2ad8d966ac74ce0482808f0d8eec6e110d144b0fa3973a0fcdc25aeb649a5bc8

Sharing

Copy URL Twitter E-mail

General

Target

2ad8d966ac74ce0482808f0d8eec6e110d144b0fa3973a0fcdc25aeb649a5bc8
Size

3.8MB
MD5

34015b3e31971c042e778030265c3085
SHA1

0c517ba85771ec62c305ad88674aa97287e26f2f
SHA256

2ad8d966ac74ce0482808f0d8eec6e110d144b0fa3973a0fcdc25aeb649a5bc8
SHA512

3458b7a07744d9c6004c6942e55450ffe81f388a04566ccc1851fe5c180285c5cdd3415bad497775476f711e600ef5e03aa1a223097fad365a6643e2e158f5a6
SSDEEP

98304:Z35PqYMkJlRtSIx5wF9uB53HtX4uRBFqwzOe8X:TPVpCuRXSe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ad8d966ac74ce0482808f0d8eec6e110d144b0fa3973a0fcdc25aeb649a5bc8

Files

2ad8d966ac74ce0482808f0d8eec6e110d144b0fa3973a0fcdc25aeb649a5bc8
.exe windows:4 windows x86 arch:x86

0c535a160849b1ed58a7ecf3ca6b8fd9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyA
RegCloseKey
RegCreateKeyExA
RegOpenKeyA
RegSetValueExA
RegQueryValueExA

dinput8

DirectInput8Create

gdi32

EnumFontFamiliesA
AddFontResourceA
CreateDCA
CreateCompatibleBitmap
GetObjectA
SelectPalette
RealizePalette
GetDIBits
GetSystemPaletteEntries
CreatePalette
BitBlt
GetDeviceCaps
ExtTextOutA
GetTextExtentPoint32A
CreateDIBSection
SetTextColor
SetBkColor
SetTextAlign
SetMapMode
DeleteDC
CreateCompatibleDC
CreateFontA
SelectObject
DeleteObject
GetStockObject
SetBkMode
SetROP2

imm32

ImmIsIME
ImmGetContext
ImmSetStatusWindowPos
ImmReleaseContext
ImmAssociateContext

kernel32

InterlockedIncrement
InterlockedDecrement
GlobalUnlock
GlobalLock
GlobalReAlloc
GetTempFileNameA
CopyFileA
GetWindowsDirectoryA
SetThreadAffinityMask
GetCurrentThread
CreateMutexA
GlobalMemoryStatus
InterlockedExchange
GetLocaleInfoW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
SetStdHandle
GetStringTypeW
GetStringTypeA
IsBadCodePtr
FlushFileBuffers
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetVersionExA
GetOEMCP
GetACP
GetCPInfo
HeapSize
HeapReAlloc
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetSystemTimeAsFileTime
HeapAlloc
GetCommandLineA
GetStartupInfoA
MoveFileA
GetFileAttributesA
RaiseException
MultiByteToWideChar
GetTimeZoneInformation
GetCurrentProcess
ExitProcess
RtlUnwind
SetEndOfFile
GetVersion
IsBadReadPtr
GetSystemInfo
VirtualAlloc
VirtualFree
VirtualProtect
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapFree
LoadLibraryA
FreeLibrary
GetPrivateProfileIntA
GetPrivateProfileStringA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
FindNextFileA
WritePrivateProfileStringA
GetCurrentDirectoryA
CreateDirectoryA
FindFirstFileA
FindClose
lstrcpynA
Sleep
GetTickCount
lstrcpyA
GetLastError
lstrcatA
DeleteFileA
GetLocalTime
SetFilePointer
GetFileSize
GlobalAlloc
GlobalFree
GetModuleFileNameA
WriteFile
QueryPerformanceFrequency
QueryPerformanceCounter
MulDiv
CreateFileA
CloseHandle
lstrcmpA
lstrlenA
SetCurrentDirectoryA
ReadFile
lstrlenW
WideCharToMultiByte
GetModuleHandleA
TerminateProcess
GetProcAddress
GetSystemTime
CreateFileW
lstrcmpiA

