e274899601c4101b83c23e07994d73db2bc705
SHA256

9d7af0638939a0d680b826fc5af6f8d0bf8dd98141c5cc1529f06c36b123074c
SHA512

adde69949748d37d114418f35a6b1452ac12480441c9a69c8b26cf27727da862b90582a8497b2ce6cfef147c5fd2fa46a994072961f4f84104e2095bd42cea4e
SSDEEP

98304:X+1vd2zc1JNn6NznOw5TV8MtnG6RQFGherSZHeUlCsXHKX/SElFW2z:Ov4zc6ZvW3z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9d7af0638939a0d680b826fc5af6f8d0bf8dd98141c5cc1529f06c36b123074c

Files

9d7af0638939a0d680b826fc5af6f8d0bf8dd98141c5cc1529f06c36b123074c
.exe windows:4 windows x86 arch:x86

cbf644b78bc4ddb9303f71d79dc7f53f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSetValueExA
RegQueryValueExA
RegCloseKey
RegOpenKeyA
RegCreateKeyExA
RegCreateKeyA
RegOpenKeyExA

dinput8

DirectInput8Create

gdi32

SelectPalette
RealizePalette
GetDIBits
GetSystemPaletteEntries
CreatePalette
GetDeviceCaps
BitBlt
TextOutA
CreateDCA
CreateDIBSection
GetObjectA
SetBkColor
SetTextAlign
SetMapMode
DeleteDC
CreateCompatibleDC
CreateFontA
SelectObject
DeleteObject
GetStockObject
SetBkMode
SetROP2
AddFontResourceA
EnumFontFamiliesA
SetTextColor
CreateCompatibleBitmap
GetTextExtentPoint32A
ExtTextOutA

imm32

ImmReleaseContext
ImmGetContext
ImmIsIME
ImmAssociateContext
ImmSetStatusWindowPos

kernel32

GetModuleHandleA
WideCharToMultiByte
lstrlenW
InterlockedIncrement
InterlockedDecrement
GlobalUnlock
GlobalLock
GlobalReAlloc
GetTempFileNameA
SetThreadPriority
SetEvent
ResetEvent
CreateEventA
GetSystemTime
WaitForSingleObject
SetEndOfFile
TerminateThread
SetLastError
GetCurrentProcess
VirtualQuery
VirtualFree
GetVersion
VirtualAlloc
IsBadReadPtr
GetCurrentThreadId
CopyFileA
GetWindowsDirectoryA
SetThreadAffinityMask
GetCurrentThread
CreateMutexA
GlobalMemoryStatus
CreateFileMappingA
MapViewOfFile
GetLocaleInfoW
CreateThread
SetStdHandle
TerminateProcess
GetStringTypeW
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
FlushFileBuffers
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
SetUnhandledExceptionFilter
GetOEMCP
GetACP
HeapSize
TlsGetValue
TlsAlloc
TlsSetValue
CompareStringW
CompareStringA
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
GetStartupInfoA
MoveFileA
GetFileAttributesA
GetSystemTimeAsFileTime
HeapAlloc
HeapReAlloc
RaiseException
GetTimeZoneInformation
RtlUnwind
InterlockedExchange
ExitProcess
GetSystemDefaultLangID
GetExitCodeThread
HeapFree
CreateFileW
UnmapViewOfFile
MultiByteToWideChar
GetProcAddress
OpenProcess
LoadLibraryA
FreeLibrary
GetPrivateProfileIntA
IsBadCodePtr
GetPrivateProfileStringA
FindNextFileA
WritePrivateProfileStringA
GetCurrentDirectoryA
CreateDirectoryA
FindFirstFileA
FindClose
lstrcpynA
GetTickCount
lstrcpyA
GetLastError
lstrcatA
DeleteFileA
GetLocalTime
SetFilePointer
GetFileSize
ReadFile
GlobalAlloc
GlobalFree
GetModuleFileNameA
WriteFile
DeleteCriticalSection
InitializeCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
GetVersionExA
Sleep
MulDiv
CreateFileA
CloseHandle
lstrcmpA
EnterCriticalSection
LeaveCriticalSection
lstrlenA
SetCurrentDirectoryA
lstrcmpiA
SetEnvironmentVariableA

oleaut32

SysAllocString
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
VariantCopy
VariantChangeType
VariantClear
VariantInit

