1ef9436faeeffe91ab0b9aef89385990N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1ef9436faeeffe91ab0b9aef89385990N.exe
Size

1.9MB
MD5

1ef9436faeeffe91ab0b9aef89385990
SHA1

d49a69b85d5dd640d3a5abe80521feee1e7429c7
SHA256

04f0f41af263e4446868cc7705595fb7881e7b7bdb6e8a50671c54d8dfc9e1f2
SHA512

e37acc5e25eb59f0cd57d61f28ff02a7b52a6b8c4e62e585154644a30b26fe0f78a4175696d1dd7b426c758d3ceb4019c3819a6d28ce073d48277ad08e835157
SSDEEP

49152:MCuFK4uBD4vwLW8Ri/rfEWe0tHTigwpH+N0KP:AKLBkTMBjD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ef9436faeeffe91ab0b9aef89385990N.exe

Files

1ef9436faeeffe91ab0b9aef89385990N.exe
.dll windows:5 windows x86 arch:x86

f22aff6a4a4928b12479aefa7f64dc0e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\svn\BlackOps1\IW4BO1v10\code\Debug\clientdll.pdb

Imports

credui

CredUIPromptForWindowsCredentialsW
CredUnPackAuthenticationBufferW

ws2_32

listen
recvfrom
sendto
WSASetLastError
accept
__WSAFDIsSet
ioctlsocket
select
setsockopt
getpeername
getsockopt
htons
bind
ntohs
getsockname
send
recv
WSAGetLastError
gethostbyname
WSAStartup
getaddrinfo
socket
connect
shutdown
closesocket
WSACleanup

winmm

timeBeginPeriod

shlwapi

StrStrIA

kernel32

ReadConsoleInputA
SetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetFileInformationByHandle
SetFileAttributesA
FlushConsoleInputBuffer
GetVersionExA
GlobalMemoryStatus
FindNextFileA
GetVersion
GetProcessHeap
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
IsValidLocale
EnumSystemLocalesA
OutputDebugStringA
ExitProcess
GetCurrentThread
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineA
IsDebuggerPresent
CloseHandle
GetLastError
DeviceIoControl
CreateFileA
VirtualProtect
WaitForSingleObject
CreateThread
CreateEventA
OpenThread
GetCurrentThreadId
SetThreadContext
SetEvent
ResumeThread
GetThreadContext
SuspendThread
GetModuleHandleExA
GetModuleHandleA
GetFileAttributesA
SleepEx
SetLastError
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
FreeLibrary
GetProcAddress
LoadLibraryA
Sleep
GetTickCount
ExpandEnvironmentStringsA
FormatMessageA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
RtlUnwind
GetSystemTimeAsFileTime
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
HeapAlloc
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
FileTimeToSystemTime
FileTimeToLocalFileTime
CreateFileW
FindClose
GetDriveTypeA
FindFirstFileA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
WriteFile
GetModuleFileNameA
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
FatalAppExitA
VirtualAlloc
HeapSize
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetFilePointer
FlushFileBuffers
SetStdHandle
GetFullPathNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetConsoleCtrlHandler
GetLocaleInfoW
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
InterlockedExchange
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW

user32

MessageBoxA
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW
GetDesktopWindow

gdi32

SelectObject
GetBitmapBits
DeleteObject
GetObjectA
BitBlt
DeleteDC
CreateDCA
CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap

advapi32

DeregisterEventSource
RegisterEventSourceA
ReportEventA

Exports

Exports

GetHSteamPipe
GetHSteamUser
SteamAPI_GetHSteamPipe
SteamAPI_GetHSteamUser
SteamAPI_GetSteamInstallPath
SteamAPI_Init
SteamAPI_InitSafe
SteamAPI_RegisterCallResult
SteamAPI_RegisterCallback
SteamAPI_RestartApp
SteamAPI_RestartAppIfNecessary
SteamAPI_RunCallbacks
SteamAPI_SetMiniDumpComment
SteamAPI_SetTryCatchCallbacks
SteamAPI_Shutdown
SteamAPI_UnregisterCallResult
SteamAPI_UnregisterCallback
SteamAPI_WriteMiniDump
SteamApps
SteamClient
SteamContentServer
SteamContentServerUtils
SteamContentServer_Init
SteamContentServer_RunCallbacks
SteamContentServer_Shutdown
SteamFriends
SteamGameServer
SteamGameServerUtils
SteamGameServer_BSecure
SteamGameServer_GetHSteamPipe
SteamGameServer_GetHSteamUser
SteamGameServer_GetIPCCallCount
SteamGameServer_GetSteamID
SteamGameServer_Init
SteamGameServer_InitSafe
SteamGameServer_RunCallbacks
SteamGameServer_Shutdown
SteamMasterServerUpdater
SteamMatchmaking
SteamMatchmakingServers
SteamNetworking
SteamRemoteStorage
SteamUser
SteamUserStats
SteamUtils
Steam_GetHSteamUserCurrent
Steam_RegisterInterfaceFuncs
Steam_RunCallbacks
g_pSteamClientGameServer

Sections

.textbss
Size: - Virtual size: 729KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 335KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f22aff6a4a4928b12479aefa7f64dc0e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

credui

ws2_32

winmm

shlwapi

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.textbss Size: - Virtual size: 729KB

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 335KB - Virtual size: 334KB

.data Size: 40KB - Virtual size: 258KB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 63KB - Virtual size: 63KB

.textbss
Size: - Virtual size: 729KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 335KB - Virtual size: 334KB

.data
Size: 40KB - Virtual size: 258KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 63KB - Virtual size: 63KB