iw6-mod[.]exe | Triage

Resubmissions

14-07-2024 02:34

240714-c2n9mawcmb 8

14-07-2024 02:32

240714-c1cjfawbre 8

Sharing

Copy URL

Twitter E-mail

General

Target

iw6-mod.exe
Size

6.0MB
MD5

3be828f4838d889a03b413ff73e2d21b
SHA1

2a095c0e592544afaa32d29b9e8e0cbc458b9aba
SHA256

14263ad2a23077a4930343857a3628596c113c7f30c69cabf69e4abf07e1555f
SHA512

5e1057edf21326f46adf864a82613ff42b479f1cd7daa3670f559576c9d855f7443a57c1743686277497d88a40ba4a9ac14d9ea851f2521ee02ee3660ea26bba
SSDEEP

98304:jc4wbMx7oxdDt+BQoqNv4rEGquX6kgkkTUGIHgl9yooFBYiU6sP2Hgl9y:Y4SZ1mrELuX67HoGIHufXVP2Hu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
iw6-mod.exe

Files

iw6-mod.exe
.exe windows:6 windows x64 arch:x64

Password: 9999

6ae071e9f17cb68fe3de08a15635abd9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\iw6-mod\iw6-mod\build\bin\x64\Release\iw6-mod.pdb

Imports

kernel32

GetModuleFileNameA
GetModuleFileNameW
CreateFileA
SetThreadExecutionState
LoadLibraryA
CreateProcessA
CloseHandle
GetCurrentDirectoryA
GetCurrentThreadId
CreateDirectoryA
TerminateProcess
SetCurrentDirectoryA
SetDllDirectoryA
SetProcessDEPPolicy
GetTickCount
InitializeCriticalSectionEx
GetLastError
DecodePointer
DeleteCriticalSection
OutputDebugStringA
GetModuleHandleW
GetModuleHandleA
GetCurrentProcess
RtlUnwind
HeapDestroy
HeapCreate
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetModuleHandleExW
VirtualAlloc
VirtualFree
FlushInstructionCache
InitializeCriticalSection
VirtualProtect
SetConsoleTitleA
GetConsoleWindow
GetCurrentProcessId
WriteConsoleW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
HeapSize
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
SetStdHandle
FlushFileBuffers
GetTimeZoneInformation
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetLargePageMinimum
GetModuleHandleExA
AllocConsole
AttachConsole
GetCommandLineA
LocalFree
GetVolumeInformationA
GetProcAddress
AddVectoredExceptionHandler
SetThreadContext
HeapAlloc
HeapFree
GetStdHandle
SetEnvironmentVariableW
GetConsoleOutputCP
GetFileType
ReadConsoleW
GetConsoleMode
ExitProcess
FreeLibraryAndExitThread
GetThreadContext
GetSystemInfo
ExitThread
CreateThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlPcToFileHeader
InterlockedPushEntrySList
RtlUnwindEx
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ReadFile
WriteFile
PeekNamedPipe
CreateFileW
WaitNamedPipeW
lstrlenW
MultiByteToWideChar
FindFirstFileW
SetLastError
FindNextFileW
FindClose
WideCharToMultiByte
SizeofResource
FindResourceA
LockResource
LoadResource
FreeLibrary
GlobalLock
GlobalUnlock
GetSystemFirmwareTable
VirtualQuery
DeleteFileA
Thread32Next
Thread32First
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
OpenThread
GetCommandLineW
GetTempPathA
IsDebuggerPresent
OutputDebugStringW
RaiseException
EnterCriticalSection
LeaveCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
WaitForSingleObjectEx
Sleep
GetExitCodeThread
QueryPerformanceCounter
QueryPerformanceFrequency
FormatMessageA
CreateDirectoryW
FindFirstFileExW
GetFileAttributesExW
AreFileApisANSI
GetFileInformationByHandleEx
GetLocaleInfoEx
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize
GetStringTypeW
EncodePointer
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
LCMapStringEx
CompareStringEx
GetCPInfo
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GetCurrentThread

user32

SetCursorPos
GetForegroundWindow
GetCursorPos
GetWindowRect
SetWindowTextA
DispatchMessageW
TranslateMessage
GetRawInputData
ShowWindow
GetWindowThreadProcessId
GetShellWindow
ScreenToClient
RegisterRawInputDevices
CreateWindowExA
RegisterClassExA
OpenClipboard
PeekMessageW
SetWindowPos
CloseClipboard
SystemParametersInfoA
GetWindowLongPtrA
SetWindowLongPtrA
PostQuitMessage
MoveWindow
GetMessageA
GetClientRect
MessageBoxA
UpdateWindow
AdjustWindowRect
SendMessageA
GetSystemMetrics
RegisterClassA
LoadCursorA
DefWindowProcA
UnregisterClassA
DestroyWindow
DispatchMessageA
PeekMessageA
IsWindow
DestroyIcon
LoadIconA
LoadImageA
GetClipboardData

gdi32

DeleteObject

advapi32

CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegCreateKeyA
GetUserNameA
GetCurrentHwProfileA
RegSetValueExW
RegCreateKeyExW
CryptAcquireContextA

shell32

CommandLineToArgvW
ShellExecuteA

ole32

CoGetClassObject
OleUninitialize
OleInitialize
OleSetContainedObject

oleaut32

VariantClear
VariantInit
SysAllocString
SafeArrayDestroy
SafeArrayCreate
SafeArrayAccessData

crypt32

CryptProtectData

dbghelp

MiniDumpWriteDump

ntdll

NtQueryObject

ws2_32

WSAStartup
htons
gethostbyname
ioctlsocket
closesocket
connect
recv
send
recvfrom
WSASetLastError
sendto

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement
SteamAPI_GetSteamInstallPath
SteamAPI_Init
SteamAPI_RegisterCallResult
SteamAPI_RegisterCallback
SteamAPI_RestartAppIfNecessary
SteamAPI_RunCallbacks
SteamAPI_Shutdown
SteamAPI_UnregisterCallResult
SteamAPI_UnregisterCallback
SteamApps
SteamFriends
SteamGameServer
SteamGameServer_Init
SteamGameServer_RunCallbacks
SteamGameServer_Shutdown
SteamMatchmaking
SteamNetworking
SteamRemoteStorage
SteamUser
SteamUserStats
SteamUtils

Sections

.pdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cld
Size: 159KB - Virtual size: 433KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.clr
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.main
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: 9999

6ae071e9f17cb68fe3de08a15635abd9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

crypt32

dbghelp

ntdll

ws2_32

Exports

Exports

Sections

.pdata Size: 63KB - Virtual size: 63KB

_RDATA Size: 512B - Virtual size: 348B

.cld Size: 159KB - Virtual size: 433KB

.clr Size: 2.1MB - Virtual size: 2.1MB

.main Size: 1.7MB - Virtual size: 1.7MB

.rsrc Size: 2.0MB - Virtual size: 2.0MB

.pdata
Size: 63KB - Virtual size: 63KB

_RDATA
Size: 512B - Virtual size: 348B

.cld
Size: 159KB - Virtual size: 433KB

.clr
Size: 2.1MB - Virtual size: 2.1MB

.main
Size: 1.7MB - Virtual size: 1.7MB

.rsrc
Size: 2.0MB - Virtual size: 2.0MB