ed2631445a1136128d4317f9d635ec306bfb107c98306a3f4f10c3de378e6794[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ed2631445a1136128d4317f9d635ec306bfb107c98306a3f4f10c3de378e6794.exe
Size

1.4MB
MD5

17cb5e7840d485e866c74ab60ac5ee71
SHA1

551b0d0e0533b0c37b9f6399e9a6d26018540606
SHA256

ed2631445a1136128d4317f9d635ec306bfb107c98306a3f4f10c3de378e6794
SHA512

ddb931cbd9b0aa677a00c57ea19f5e6eb6379aa80e8c0d07209f847b5eb0a6817431e73cb3cb7cad1cccd23d2bd9bb670016ff41f432bec71a5adf3145c87f10
SSDEEP

24576:Ma6HJkdFSGcjP19ECJs5W5gMUsmtWHDzzGC0thbiYNbzFkrRFIWSVnw6s4cz4Tjh:M+FSGMHlJs5wUiDzSthbiY6anw3TEHIs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ed2631445a1136128d4317f9d635ec306bfb107c98306a3f4f10c3de378e6794.exe

Files

ed2631445a1136128d4317f9d635ec306bfb107c98306a3f4f10c3de378e6794.exe
.dll windows:6 windows x64 arch:x64

e7264a134a3d98488a9f33ba80c72bab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\metaphor\Desktop\metaowning\x64\Release\warzoneiii.pdb

Imports

kernel32

GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStdHandle
CreateEventW
GetModuleHandleW
IsDebuggerPresent
GetCurrentProcessId
GetEnvironmentVariableA
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
OpenThread
WaitForSingleObjectEx
MoveFileExA
FormatMessageW
SetLastError
CreateThread
CloseHandle
Process32Next
TerminateThread
GetTickCount
GetSystemDirectoryA
SleepEx
InitializeCriticalSectionAndSpinCount
GetLastError
Sleep
CreateToolhelp32Snapshot
Module32First
Thread32First
Thread32Next
Module32Next
VirtualAlloc
Process32First
QueryPerformanceCounter
VerSetConditionMask
QueryPerformanceFrequency
GetLocaleInfoA
GetModuleHandleA
FreeLibrary
GetProcAddress
LoadLibraryA
GlobalUnlock
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
LocalFree
FormatMessageA
CreateFileW
GetFileAttributesExW
AreFileApisANSI
GetFileInformationByHandleEx
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
EnterCriticalSection

user32

CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
ReleaseCapture
GetClipboardData
GetClientRect
SetCursor
SetCapture
GetForegroundWindow
GetKeyboardLayout
EmptyClipboard
SetClipboardData
IsWindowUnicode
DispatchMessageA
DestroyWindow
SetWindowPos
GetSystemMetrics
GetAsyncKeyState
SetWindowDisplayAffinity
MessageBoxA
SetMenu
TrackMouseEvent
LoadCursorA
GetMessageExtraInfo
GetKeyState
FindWindowA
SetWindowLongPtrA
PostQuitMessage
PeekMessageA
TranslateMessage
DefWindowProcA
ScreenToClient
ClientToScreen
GetCapture

advapi32

CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegSetValueExA
RegGetValueA
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
RegOpenKeyExA

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

dwmapi

DwmExtendFrameIntoClientArea

msvcp140

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1_Lockit@std@@QEAA@XZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
??0_Lockit@std@@QEAA@H@Z
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A

normaliz

IdnToAscii

ws2_32

send
WSACloseEvent
gethostname
ioctlsocket
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
closesocket
WSAGetLastError
recv
bind
sendto
connect
getpeername
recvfrom
freeaddrinfo
getsockname
getsockopt
htons
ntohs
getaddrinfo
setsockopt
listen
socket
htonl
accept
WSAIoctl
WSAStartup
WSASetLastError
WSACleanup
__WSAFDIsSet
select

wldap32

ord143
ord217
ord46
ord211
ord60
ord50
ord32
ord22
ord26
ord27
ord301
ord200
ord30
ord79
ord35
ord33
ord41
ord45

crypt32

CertFindExtension
CertGetNameStringA
CryptQueryObject
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CryptDecodeObjectEx
CertCloseStore
CertOpenStore
CertAddCertificateContextToStore
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTextureFromFileInMemory

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception_context
_CxxThrowException
__std_type_info_destroy_list
memchr
memmove
strrchr
memset
memcpy
__std_exception_copy
__std_exception_destroy
__C_specific_handler
strchr
strstr
__current_exception
__std_terminate
memcmp

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
ftell
fflush
fclose
setvbuf
_close
fgets
fseek
__stdio_common_vfprintf
fgetc
_read
fwrite
_wfopen
__stdio_common_vsprintf
fread
__stdio_common_vsscanf
_popen
_pclose
ungetc
fgetpos
_lseeki64
fsetpos
_write
_open
fopen
fputc
_fseeki64
_get_stream_buffer_pointers
fputs
feof

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-string-l1-1-0

strcmp
tolower
_strdup
strncmp
strcspn
strspn
isupper
strncpy
strpbrk

api-ms-win-crt-heap-l1-1-0

realloc
_callnewh
free
malloc
calloc

api-ms-win-crt-runtime-l1-1-0

_errno
system
_invalid_parameter_noinfo_noreturn
__sys_errlist
__sys_nerr
exit
_initterm_e
_beginthreadex
_getpid
_initterm
_wassert
_seh_filter_dll
_configure_narrow_argv
terminate
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit

api-ms-win-crt-convert-l1-1-0

atof
strtod
wcstombs
atoi
strtoul
strtoll
strtol
strtoull

api-ms-win-crt-math-l1-1-0

sinf
sqrtf
fmodf
_dclass
cosf
ceilf
acosf
_dsign

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_unlock_file
_access
_unlink
_stat64
_lock_file

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv

api-ms-win-crt-time-l1-1-0

_time64
strftime
_gmtime64

Sections

.text
Size: 851KB - Virtual size: 850KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 327KB - Virtual size: 569KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7264a134a3d98488a9f33ba80c72bab

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

imm32

dwmapi

msvcp140

normaliz

ws2_32

wldap32

crypt32

d3d9

d3dx9_43

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 851KB - Virtual size: 850KB

.rdata Size: 202KB - Virtual size: 202KB

.data Size: 327KB - Virtual size: 569KB

.pdata Size: 34KB - Virtual size: 33KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 851KB - Virtual size: 850KB

.rdata
Size: 202KB - Virtual size: 202KB

.data
Size: 327KB - Virtual size: 569KB

.pdata
Size: 34KB - Virtual size: 33KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 2KB - Virtual size: 2KB