V1[.]05b_Raft_Wind32[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

V1.05b_Raft_Wind32.exe
Size

17.8MB
MD5

cb9ae5afb0d3108c1762b3830871dd0f
SHA1

c0b65095672c73dc3495f0cb35d710ef79b2d5e9
SHA256

47255f6657f39a9d740d24fd2b718c5c398a3c6c4a0c8e4d3991aabb9a162302
SHA512

1b8b82e61a62522114793409056b9ae3ba5d8c506e2df406dadc4759676acfb1613f5198d39ec1f314ad17480637f3a3904837664f15bf6678bbcac5990352e3
SSDEEP

393216:DlrDafhw/OKzAgsQPeBzOfKtZwL0RH1kYNWcLBkNPV/9bY3bLod3TOiqpK/+Yxip:lzTbldcK//

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
V1.05b_Raft_Wind32.exe

Files

V1.05b_Raft_Wind32.exe
.exe windows:5 windows x86 arch:x86

d9111e106a7175f74ec0ea5050ff0eb1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\buildslave\unity\build\artifacts\win32_release_StandalonePlayer_mono_0\player_win_x86.pdb

Imports

hid

HidD_GetPreparsedData
HidD_GetHidGuid
HidD_GetProductString
HidD_GetManufacturerString
HidD_GetSerialNumberString
HidD_GetIndexedString
HidP_GetButtonCaps
HidP_GetValueCaps
HidP_GetCaps
HidP_MaxDataListLength
HidD_FreePreparsedData
HidD_GetAttributes
HidP_GetData

kernel32

SetFileTime
SystemTimeToFileTime
GetSystemTime
CreateFileW
CopyFileW
FindClose
FindNextFileW
FindFirstFileW
FindFirstFileExW
SetFilePointer
ReplaceFileW
GetTempFileNameW
GetModuleFileNameW
VerifyVersionInfoW
VerSetConditionMask
GetCurrentProcess
GetModuleHandleW
GetVersionExW
GetSystemPowerStatus
GetSystemInfo
GlobalMemoryStatusEx
GetUserDefaultUILanguage
GetModuleHandleA
GetTickCount
LoadLibraryW
LocalAlloc
GetCurrentProcessId
SetUnhandledExceptionFilter
CreateThread
InterlockedDecrement
OpenEventW
DebugBreak
GetCurrentDirectoryW
GetComputerNameW
GetCommandLineW
GetTempPathW
CreateSemaphoreA
ResetEvent
GetOverlappedResult
SetEvent
CreateEventA
CreateEventW
CancelIo
WaitForMultipleObjects
GetStartupInfoA
IsDebuggerPresent
InterlockedCompareExchange
SetDllDirectoryW
GetFullPathNameW
ReleaseMutex
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateIoCompletionPort
GetQueuedCompletionStatus
GetWindowsDirectoryW
SleepEx
RaiseException
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
SetThreadPriority
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
InterlockedIncrement
SetHandleInformation
GetLocalTime
GetTimeZoneInformation
InitializeCriticalSection
LoadLibraryExW
GetFileSize
FileTimeToDosDateTime
FileTimeToLocalFileTime
lstrlenA
GetFileTime
lstrcpynW
GlobalMemoryStatus
SetErrorMode
GetProcessAffinityMask
InterlockedExchangeAdd
InterlockedExchange
VirtualProtect
GetFileAttributesExW
RemoveDirectoryW
FlushConsoleInputBuffer
GetStdHandle
SwitchToThread
SetThreadAffinityMask
ExitThread
InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList
InterlockedFlushSList
CreateFileA
OpenEventA
SetWaitableTimer
CreateWaitableTimerA
GetSystemDirectoryA
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetProcessHeap
GetDriveTypeW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
IsValidCodePage
GetOEMCP
GetACP
SetStdHandle
GetConsoleCP
SetHandleCount
HeapCreate
TerminateProcess
UnhandledExceptionFilter
IsProcessorFeaturePresent
CompareStringW
GetCPInfo
LCMapStringW
PeekNamedPipe
GetFileInformationByHandle
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
GetFullPathNameA
GetDateFormatA
GetTimeFormatA
FindFirstFileExA
GetDriveTypeA
FileTimeToSystemTime
GetStartupInfoW
HeapSetInformation
GetCommandLineA
SetConsoleCtrlHandler
DuplicateHandle
HeapSize
HeapQueryInformation
ExitProcess
RtlUnwind
HeapAlloc
HeapReAlloc
HeapFree
GetStringTypeW
GetLocaleInfoW
DecodePointer
EncodePointer
CreateMutexW
FlushInstructionCache
CreateSemaphoreW
SignalObjectAndWait
GetModuleHandleExA
LoadLibraryExA
GetThreadLocale
VerifyVersionInfoA
ExpandEnvironmentStringsA
GetFileType
GetVersion
GlobalAlloc
GlobalLock
GlobalUnlock
GetVersionExA
GetModuleFileNameA
MoveFileExW
VirtualAlloc
DeleteFileW
GetFileAttributesA
GetEnvironmentVariableA
LoadLibraryA
CreateDirectoryW
WaitForSingleObject
GetCurrentThreadId
CreateMutexA
ExpandEnvironmentStringsW
GetDiskFreeSpaceExA
FormatMessageW
VirtualFree
GetCurrentDirectoryA
GetProcAddress
SetEndOfFile
WriteFile
CloseHandle
SetEnvironmentVariableA
SetFilePointerEx
ReadFile
OutputDebugStringA
GetCurrentThread
SuspendThread
GetThreadContext
ResumeThread
SetLastError
FreeLibrary
lstrcpyA
lstrcpynA
GetFileAttributesW
SetFileAttributesW
LocalFree
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
WideCharToMultiByte
MultiByteToWideChar
GetLastError
ReleaseSemaphore
WaitForSingleObjectEx
Sleep
FormatMessageA
QueryPerformanceFrequency
QueryPerformanceCounter
VirtualQuery

