e856a9f79d3b5e389d76a1e832a1c16972e949c512ce2e09e44cfc338d405f30

Sharing

Copy URL Twitter E-mail

General

Target

e856a9f79d3b5e389d76a1e832a1c16972e949c512ce2e09e44cfc338d405f30
Size

7.4MB
MD5

4aefd5e816288c13908ee815cd3aa544
SHA1

12feb80cc87b0ac264641a1a981840e5d4fb2e7b
SHA256

e856a9f79d3b5e389d76a1e832a1c16972e949c512ce2e09e44cfc338d405f30
SHA512

a1b26b31788c41cfff38065e545658daf973dd386e90bcc6109236a2f7787e7fe02ccf491bd41c689dd51c72e0503c098ea05c81ef6cd4810c1fd67483acf072
SSDEEP

98304:HlE7FP2T1+Js9xI6pWuuIgeHvBQbKRakLVxbK923:OcRMs9C6pqMvGbKRaaVxbf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e856a9f79d3b5e389d76a1e832a1c16972e949c512ce2e09e44cfc338d405f30

Files

e856a9f79d3b5e389d76a1e832a1c16972e949c512ce2e09e44cfc338d405f30
.exe windows:4 windows x86 arch:x86

022019f12e05ab76c4e9a1d7643d81b1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeBeginPeriod
joyGetPosEx
timeSetEvent
timeEndPeriod
timeKillEvent
timeGetTime

imm32

ImmAssociateContext
ImmGetContext

kernel32

ResetEvent
SetEvent
FileTimeToLocalFileTime
FileTimeToSystemTime
DeleteFileA
RemoveDirectoryA
GetCurrentDirectoryA
GetLogicalDriveStringsA
FreeLibrary
WaitForMultipleObjects
IsProcessorFeaturePresent
CreateMutexA
GetLastError
CloseHandle
Sleep
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
MulDiv
GetLocalTime
WriteFile
GetProcessHeap
GetVersion
MultiByteToWideChar
OutputDebugStringA
SetPriorityClass
GetCurrentProcess
ReleaseMutex
WaitForSingleObject
SetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
GetFileAttributesA
GetDriveTypeA
GetModuleFileNameA
SetCurrentDirectoryA
GetFullPathNameA
ReleaseSemaphore
CreateSemaphoreA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReadFile
GetFileSize
CreateFileA
SetFilePointer
lstrlenA
SetThreadPriority
GetThreadPriority
GetCurrentThread
CreateEventA
CreateThread
GetOverlappedResult
FindClose
FindFirstFileA
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
FindNextFileA
RaiseException
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
HeapReAlloc
WideCharToMultiByte
SetUnhandledExceptionFilter
TlsFree
GetCurrentThreadId
TlsSetValue
TlsGetValue
TlsAlloc
GetProcAddress
GetOEMCP
GetCPInfo
ExitProcess
TerminateProcess
CreateDirectoryA
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
VirtualFree
VirtualAlloc
IsBadWritePtr
HeapSize
IsBadReadPtr
IsBadCodePtr
VirtualProtect
GetSystemInfo
VirtualQuery
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
LoadLibraryA
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetStdHandle
FlushFileBuffers
GetTimeZoneInformation
SetEndOfFile
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA

user32

GetQueueStatus
MsgWaitForMultipleObjects
GetKeyState
ScreenToClient
GetActiveWindow
GetCursorPos
SystemParametersInfoA
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
GetClassLongA
GetWindowRect
RedrawWindow
SetCursor
SetWindowLongA
SetWindowPos
IsIconic
EnumDisplaySettingsA
UnregisterDeviceNotification
CallWindowProcA
RegisterDeviceNotificationA
GetWindowLongA
LoadIconA
PostThreadMessageA
SetRect
FindWindowA
GetMessageA
TranslateMessage
DispatchMessageA
PeekMessageA
WindowFromPoint
RegisterClassExA
RegisterWindowMessageA
BeginPaint
EndPaint
SetFocus
SetForegroundWindow
PostQuitMessage
ShowCursor
InvalidateRect
DefWindowProcA
LoadCursorA
ShowWindow
UpdateWindow
AdjustWindowRectEx
CreateWindowExA
PostMessageA
MessageBoxA
GetSystemMetrics
SetCursorPos

advapi32

RegOpenKeyExA
RegOpenKeyA
RegCloseKey
RegQueryValueExA

ole32

CoInitialize
CoTaskMemFree
CoUninitialize
CoTaskMemAlloc
CoFreeUnusedLibraries
CoCreateInstance

d3d8

Direct3DCreate8

gdi32

DeleteDC
CreateDIBSection
CreateCompatibleDC
StretchDIBits
SelectObject
DeleteObject

dinput8

DirectInput8Create

Sections

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 484KB - Virtual size: 482KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.9MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 632KB - Virtual size: 629KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

022019f12e05ab76c4e9a1d7643d81b1

Headers

File Characteristics

Imports

winmm

imm32

kernel32

user32

advapi32

ole32

d3d8

gdi32

dinput8

Sections

.text Size: 4.4MB - Virtual size: 4.4MB

.rdata Size: 484KB - Virtual size: 482KB

.data Size: 1.9MB - Virtual size: 5.8MB

.data1 Size: 4KB - Virtual size: 2KB

.rsrc Size: 632KB - Virtual size: 629KB

.text
Size: 4.4MB - Virtual size: 4.4MB

.rdata
Size: 484KB - Virtual size: 482KB

.data
Size: 1.9MB - Virtual size: 5.8MB

.data1
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 632KB - Virtual size: 629KB