iw7-mod[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

iw7-mod.exe
Size

3.5MB
MD5

02fe4c108039001eb22a52636e416b04
SHA1

9528c947757dd9feb4895c32d952e2e71cb7a35d
SHA256

91a6294ff68c55f1134f08db4298ca9a1d189b9f19149b60319b55dbc75befc6
SHA512

4d2c09ce1418e934e36058ce4099cf5c143b112e8ab409d56e405cfa05fb0e5b723e23a8593408fe4e3e5826bb0a07929f2dd2fecdf105d67a622db261ecbed2
SSDEEP

98304:aY6taxmlutXBekf9apKHpl/YeDbOifUcYQg9U8/w:aY6sxkut7Fa+bbOCUTD1w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
iw7-mod.exe

Files

iw7-mod.exe
.exe windows:6 windows x64 arch:x64

db923f3a2ea510ee997b9e5487fd4c11

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\ianco\Desktop\Important Desktop Files\Complete Clients\iw7-mod\build\bin\x64\Release\iw7-mod.pdb

Imports

crypt32

CryptProtectData

kernel32

SetConsoleCursorPosition
GetConsoleCursorInfo
SetConsoleCursorInfo
SetConsoleTextAttribute
GetConsoleWindow
ReadConsoleInputA
CreateEventA
SetEvent
CreateThread
TerminateProcess
GetCurrentProcess
GetVersionExA
SetUnhandledExceptionFilter
CloseHandle
GetModuleHandleW
GetModuleHandleExA
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
SetPriorityClass
GetPriorityClass
SetEnvironmentVariableA
GetCurrentDirectoryA
GetCurrentProcessId
VirtualProtect
SetThreadAffinityMask
InitializeCriticalSectionEx
GetLastError
DecodePointer
GetTickCount64
GetStdHandle
GetConsoleScreenBufferInfo
HeapCreate
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetLargePageMinimum
SetEndOfFile
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
HeapSize
GetFileSizeEx
HeapReAlloc
GetTimeZoneInformation
SetFilePointerEx
GetConsoleOutputCP
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileType
HeapAlloc
HeapFree
WriteFile
ExitProcess
DeleteCriticalSection
GetModuleHandleA
InitializeCriticalSection
MulDiv
SetConsoleTitleA
GetCommandLineA
HeapDestroy
LocalFree
GetVolumeInformationA
GetProcAddress
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
RtlCaptureContext
SetThreadContext
GetThreadContext
GetCurrentThread
FreeLibraryAndExitThread
ExitThread
ReadConsoleW
GetConsoleMode
DuplicateHandle
CreatePipe
RtlUnwind
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
RtlPcToFileHeader
InterlockedPushEntrySList
RtlUnwindEx
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
InitializeSListHead
CreateEventW
ResetEvent
SizeofResource
FindResourceA
LoadLibraryA
LockResource
LoadResource
FreeLibrary
GlobalLock
GlobalUnlock
VirtualFree
VirtualAlloc
GetSystemInfo
FlushInstructionCache
GetSystemFirmwareTable
VirtualQuery
GetCommandLineW
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
GetThreadId
OpenThread
ReadFile
SetFilePointer
OutputDebugStringA
CreateFileA
GetTempFileNameA
FlushFileBuffers
MoveFileA
DeleteFileA
IsDebuggerPresent
OutputDebugStringW
RaiseException
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
WaitForSingleObjectEx
Sleep
SwitchToThread
GetExitCodeThread
QueryPerformanceCounter
QueryPerformanceFrequency
FormatMessageA
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
AreFileApisANSI
GetFileInformationByHandleEx
MultiByteToWideChar
GetLocaleInfoEx
EncodePointer
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
LCMapStringEx
CompareStringEx
GetCPInfo
GetStringTypeW
InitializeCriticalSectionAndSpinCount
GetTempPathA

user32

GetWindowTextA
SetWindowTextA
DestroyWindow
SetFocus
SendMessageA
DefWindowProcA
OpenClipboard
CloseClipboard
GetClipboardData
CallWindowProcA
LoadCursorA
RegisterClassA
AdjustWindowRect
GetDC
GetDesktopWindow
ReleaseDC
CreateWindowExA
SetWindowLongPtrA
ShowWindow
CloseWindow
LoadIconA
GetForegroundWindow
FindWindowA
UpdateWindow
SetWindowRgn
SetWindowPos
GetWindowRect
GetSystemMetrics
UnregisterClassA
IsWindow
MessageBoxA
ShowCursor
MsgWaitForMultipleObjects
DispatchMessageA
TranslateMessage
PeekMessageA
DestroyIcon
LoadImageA

gdi32

DeleteObject
CreateSolidBrush
CreateFontA
GetDeviceCaps
SetTextColor
SetBkColor
CreateRoundRectRgn

advapi32

CryptAcquireContextW
CryptGenRandom
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyA
GetUserNameA
RegCloseKey
GetCurrentHwProfileA

ntdll

NtQueryObject

ws2_32

htons
bind
getaddrinfo
freeaddrinfo
getpeername
getsockname
gethostbyname
connect
closesocket
send
WSASetLastError
recv
sendto
recvfrom
__WSAFDIsSet
select
ioctlsocket
setsockopt
socket
ntohs

dbghelp

MiniDumpWriteDump

shell32

SHGetKnownFolderPath
CommandLineToArgvW

ole32

CoTaskMemFree

bcrypt

BCryptGenRandom

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement
SteamAPI_GetHSteamPipe
SteamAPI_GetHSteamUser
SteamAPI_GetSteamInstallPath
SteamAPI_Init
SteamAPI_RegisterCallResult
SteamAPI_RegisterCallback
SteamAPI_RestartAppIfNecessary
SteamAPI_RunCallbacks
SteamAPI_Shutdown
SteamAPI_UnregisterCallResult
SteamAPI_UnregisterCallback
SteamApps
SteamFriends
SteamGameServer
SteamGameServer_GetHSteamPipe
SteamGameServer_GetHSteamUser
SteamGameServer_Init
SteamGameServer_RunCallbacks
SteamGameServer_Shutdown
SteamInternal_CreateInterface
SteamInternal_GameServer_Init
SteamMatchmaking
SteamNetworking
SteamRemoteStorage
SteamUser
SteamUserStats
SteamUtils

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 162KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 844KB - Virtual size: 843KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db923f3a2ea510ee997b9e5487fd4c11

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

kernel32

user32

gdi32

advapi32

ntdll

ws2_32

dbghelp

shell32

ole32

bcrypt

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 162KB - Virtual size: 329KB

.pdata Size: 49KB - Virtual size: 48KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 844KB - Virtual size: 843KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 162KB - Virtual size: 329KB

.pdata
Size: 49KB - Virtual size: 48KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 844KB - Virtual size: 843KB