shell32

ShellExecuteA

user32

RegisterClassExA
FlashWindow
SetRect
PtInRect
LoadCursorA
GetClassInfoA
RemovePropA
SetPropA
GetPropA
UnregisterClassA
CopyRect
IsRectEmpty
TranslateMessage
LoadIconA
GetWindowRect
ClipCursor
DestroyWindow
GetCursor
SetCursor
EnumWindows
CharUpperA
IsWindowVisible
GetParent
ReleaseDC
GetDC
SendMessageA
RegisterClassA
BeginPaint
EndPaint
DispatchMessageA
PeekMessageA
SetActiveWindow
ScreenToClient
GetDoubleClickTime
SetWindowLongA
CreateWindowExA
GetClassNameA
GetWindowThreadProcessId
GetKeyboardLayout
CallWindowProcA
SetFocus
SetWindowTextA
MoveWindow
GetWindowTextA
CharLowerA
wsprintfA
MessageBoxA
GetActiveWindow
DefWindowProcA
GetClientRect
PostQuitMessage
ShowCursor
GetCursorPos
SetWindowPos
ChangeDisplaySettingsA
AdjustWindowRect
EnumDisplaySettingsA
GetWindowLongA
SetRectEmpty
EqualRect
GetAsyncKeyState
SetCursorPos
ClientToScreen
SetForegroundWindow
UpdateWindow
ShowWindow
InvalidateRect
GetSystemMetrics

wininet

DeleteUrlCacheEntry

winmm

PlaySoundA
timeGetTime

wsock32

send
ntohs
inet_ntoa
recv
ioctlsocket
htons
socket
htonl
setsockopt
connect
WSAAsyncSelect
closesocket
WSACleanup
WSAStartup
gethostname
gethostbyname
inet_addr
ntohl
WSAGetLastError
getsockname

d3d8

Direct3DCreate8

mss32

_AIL_set_redist_directory@4
_AIL_quick_startup@20
_AIL_quick_handles@12
_AIL_set_digital_master_room_type@8
_AIL_set_DirectSound_HWND@8
_AIL_enumerate_3D_providers@12
_AIL_open_3D_provider@4
_AIL_open_3D_listener@4
_AIL_set_3D_orientation@28
_AIL_set_3D_sample_loop_count@8
_AIL_quick_play@8
_AIL_set_stream_position@8
_AIL_start_stream@4
_AIL_set_3D_position@16
_AIL_quick_set_volume@12
_AIL_quick_halt@4
_AIL_quick_shutdown@0
_AIL_pause_stream@8
_AIL_set_3D_sample_volume@8
_AIL_set_stream_volume_levels@12
_AIL_quick_status@4
_AIL_3D_sample_status@4
_AIL_stream_status@4
_AIL_file_read@8
_AIL_file_size@4
_AIL_file_type@8
_AIL_decompress_ASI@24
_AIL_WAV_info@8
_AIL_decompress_ADPCM@12
_AIL_quick_load_mem@8
_AIL_allocate_3D_sample_handle@4
_AIL_set_3D_sample_file@8
_AIL_open_stream@12
_AIL_set_stream_loop_count@8
_AIL_quick_unload@4
_AIL_release_3D_sample_handle@4
_AIL_close_stream@4
_AIL_mem_free_lock@4
_AIL_end_3D_sample@4
_AIL_start_3D_sample@4

ole32

CoInitialize
CLSIDFromString
CoCreateInstance
CoUninitialize

urlmon

URLDownloadToFileA

Exports

Exports

fcEXP

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 275KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 283KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cbf644b78bc4ddb9303f71d79dc7f53f

Headers

File Characteristics

Imports

advapi32

dinput8

gdi32

imm32

kernel32

oleaut32

shell32

user32

wininet

winmm

wsock32

d3d8

mss32

ole32

urlmon

Exports

Exports

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

.data Size: 275KB - Virtual size: 276KB

Size: 283KB - Virtual size: 1.8MB

.rsrc Size: 28KB - Virtual size: 28KB

.idata Size: 7KB - Virtual size: 8KB

.text
Size: 3.9MB - Virtual size: 3.9MB

.data
Size: 275KB - Virtual size: 276KB

.rsrc
Size: 28KB - Virtual size: 28KB

.idata
Size: 7KB - Virtual size: 8KB