DeadSpaceMouseFix_v1_0[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

DeadSpaceMouseFix_v1_0.zip
Size

221KB
MD5

b717ac9001bf9091c2b7c1ac4d8311bb
SHA1

e6899b2a8ebbd0a4fbbbb8e1d578b6c8132f5d56
SHA256

f2af3bcee00d0bcbe341d3bde6e07785b90f7b69bd9722563b2af47ce303b7e6
SHA512

08c6d7b3dca764229f1ebfbcf42f503f9fd2193a893de65d0c19e87e3684641a5f1dd84a278e7420fe053716d604f4657e8323de1f64d291bd818502a813fbe1
SSDEEP

6144:rjR32+R8OFAwLXoG3vMVkyp4Ul8zS5TMe:rN35uOFAMoLVkyx8zS5J

Score

3^/10

pdf link

Malware Config

Signatures

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dinput8.dll

Files

DeadSpaceMouseFix_v1_0.zip
.zip
README.md
README.pdf
.pdf
- https://methanhydrat.wordpress.com/
dinput8.dll
.dll windows:6 windows x86 arch:x86

2383f44fd6cae64748b69a38efe51385

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Games\Dead Space\dinput8.pdb

Imports

kernel32

GetModuleFileNameA
VirtualProtect
Module32First
UnmapViewOfFile
GetModuleHandleA
CreateToolhelp32Snapshot
GetLastError
CreateFileA
CloseHandle
CreateFileMappingA
GetCurrentProcessId
MapViewOfFile
GetCurrentProcess
LoadLibraryExA
ExpandEnvironmentStringsA
DisableThreadLibraryCalls
LoadLibraryA
GetProcAddress
FormatMessageA
IsWow64Process
HeapSize
ReadConsoleW
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetProcessHeap
ReadFile
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetFileType
GetStdHandle
GetACP
ExitProcess
EncodePointer
DecodePointer
RaiseException
QueryPerformanceCounter
QueryPerformanceFrequency
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
DuplicateHandle
WaitForSingleObjectEx
Sleep
GetCurrentThread
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
FormatMessageW
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
HeapCreate
HeapFree
Thread32Next
Thread32First
SuspendThread
ResumeThread
HeapReAlloc
HeapAlloc
HeapDestroy
GetThreadContext
FlushInstructionCache
SetThreadContext
OpenThread
VirtualFree
VirtualAlloc
VirtualQuery
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW
GetVersionExW
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlUnwind
GetModuleHandleExW
GetDriveTypeW
GetFullPathNameW
GetCurrentDirectoryW

user32

GetCursorPos
MessageBoxA
GetWindowThreadProcessId
GetMessageW
GetMessageA
GetWindow
IsWindowVisible
ScreenToClient
GetActiveWindow
InSendMessage
ClientToScreen
PeekMessageW
GetRawInputData
MapVirtualKeyA
GetForegroundWindow
EnumWindows
DefWindowProcA
ClipCursor
GetClientRect
PeekMessageA

dbghelp

ImageNtHeader

Exports

Exports

DirectInput8Create

Sections

.text
Size: 265KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2383f44fd6cae64748b69a38efe51385

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

dbghelp

Exports

Exports

Sections

.text Size: 265KB - Virtual size: 264KB

.rdata Size: 79KB - Virtual size: 78KB

.data Size: 9KB - Virtual size: 13KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 265KB - Virtual size: 264KB

.rdata
Size: 79KB - Virtual size: 78KB

.data
Size: 9KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 16KB - Virtual size: 16KB