33dea14a1d074c1c04ff7d7a3c6b2ba0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

33dea14a1d074c1c04ff7d7a3c6b2ba0N.exe
Size

5.5MB
MD5

33dea14a1d074c1c04ff7d7a3c6b2ba0
SHA1

626661a0ddcd3d45bf190c30422b9c5e23534797
SHA256

e397fc39372af296ca2eb92b16ed4addea67c7ddc77fca9c4b9776bd6a2d1c69
SHA512

d46f94af550583657b19ada72ecb2bea855185aa0dceccfa1972db83bc08352544ae90fc3429f5182e20c3a06dbf92e565860b6bd033ee7ca29d3d131e0eced2
SSDEEP

98304:x5RZYNaQqwJNAh/3939d+NzGcFrLWrNfIPdXcSHuB1qGBGAJao1p/Vf27nb+LcnN:x5RZYUObAh/3fd+NzGcFrLWrNfIPdXcK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33dea14a1d074c1c04ff7d7a3c6b2ba0N.exe

Files

33dea14a1d074c1c04ff7d7a3c6b2ba0N.exe
.exe windows:4 windows x86 arch:x86

da9596ff6b10e975937f6bf6b4b3c000

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Work\Games\fishdom-2\data\Fishdom.pdb

Imports

shell32

ShellExecuteExA
SHGetSpecialFolderPathA

shlwapi

PathFindFileNameA
PathCanonicalizeA

advapi32

RegisterEventSourceW
ReportEventA
RegisterEventSourceA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
OpenProcessToken
OpenThreadToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegOpenKeyA
RegCreateKeyExA
FreeSid
SetSecurityInfo
SetEntriesInAclA
AllocateAndInitializeSid
GetSecurityInfo
ReportEventW
RegSetValueExW
RegCreateKeyExW
DeregisterEventSource

user32

SetFocus
GetClientRect
GetDesktopWindow
ShowWindow
SetWindowPos
PtInRect
ScreenToClient
GetCursorPos
ShowCursor
LoadCursorA
SetCursor
UnregisterClassA
DestroyWindow
CreateWindowExA
SetWindowLongA
RegisterClassExA
LoadImageA
LoadIconA
DispatchMessageA
TranslateMessage
PeekMessageA
GetMessageA
ReleaseDC
GetDC
ClientToScreen
AdjustWindowRect
EnumDisplaySettingsA
SetForegroundWindow
GetWindowRgn
GetSystemMetrics
GetProcessWindowStation
GetKeyState
IsClipboardFormatAvailable
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetAsyncKeyState
GetWindowRect
SystemParametersInfoA
GetUserObjectInformationW
RedrawWindow
CharUpperW
CharUpperA
CharLowerW
CharLowerA
MessageBoxA
FindWindowA
FindWindowExA
EnableWindow
DefWindowProcA
SendMessageA
UpdateWindow

gdi32

SetStretchBltMode
StretchBlt
GetObjectA
GetDIBits
DeleteDC
GetStockObject
BitBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateDCA
DeleteObject
CombineRgn
CreateRectRgn
GetDeviceCaps
GetBitmapBits