user32

WindowFromPoint
UpdateWindow
LoadImageW
DialogBoxParamA
CheckDlgButton
GetCaretBlinkTime
PeekMessageW
wvsprintfA
DispatchMessageW
MsgWaitForMultipleObjects
ValidateRect
SetTimer
EnableWindow
EnumDisplayDevicesA
EnumDisplaySettingsA
CreateWindowExW
RegisterClassW
PeekMessageA
KillTimer
MonitorFromPoint
ClipCursor
SetCursorPos
MessageBoxW
CopyImage
IsDlgButtonChecked
SetWindowTextW
ShowCursor
SetFocus
IsDialogMessageW
EmptyClipboard
CloseClipboard
CreateDialogParamW
SetClipboardData
OpenClipboard
GetSystemMetrics
GetClipboardData
IsClipboardFormatAvailable
RegisterWindowMessageA
SendMessageA
GetUserObjectInformationA
GetThreadDesktop
SetCursor
LoadCursorA
DestroyCursor
DestroyIcon
ScreenToClient
GetParent
GetWindowRect
GetWindowLongA
SetWindowPos
GetClientRect
DefWindowProcW
DestroyWindow
CreateDialogParamA
SetWindowLongA
GetDlgItem
ChangeDisplaySettingsW
MonitorFromWindow
EnumDisplaySettingsW
GetMonitorInfoW
UnregisterClassW
GetAncestor
OffsetRect
CopyRect
GetDesktopWindow
MessageBoxA
GetWindowPlacement
AdjustWindowRectEx
SetDlgItemTextW
SetDlgItemTextA
SendDlgItemMessageW
LoadIconA
EndDialog
DialogBoxParamW
RegisterClassExW
EnumDisplayMonitors
SetCapture
ReleaseCapture
UnregisterDeviceNotification
DispatchMessageA
TranslateMessage
PtInRect
GetMessageExtraInfo
GetAsyncKeyState
MonitorFromRect
GetKeyState
RegisterRawInputDevices
GetMessageTime
GetMessagePos
RegisterDeviceNotificationW
SystemParametersInfoW
GetRawInputData
GetFocus
IsWindowVisible
GetProcessWindowStation
GetUserObjectInformationW
GetCursorPos
ClientToScreen
GetKeyNameTextW
GetRawInputDeviceInfoW
GetRawInputDeviceList
GetWindowLongW
SetWindowLongW
PostQuitMessage
SendMessageTimeoutA
IsIconic
ShowWindow
SetForegroundWindow
wsprintfA
GetDC
ReleaseDC
CreateIconIndirect
EnumWindows
GetMessageA
GetMonitorInfoA