oleaut32

SafeArrayCreate
VariantChangeType
VariantInit
SysAllocString
VariantClear
SafeArrayAccessData
SafeArrayUnaccessData
VariantCopy

shell32

ShellExecuteA

user32

ChangeDisplaySettingsA
EnumDisplaySettingsA
AdjustWindowRect
FlashWindow
RegisterClassExA
LoadIconA
DispatchMessageA
SetRect
PtInRect
ReleaseDC
SetForegroundWindow
InvalidateRect
ScreenToClient
GetDoubleClickTime
IsRectEmpty
CopyRect
UnregisterClassA
GetPropA
SetPropA
TranslateMessage
PeekMessageA
GetDC
SendMessageA
SetWindowLongA
CreateWindowExA
GetKeyboardLayout
CallWindowProcA
SetFocus
RemovePropA
MoveWindow
GetWindowTextA
CharLowerA
wsprintfA
MessageBoxA
GetActiveWindow
DefWindowProcA
GetClientRect
PostQuitMessage
ShowCursor
GetCursorPos
SetRectEmpty
EqualRect
GetAsyncKeyState
SetCursorPos
ClientToScreen
GetParent
SetCursor
GetCursor
DestroyWindow
ClipCursor
GetWindowRect
ShowWindow
UpdateWindow
GetSystemMetrics
EndPaint
BeginPaint
RegisterClassA
SetActiveWindow
LoadCursorA
SetWindowTextA
GetClassInfoA

winmm

PlaySoundA
timeGetTime

wsock32

inet_addr
gethostbyname
ntohl
htonl
send
ntohs
inet_ntoa
gethostname
ioctlsocket
htons
socket
WSAGetLastError
setsockopt
connect
WSAAsyncSelect
closesocket
WSACleanup
WSAStartup
recv

d3d8

Direct3DCreate8

mss32

_AIL_shutdown@0
_AIL_set_redist_directory@4
_AIL_startup@0
_AIL_quick_startup@20
_AIL_quick_handles@12
_AIL_set_digital_master_room_type@8
_AIL_set_DirectSound_HWND@8
_AIL_enumerate_3D_providers@12
_AIL_open_3D_provider@4
_AIL_open_3D_listener@4
_AIL_set_3D_orientation@28
_AIL_set_3D_sample_loop_count@8
_AIL_set_3D_position@16
_AIL_quick_set_volume@12
_AIL_quick_halt@4
_AIL_end_3D_sample@4
_AIL_pause_stream@8
_AIL_set_3D_sample_volume@8
_AIL_set_stream_volume_levels@12
_AIL_quick_play@8
_AIL_set_stream_position@8
_AIL_start_stream@4
_AIL_quick_status@4
_AIL_3D_sample_status@4
_AIL_stream_status@4
_AIL_file_read@8
_AIL_file_type@8
_AIL_decompress_ASI@24
_AIL_WAV_info@8
_AIL_decompress_ADPCM@12
_AIL_quick_load_mem@8
_AIL_allocate_3D_sample_handle@4
_AIL_set_3D_sample_file@8
_AIL_open_stream@12
_AIL_set_stream_loop_count@8
_AIL_mem_free_lock@4
_AIL_quick_unload@4
_AIL_release_3D_sample_handle@4
_AIL_close_stream@4
_AIL_start_3D_sample@4

ole32

CoInitialize
CLSIDFromString
CoCreateInstance
CoUninitialize

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 246KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 135KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0c535a160849b1ed58a7ecf3ca6b8fd9

Headers

File Characteristics

Imports

advapi32

dinput8

gdi32

imm32

kernel32

oleaut32

shell32

user32

winmm

wsock32

d3d8

mss32

ole32

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.data Size: 246KB - Virtual size: 248KB

Size: 135KB - Virtual size: 1.6MB

.rsrc Size: 28KB - Virtual size: 28KB

.idata Size: 6KB - Virtual size: 8KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.data
Size: 246KB - Virtual size: 248KB

.rsrc
Size: 28KB - Virtual size: 28KB

.idata
Size: 6KB - Virtual size: 8KB