kernel32

CreateThread
ExitThread
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
ReadConsoleInputA
SetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetFullPathNameA
SetEnvironmentVariableW
GetComputerNameW
GetVersionExW
FlushConsoleInputBuffer
GetCurrentDirectoryW
GetTempPathW
ExpandEnvironmentStringsW
GetLogicalDriveStringsW
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
GetFileAttributesW
GetFileAttributesExW
SetFileTime
SetFileAttributesW
CopyFileW
MoveFileW
DeleteFileW
RemoveDirectoryW
CreateDirectoryW
GetExitCodeThread
EnterCriticalSection
LeaveCriticalSection
SetThreadAffinityMask
GetCurrentThread
GetProcessAffinityMask
GetCurrentProcess
QueryPerformanceCounter
QueryPerformanceFrequency
GetLocalTime
CopyFileA
GetModuleFileNameA
MulDiv
DeleteCriticalSection
GetLastError
TerminateProcess
CloseHandle
GetCurrentProcessId
GetCurrentThreadId
CreateFileA
GetProcAddress
LoadLibraryA
InitializeCriticalSection
SetUnhandledExceptionFilter
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
RaiseException
GetVersion
lstrcmpiA
lstrlenW
lstrcmpiW
lstrlenA
CompareStringA
CompareStringW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetStringTypeExA
GetStringTypeExW
GetSystemTime
GetCurrentDirectoryA
GetShortPathNameA
GetPrivateProfileStringA
FindClose
FindNextFileA
FindFirstFileA
WritePrivateProfileStringA
Sleep
LocalFree
CreateDirectoryA
DeleteFileA
WinExec
SetCurrentDirectoryA
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
MoveFileA
InterlockedIncrement
InterlockedDecrement
SetThreadPriority
GetProcessTimes
GetExitCodeProcess
CreateProcessW
DuplicateHandle
GetStartupInfoW
OpenProcess
FindNextFileW
FindFirstFileW
CreateEventW
SetEvent
CreatePipe
LoadLibraryW
CreateMutexW
ResetEvent
HeapSize
GetConsoleCP
WaitForMultipleObjects
GlobalMemoryStatus
ReadFile
GetModuleFileNameW
ReleaseSemaphore
CreateSemaphoreA
FormatMessageA
ReleaseMutex
CreateMutexA
WaitForSingleObject
SetEndOfFile
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
SetStdHandle
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
FreeLibrary
SetConsoleCtrlHandler
IsValidCodePage
GetOEMCP
FlushFileBuffers
InterlockedCompareExchange
IsProcessorFeaturePresent
GetModuleHandleA
WriteFile
GetFileSize
MapViewOfFile
CreateFileMappingA
CreateFileW
UnmapViewOfFile
LockResource
LoadResource
SizeofResource
FindResourceA
FindResourceW
HeapFree
UnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetSystemTimeAsFileTime
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
GetTimeFormatA
GetDateFormatA
GetCommandLineA
GetProcessHeap
GetStartupInfoA
HeapReAlloc
LCMapStringA
LCMapStringW
GetCPInfo
HeapDestroy
HeapCreate
VirtualFree
FatalAppExitA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetConsoleMode

bass

BASS_SampleGetInfo
BASS_Free
BASS_GetDeviceDescription
BASS_Init
BASS_ErrorGetCode
BASS_ChannelStop
BASS_StreamPlay
BASS_ChannelSetAttributes
BASS_SampleLoad
BASS_StreamCreateFile
BASS_Pause
BASS_Start
BASS_SampleStop
BASS_ChannelBytes2Seconds
BASS_StreamGetLength
BASS_ChannelGetData
BASS_SamplePlayEx

d3d8

Direct3DCreate8

ws2_32

WSASetLastError
ntohs
getservbyname
htons
ntohl
inet_addr
WSAStartup
WSACleanup
gethostname
gethostbyname
gethostbyaddr
WSAGetLastError
__WSAFDIsSet
select
closesocket
accept
connect
bind
listen
shutdown
send
recv
sendto
recvfrom
getsockname
getpeername
setsockopt
getsockopt
socket
ioctlsocket

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 885KB - Virtual size: 884KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 129KB - Virtual size: 16.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 303KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da9596ff6b10e975937f6bf6b4b3c000

Headers

File Characteristics

PDB Paths

Imports

shell32

shlwapi

advapi32

user32

gdi32

kernel32

bass

d3d8

ws2_32

iphlpapi

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.rdata Size: 885KB - Virtual size: 884KB

.data Size: 129KB - Virtual size: 16.2MB

.data1 Size: 2KB - Virtual size: 2KB

.rsrc Size: 363KB - Virtual size: 363KB

.reloc Size: 303KB - Virtual size: 302KB

.text
Size: 3.8MB - Virtual size: 3.8MB

.rdata
Size: 885KB - Virtual size: 884KB

.data
Size: 129KB - Virtual size: 16.2MB

.data1
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 363KB - Virtual size: 363KB

.reloc
Size: 303KB - Virtual size: 302KB