hack (1) (1)[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

hack (1) (1).exe
Size

1017KB
MD5

d1c893881e6c78f84195a1eac7ad7956
SHA1

2d2bfe6e0ceebbc4139a084efa1f3496dadcf919
SHA256

6b875fa9d0b1083c89d30ed5cd21ff4563e30585c52eb86390b20244818025e5
SHA512

ce7b3c44e1300b3f21291c5bacc98ea48dcd763ea407937df451a29c5f636e443727ffbd17c98c8c1e1da2f9bbcb45660b2e7b61e328e539e75274e9e5b2847d
SSDEEP

24576:mE9gXumQgIe5LgpGlFlwMG+Uy+VHYYbTTHZb6yL3qJ:m0Bm0ewga3q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
hack (1) (1).exe

Files

hack (1) (1).exe
.exe windows:6 windows x86 arch:x86

93a122d61e7d6417c109a04a62c4d782

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

opengl32

glOrtho
glColor4f
glVertex2f
glBegin
glLoadIdentity
glBlendFunc
glLineWidth
glMatrixMode
glEnd
glEnable
glClear
glViewport

kernel32

GetModuleHandleA
QueryPerformanceCounter
GetTickCount
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
FormatMessageW
VerSetConditionMask
VerifyVersionInfoA
CreateFileA
GetFileSizeEx
GetModuleHandleW
SetThreadExecutionState
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
MultiByteToWideChar
GetProcessHeap
HeapFree
HeapAlloc
RaiseException
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
InitializeCriticalSectionAndSpinCount
GetSystemDirectoryA
QueryPerformanceFrequency
SleepEx
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
ReadProcessMemory
VirtualProtectEx
CloseHandle
Process32Next
GetLastError
CreateToolhelp32Snapshot
GetCurrentProcess
SetLastError
Process32First
GetConsoleWindow
GlobalAlloc
VirtualQuery
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
GetProcAddress
FreeLibrary
WriteProcessMemory
OpenProcess
Sleep

user32

GetRawInputDeviceList
GetRawInputDeviceInfoA
EnumDisplayMonitors
EnumDisplayDevicesW
EnumDisplaySettingsExW
EnumDisplaySettingsW
ChangeDisplaySettingsExW
ToUnicode
UnregisterClassW
UnregisterDeviceNotification
RegisterDeviceNotificationW
RegisterRawInputDevices
GetRawInputData
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
CreateIconIndirect
LoadImageW
DestroyIcon
LoadCursorW
GetClassLongW
SetWindowLongW
GetWindowLongW
PtInRect
OffsetRect
SetRect
ClipCursor
WindowFromPoint
ScreenToClient
SetCursor
AdjustWindowRectEx
GetWindowRect
SetWindowTextW
RemovePropW
GetPropW
IsZoomed
ReleaseDC
GetDC
SetForegroundWindow
GetSystemMetrics
MsgWaitForMultipleObjects
ReleaseCapture
SetCapture
MapVirtualKeyW
GetKeyState
SetFocus
GetActiveWindow
BringWindowToTop
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
FlashWindow
SetLayeredWindowAttributes
GetLayeredWindowAttributes
DestroyWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
WaitMessage
PostMessageW
SendMessageW
GetMessageTime
PeekMessageW
DispatchMessageW
TranslateMessage
TrackMouseEvent
ShowWindow
GetAsyncKeyState
ClientToScreen
GetClientRect
FindWindowA
SetCursorPos
SetPropW
SetClipboardData
GetCursorPos
GetClipboardData
EmptyClipboard
SendInput
CloseClipboard
OpenClipboard

gdi32

CreateRectRgn
CreateBitmap
DeleteObject
CreateDIBSection
CreateDCW
DeleteDC
GetDeviceCaps
SetDeviceGammaRamp
ChoosePixelFormat
DescribePixelFormat
SetPixelFormat
SwapBuffers
GetDeviceGammaRamp

advapi32

CryptAcquireContextA
LookupPrivilegeValueA
AdjustTokenPrivileges
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
OpenProcessToken