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

ole32

PropVariantClear
CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid
StringFromGUID2
CoInitialize
CoCreateInstance
CoSetProxyBlanket
CoUninitialize

shlwapi

SHDeleteKeyW
PathCanonicalizeW
PathFileExistsW

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList

advapi32

CryptReleaseContext
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegDeleteValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyW
OpenProcessToken
GetTokenInformation
GetSidSubAuthority
GetUserNameA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptGetHashParam
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW

gdi32

GetDeviceCaps
SwapBuffers
SetPixelFormat
ChoosePixelFormat
GetObjectA
DeleteObject
CreateBitmap
CreateDIBSection

shell32

ShellExecuteW
CommandLineToArgvW
SHGetFolderPathW
SHFileOperationW

opengl32

wglGetCurrentContext
wglCreateContext
wglMakeCurrent
wglDeleteContext
wglGetProcAddress
wglGetCurrentDC

winmm

waveOutGetNumDevs
timeBeginPeriod
waveOutGetDevCapsW
waveOutClose
waveOutOpen
waveOutGetDevCapsA
waveInGetNumDevs
timeGetTime
waveOutUnprepareHeader
waveOutWrite
waveOutReset
waveOutGetPosition
waveInAddBuffer
waveInPrepareHeader
waveInUnprepareHeader
waveInGetDevCapsA
waveInGetDevCapsW
waveInStart
waveInOpen
waveInClose
waveInReset
waveOutPrepareHeader
timeEndPeriod

ws2_32

getpeername
WSAStartup
WSAGetLastError
accept
getprotobyname
setsockopt
listen
connect
closesocket
socket
recvfrom
inet_addr
__WSAFDIsSet
recv
send
select
getsockname
gethostname
gethostbyname
ntohl
htonl
ntohs
htons
WSACleanup
shutdown
inet_ntoa
WSAIoctl
ioctlsocket
WSASetLastError
WSASocketA
freeaddrinfo
sendto
getaddrinfo
getnameinfo
WSASetEvent
WSAEnumNetworkEvents
WSAResetEvent
WSAWaitForMultipleEvents
WSACloseEvent
WSAEventSelect
WSACreateEvent
getsockopt
WSACancelAsyncRequest
WSAAsyncGetHostByName
bind
WSARecvFrom

oleaut32

VariantChangeType
VariantClear
VariantInit
SysFreeString
SysAllocString

imm32

ImmReleaseContext
ImmSetOpenStatus
ImmGetConversionStatus
ImmGetCompositionStringW
ImmAssociateContextEx
ImmAssociateContext
ImmGetContext
ImmSetCompositionStringW

dnsapi

DnsQuery_A
DnsFree

iphlpapi

GetIpAddrTable

winhttp

WinHttpGetIEProxyConfigForCurrentUser

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 14.5MB - Virtual size: 14.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 319KB - Virtual size: 877KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.trace
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data1
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 554KB - Virtual size: 553KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 601KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9111e106a7175f74ec0ea5050ff0eb1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

hid

kernel32

user32

version

ole32

shlwapi

setupapi

advapi32

gdi32

shell32

opengl32

winmm

ws2_32

oleaut32

imm32

dnsapi

iphlpapi

winhttp

Exports

Exports

Sections

.text Size: 14.5MB - Virtual size: 14.5MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 319KB - Virtual size: 877KB

.rodata Size: 3KB - Virtual size: 2KB

.trace Size: 27KB - Virtual size: 26KB

_RDATA Size: 1KB - Virtual size: 1KB

.data1 Size: 512B - Virtual size: 64B

.rsrc Size: 554KB - Virtual size: 553KB

.reloc Size: 601KB - Virtual size: 600KB

.text
Size: 14.5MB - Virtual size: 14.5MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 319KB - Virtual size: 877KB

.rodata
Size: 3KB - Virtual size: 2KB

.trace
Size: 27KB - Virtual size: 26KB

_RDATA
Size: 1KB - Virtual size: 1KB

.data1
Size: 512B - Virtual size: 64B

.rsrc
Size: 554KB - Virtual size: 553KB

.reloc
Size: 601KB - Virtual size: 600KB