FSRealistic[.]exe

Resubmissions

27/06/2024, 21:53

240627-1r4tbsshkf 3

27/06/2024, 21:52

240627-1rjhdsvhrk 3

27/06/2024, 21:52

240627-1q112ssgph 4

Sharing

Copy URL Twitter E-mail

General

Target

FSRealistic.exe
Size

1.3MB
MD5

6d2d1ba00fc491bf1f0834756fda31f8
SHA1

67fb07b89bb0e4dceb64449891714310d66d207e
SHA256

5bd1ad7a854bf9ab3743ee94b69b79a7e47ba66a3b79740d2e4573da41926711
SHA512

114779ea456ed97938a8bef28efb74244b4bbd4cce7676471846ff58ba00328a22f08d32d61e29b38e5306b439a7dbe86702d41e742c593fa7b1ba4fcf66c6d5
SSDEEP

24576:GJQyFUDrLHMB3AWrYXlM/JRe/tHWREni/cehPvKVCzr:GWxQ3AWrT/upnoPr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FSRealistic.exe

Files

FSRealistic.exe
.exe windows:6 windows x64 arch:x64

0ed1e68b932bd609f78ef715ac55dae9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\Repos\FSRealistic\FSRealistic\FSRealistic.pdb

Imports

openal32

alSourcef
alSourcei
alGenBuffers
alSourcefv
alSourceStop
alSourcePlay
alGenSources
alDeleteBuffers
alDeleteSources
alcCloseDevice
alcCreateContext
alcOpenDevice
alGetEnumValue
alcGetString
alcMakeContextCurrent
alGetError
alBufferData

opengl32

glGetError
glClearColor
glClear
glPopMatrix
glGetIntegerv
glPushAttrib
glOrtho
glPixelStorei
glPushMatrix
glDisable
glDrawElements
glTexEnvi
glColorPointer
glTexImage2D
glGetTexEnviv
glTexCoordPointer
glDeleteTextures
glTexParameteri
glLoadIdentity
glBlendFunc
glMatrixMode
glDisableClientState
glScissor
glEnable
glVertexPointer
glGenTextures
glBindTexture
glViewport
glPopAttrib
glEnableClientState
glPolygonMode

shlwapi

PathCombineA

kernel32

RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
LocalFree
FormatMessageA
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetModuleHandleW
CancelIo
WriteFile
ReadFile
BindIoCompletionCallback
WaitNamedPipeA
RtlLookupFunctionEntry
GetPrivateProfileSectionA
GetPrivateProfileStringA
lstrcmpiA
GetModuleHandleExA
GetModuleHandleA
GetCurrentProcessId
OutputDebugStringW
GetLocaleInfoEx
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
OutputDebugStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetComputerNameA
GetCurrentProcess
InitializeCriticalSectionEx
CreateMutexA
GetCurrentThreadId
GetLastError
GetFileAttributesA
CloseHandle
DeleteCriticalSection
FindFirstFileExW
GetFullPathNameW
FindNextFileW
FindClose
DeleteFileA
WaitForSingleObject
CreateEventA
GetModuleFileNameA
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
GetCurrentDirectoryA
CreateFileA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent

user32

EnumWindows
SystemParametersInfoW
RegisterDeviceNotificationW
EnumDisplaySettingsW
EnumDisplaySettingsExW
EnumDisplayDevicesW
ChangeDisplaySettingsExW
GetRawInputDeviceList
GetRawInputDeviceInfoA
DispatchMessageW
LoadImageW
RegisterClassExW
GetPropW
DefWindowProcW
TrackMouseEvent
ReleaseCapture
SetCapture
PtInRect
CopyIcon
WindowFromPoint
SetCursor
LoadCursorW
ScreenToClient
IsZoomed
IsWindowVisible
IsIconic
GetWindowLongW
SetWindowLongW
BringWindowToTop
SetFocus
ShowWindow
GetClipboardData
GetSystemMetrics
GetClassLongPtrW
SendMessageW
DestroyIcon
UnregisterClassW
RemovePropW
DestroyWindow
CreateWindowExW
SetPropW
SetWindowPos
GetMessageTime
PeekMessageW
GetClientRect
ClientToScreen
ClipCursor
AdjustWindowRectEx
GetDC
ReleaseDC
CreateIconIndirect
PostMessageA
SetActiveWindow
SetForegroundWindow
DispatchMessageA
GetWindowRect
SetWindowRgn
VkKeyScanA
GetActiveWindow
GetAsyncKeyState
GetRawInputData
RegisterRawInputDevices
GetForegroundWindow
SetClipboardData
EmptyClipboard
TranslateMessage
OpenClipboard
PeekMessageA
CloseClipboard
GetWindowTextLengthA
FindWindowA
SetCursorPos
GetCursorPos
GetKeyState
GetWindowTextA

gdi32

CreateRoundRectRgn
SetDeviceGammaRamp
CreateDCW
GetDeviceCaps
DeleteDC
SwapBuffers
SetPixelFormat
DescribePixelFormat
CreateDIBSection
CreateBitmap
DeleteObject