shell32

DragFinish
DragQueryPoint
DragQueryFileW
DragAcceptFiles

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
_Cnd_do_broadcast_at_thread_exit
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?good@ios_base@std@@QBE_NXZ
??Bios_base@std@@QBE_NXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
_Thrd_sleep
_Query_perf_counter
_Xtime_get_ticks
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
_Thrd_detach
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
_Query_perf_frequency
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xbad_alloc@std@@YAXXZ
?_Xinvalid_argument@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Throw_C_error@std@@YAXH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Random_device@std@@YAIXZ
?_Xlength_error@std@@YAXPBD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z

vcruntime140

strrchr
memmove
__std_exception_copy
memchr
__std_exception_destroy
memcmp
__current_exception
strchr
strstr
__current_exception_context
memset
__CxxFrameHandler3
__std_terminate
_except_handler4_common
_CxxThrowException
__vcrt_GetModuleFileNameW
__vcrt_LoadLibraryExW
memcpy

api-ms-win-crt-stdio-l1-1-0

__p__commode
ftell
__acrt_iob_func
fflush
fclose
fseek
__stdio_common_vfprintf
fwrite
_wfopen
__stdio_common_vsprintf
fread
__stdio_common_vsscanf
fputc
_set_fmode
_read
_lseeki64
fgetc
fgets
_open
fopen
fgetpos
_write
setvbuf
feof
ungetc
fputs
_get_stream_buffer_pointers
_close
_fseeki64
fsetpos

api-ms-win-crt-string-l1-1-0

strpbrk
tolower
isupper
strcpy_s
wcscpy
strcspn
_strdup
wcscmp
strncmp
strtok
strspn
strcmp
strlen
strcat_s
strncpy
strcpy

api-ms-win-crt-utility-l1-1-0

qsort
abs

api-ms-win-crt-heap-l1-1-0

calloc
free
_set_new_mode
realloc
_callnewh
malloc

api-ms-win-crt-convert-l1-1-0

strtoll
atof
strtoul
strtol
strtof
atoi
wcstombs

api-ms-win-crt-runtime-l1-1-0

exit
_beginthreadex
system
terminate
_errno
_invalid_parameter_noinfo_noreturn
strerror
_getpid
_configure_narrow_argv
__sys_nerr
_wassert
_controlfp_s
_initialize_narrow_environment
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
_initialize_onexit_table
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function

api-ms-win-crt-filesystem-l1-1-0

_lock_file
remove
_unlock_file
_access
rename
_unlink
_fstat64
_stat64

api-ms-win-crt-time-l1-1-0

strftime
_gmtime64
_time64

api-ms-win-crt-math-l1-1-0

_libm_sse2_log_precise
_libm_sse2_cos_precise
_libm_sse2_pow_precise
_libm_sse2_sin_precise
ceil
_libm_sse2_atan_precise
_libm_sse2_acos_precise
_CIfmod
_CIatan2
__setusermatherr
_libm_sse2_sqrt_precise
floor

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

normaliz

IdnToAscii

ws2_32

WSAEnumNetworkEvents
WSACleanup
WSACreateEvent
WSAEventSelect
WSACloseEvent
htons
htonl
select
WSAStartup
WSAIoctl
WSASetLastError
listen
socket
setsockopt
ntohs
closesocket
recv
recvfrom
send
WSAGetLastError
bind
connect
getpeername
getsockname
getaddrinfo
ioctlsocket
getsockopt
accept
__WSAFDIsSet
sendto
ntohl
gethostname
freeaddrinfo

wldap32

ord200
ord79
ord35
ord33
ord32
ord27
ord301
ord26
ord30
ord41
ord50
ord45
ord60
ord143
ord211
ord46
ord217
ord22

crypt32

CryptQueryObject
CertGetCertificateChain
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertCloseStore
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertOpenStore

Sections

.text
Size: 727KB - Virtual size: 726KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 157KB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

93a122d61e7d6417c109a04a62c4d782

Headers

DLL Characteristics

File Characteristics

Imports

opengl32

kernel32

user32

gdi32

advapi32

shell32

imm32

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

normaliz

ws2_32

wldap32

crypt32

Sections

.text Size: 727KB - Virtual size: 726KB

.rdata Size: 98KB - Virtual size: 98KB

.data Size: 157KB - Virtual size: 4.6MB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 32KB - Virtual size: 32KB

.text
Size: 727KB - Virtual size: 726KB

.rdata
Size: 98KB - Virtual size: 98KB

.data
Size: 157KB - Virtual size: 4.6MB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 32KB - Virtual size: 32KB