Static task
static1
General
-
Target
lotrtrotkplb-chwdgb.7z
-
Size
1.2MB
-
MD5
0f76f15313254ce633b32ca9a8e466b5
-
SHA1
bb2db1b3c2b57e274124ce4f17eb27ed9b25c93a
-
SHA256
b0bca01ddfa44bd9fba2f2e670a40635d503989b5bf5e831500729552c8a44c3
-
SHA512
53746761ea366bd033a9b9acac141bd8fd06a34fcbe50dbbb9f80447ed5a16fa3341fc94c4d31b17dd294a6d297b5d3b21076d67d56e1e51176c8981182a244d
-
SSDEEP
24576:4oUmG48Pvjl3ErZbrGO2gIFwe2ehqdDZ6s+9n46jAq0JcTE+5+N+jJe:mmT8Prl3EtGOew9DLK46jArcR5rJe
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/lotrtrotkplb-chwdgb/RunGame.exe
Files
-
lotrtrotkplb-chwdgb.7z.7z
-
lotrtrotkplb-chwdgb/AutoRun/en-uk_AutoRun.bmp
-
lotrtrotkplb-chwdgb/AutoRun/en-uk_slide_000.bmp
-
lotrtrotkplb-chwdgb/AutoRun/nl_AutoRun.bmp
-
lotrtrotkplb-chwdgb/AutoRun/nl_slide_000.bmp
-
lotrtrotkplb-chwdgb/AutoRun/pl_AutoRun.bmp
-
lotrtrotkplb-chwdgb/AutoRun/pl_slide_000.bmp
-
lotrtrotkplb-chwdgb/AutoRun/pt-pt_AutoRun.bmp
-
lotrtrotkplb-chwdgb/AutoRun/pt-pt_slide_000.bmp
-
lotrtrotkplb-chwdgb/AutoRun/slide_001.bmp
-
lotrtrotkplb-chwdgb/AutoRun/slide_002.bmp
-
lotrtrotkplb-chwdgb/AutoRun/slide_003.bmp
-
lotrtrotkplb-chwdgb/AutoRun/slide_004.bmp
-
lotrtrotkplb-chwdgb/AutoRun/slide_005.bmp
-
lotrtrotkplb-chwdgb/AutoRun/slide_006.bmp
-
lotrtrotkplb-chwdgb/AutoRun/sv_AutoRun.bmp
-
lotrtrotkplb-chwdgb/AutoRun/sv_slide_000.bmp
-
lotrtrotkplb-chwdgb/ROTK.ico
-
lotrtrotkplb-chwdgb/RunGame.exe.exe windows:4 windows x86 arch:x86
69ff18a7efa47879873ccf000cd46e31
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetCommandLineA
GetSystemTimeAsFileTime
SetEnvironmentVariableA
RaiseException
HeapReAlloc
SetStdHandle
GetFileType
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStartupInfoA
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
VirtualProtect
GetSystemInfo
VirtualQuery
TerminateProcess
ExitProcess
RtlUnwind
HeapFree
HeapAlloc
GetOEMCP
GetCPInfo
SetErrorMode
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GlobalFlags
lstrcatA
WritePrivateProfileStringA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
GlobalAddAtomA
GetCurrentThreadId
GlobalDeleteAtom
lstrcmpA
GetModuleFileNameA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcpynA
CreateFileA
FreeLibrary
GetUserDefaultLangID
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
FindResourceA
LoadResource
LockResource
SizeofResource
GetModuleHandleA
SetLastError
Sleep
GetSystemDirectoryA
GetWindowsDirectoryA
GetTempPathA
GetCurrentThread
LocalAlloc
GetCurrentProcess
FindFirstFileA
FindClose
GetLastError
FormatMessageA
LocalFree
SetCurrentDirectoryA
LoadLibraryA
GetProcAddress
lstrlenA
lstrcmpiA
CompareStringW
CompareStringA
GetVersion
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
SetHandleCount
InterlockedExchange
user32
DestroyMenu
RegisterWindowMessageA
WinHelpA
CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
UnregisterClassA
CallWindowProcA
IsIconic
GetWindowPlacement
SetWindowPos
ShowWindow
SetWindowLongA
GetDlgItem
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetWindowTextA
SetWindowTextA
GetClassNameA
GetCapture
ClientToScreen
UnhookWindowsHookEx
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
SetMenuItemBitmaps
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
CopyRect
SendMessageA
SetCursor
PostQuitMessage
PostMessageA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
PeekMessageA
TranslateMessage
DispatchMessageA
wsprintfA
SystemParametersInfoA
DefWindowProcA
MessageBoxA
gdi32
TextOutA
RectVisible
PtVisible
ExtTextOutA
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
DeleteObject
CreateBitmap
GetDeviceCaps
Escape
winspool.drv
OpenPrinterA
DocumentPropertiesA
ClosePrinter
advapi32
InitializeSecurityDescriptor
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
OpenProcessToken
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
ImpersonateSelf
OpenThreadToken
AllocateAndInitializeSid
RegDeleteKeyA
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
RevertToSelf
FreeSid
shell32
ShellExecuteA
comctl32
ord17
shlwapi
PathFindFileNameA
PathFindExtensionA
oleaut32
VariantChangeType
VariantClear
VariantInit
Sections
.text Size: 96KB - Virtual size: 92KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 28KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 20KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
lotrtrotkplb-chwdgb/autorun.inf