Morrowind Launcher[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Morrowind Launcher.exe
Size

3.7MB
MD5

98bc054ced2fa8f837f0faa1e517774a
SHA1

7774833c38c9d2cd9f16f9cfb2d5d14c805ab461
SHA256

005d09329e1ef0083318cf55e680642d8af3c64e82dffa0f20a03485f13d195d
SHA512

d53c0ce920ba250d3dc1f7a5a9d2a98d7940d2d0b9495e1d7da6be894af9c44be2296e1e9592017431faa29bb6dd28ee312b52885724f935e1c35b40cc57fa00
SSDEEP

49152:9PPzqdX6m644NjOPp5H9Bc1XJ1h2BFEcRR2dYXQwt+jxrRTk0An/Tyn2hE2:9PPzqdX6m+jhefE9dYXERTYn/mUD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Morrowind Launcher.exe

Files

Morrowind Launcher.exe
.exe windows:4 windows x86 arch:x86

9ddc896c99c142ef0485fcef1299b3ad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
FormatMessageA
lstrcpyA
MultiByteToWideChar
lstrlenA
lstrcmpiA
GetVersionExA
GetSystemInfo
FindClose
FindNextFileA
CompareFileTime
FindFirstFileA
GetCurrentDirectoryA
GetPrivateProfileStringA
FileTimeToSystemTime
CopyFileA
WritePrivateProfileStringA
lstrcatA
CreateToolhelp32Snapshot
Module32First
Module32Next
ReadFile
GlobalMemoryStatus
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentThreadId
GetModuleHandleA
FreeLibrary
LoadLibraryA
GetProcAddress
DeleteFileA
GetLastError
OutputDebugStringA
SetFilePointer
WriteFile
ExitProcess
CreateFileA
GetFileSize
CloseHandle
GetCurrentProcessId
GetStartupInfoA

user32

GetWindowRect
EndDialog
DialogBoxIndirectParamA
SendDlgItemMessageA
CreateDialogParamA
DestroyIcon
GetSystemMetrics
DialogBoxParamA
GetWindowLongA
SetDlgItemTextA
GetDlgItemTextA
SetWindowLongA
IsWindowEnabled
SetWindowTextA
GetDlgItem
EnableWindow
ScreenToClient
MoveWindow
InvalidateRect
ShowWindow
UpdateWindow
LoadIconA
LoadCursorA
RegisterClassExA
LoadStringA
GetMessageA
TranslateMessage
DispatchMessageA
SendMessageA
LoadImageA
MessageBoxA
ChildWindowFromPointEx
DefWindowProcA
PostQuitMessage

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA

shell32

ShellExecuteA

d3d8

Direct3DCreate8

comctl32

ord17
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Create

winmm

timeGetTime

msvcp60

??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Xlen@std@@YAXXZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??0Init@ios_base@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ

msvcrt

sqrt
strrchr
strcmp
_open
_filelength
_read
_close
_itoa
_strnicmp
_stricmp
atoi
memcpy
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
__CxxFrameHandler
_access
sprintf
fseek
ftell
??2@YAPAXI@Z
fclose
fopen
vsprintf
clock
_ftol
toupper
free
sscanf
memmove
malloc
calloc
strchr
_errno
rename
tolower
strncpy
_assert
_onexit
cos
sin
rand
_XcptFilter
_chkesp
abs
memset
strcpy
strcat
strlen
_purecall
fabs
strstr
_exit
?terminate@@YAXXZ
_except_handler3
strtok
memcmp
qsort
bsearch
fmod
acos
asin
atan
_splitpath
fwrite
fread
_rotr
_stat
_makepath
printf
fgets
__dllonexit

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

save_gam
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TAKEOUT_
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ddc896c99c142ef0485fcef1299b3ad

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

d3d8

comctl32

winmm

msvcp60

msvcrt

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

save_gam Size: 8KB - Virtual size: 4KB

TAKEOUT_ Size: 16KB - Virtual size: 14KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 24KB - Virtual size: 44KB

.idata Size: 8KB - Virtual size: 7KB

.rsrc Size: 2.5MB - Virtual size: 2.5MB

.reloc Size: 60KB - Virtual size: 59KB

.text
Size: 1.1MB - Virtual size: 1.1MB

save_gam
Size: 8KB - Virtual size: 4KB

TAKEOUT_
Size: 16KB - Virtual size: 14KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 24KB - Virtual size: 44KB

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

.reloc
Size: 60KB - Virtual size: 59KB