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
OpenProcessToken
GetTokenInformation

shell32

DragAcceptFiles
ShellExecuteA
DragFinish
DragQueryFileW
DragQueryPoint
SHGetFolderPathA

ole32

CoInitializeEx
CoCreateInstance

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

msvcp140

_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
_Query_perf_frequency
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
_Thrd_sleep
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
_Query_perf_counter
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?_Xbad_function_call@std@@YAXXZ
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??Bid@locale@std@@QEAA_KXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?tolower@?$ctype@D@std@@QEBADD@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bios_base@std@@QEBA_NXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?get@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD4@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
_Strcoll
?id@?$collate@D@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Strxfrm
?ignore@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
_Thrd_join
_Thrd_id
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?good@ios_base@std@@QEBA_NXZ
?_Xbad_alloc@std@@YAXXZ
_Xtime_get_ticks
_Thrd_detach

winmm

PlaySoundA

dwmapi

DwmEnableBlurBehindWindow

ws2_32

WSARecv
WSASend
getaddrinfo
WSAStartup
send
select
connect
recv
setsockopt
getsockopt
freeaddrinfo
ioctlsocket
WSAGetLastError
shutdown
socket
WSACleanup
closesocket

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memchr
__C_specific_handler
__current_exception_context
__current_exception
memmove
__std_terminate
strstr
__std_exception_destroy
__std_exception_copy
_purecall
strchr
memcpy
memset
_CxxThrowException
memcmp

api-ms-win-crt-stdio-l1-1-0

feof
fgetpos
setvbuf
_fseeki64
__p__commode
ungetc
_ftelli64
__stdio_common_vsnprintf_s
fgetc
ferror
_set_fmode
fputc
__stdio_common_vfprintf
fopen_s
fsetpos
_get_stream_buffer_pointers
fopen
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
fwrite
fseek
fclose
fflush
__acrt_iob_func
ftell
_wfopen

api-ms-win-crt-string-l1-1-0

strcmp
isdigit
_strdup
_strnicmp
isalnum
isalpha
strncmp
isspace
strncpy
tolower
toupper

api-ms-win-crt-utility-l1-1-0

qsort
rand
srand

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
realloc
_recalloc
_callnewh
malloc

api-ms-win-crt-runtime-l1-1-0

_c_exit
_invalid_parameter_noinfo_noreturn
_beginthreadex
_register_thread_local_exe_atexit_callback
_wassert
_errno
_set_errno
__p___argv
exit
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
terminate
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
__p___argc

api-ms-win-crt-convert-l1-1-0

strtol
mbstowcs_s
strtoul
strtoll
atof
wcstombs_s
strtod
strtoull
atoi

api-ms-win-crt-conio-l1-1-0

_getch

api-ms-win-crt-time-l1-1-0

clock
_difftime64
_mktime64
strftime
_localtime64
_time64

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

__setusermatherr
log
logf
atan2
fmodf
powf
sqrt
acosf
ceilf
cos
pow
sinf
tan
ldexp
cosf
sqrtf
floor
sin
floorf
fmod
_dsign

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale

Sections

.text
Size: 934KB - Virtual size: 933KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

0ed1e68b932bd609f78ef715ac55dae9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

openal32

opengl32

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

imm32

msvcp140

winmm

dwmapi

ws2_32

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-conio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 934KB - Virtual size: 933KB

.rdata Size: 202KB - Virtual size: 201KB

.data Size: 8KB - Virtual size: 38KB

.pdata Size: 37KB - Virtual size: 37KB

.rsrc Size: 104KB - Virtual size: 103KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 934KB - Virtual size: 933KB

.rdata
Size: 202KB - Virtual size: 201KB

.data
Size: 8KB - Virtual size: 38KB

.pdata
Size: 37KB - Virtual size: 37KB

.rsrc
Size: 104KB - Virtual size: 103KB

.reloc
Size: 2KB - Virtual size: 1KB