506356f5bb1212ea076c64fd705cf7094014afe57c1a633f5af4e37bdead4d9b

Sharing

Copy URL Twitter E-mail

General

Target

506356f5bb1212ea076c64fd705cf7094014afe57c1a633f5af4e37bdead4d9b
Size

1.0MB
MD5

0778eca5d48ec29d15ac4fb83e9aaf1f
SHA1

2a395c017c4663256e5d8a458cbac1defab9f248
SHA256

506356f5bb1212ea076c64fd705cf7094014afe57c1a633f5af4e37bdead4d9b
SHA512

d532593f82af96846d9290c223eb3a2abf0510df645a2ebe8ccdf7b47bb1bf6adde8aa9d9dc4001d86ec84431ee61fafe615cb77d59d898ba8cf43206c246277
SSDEEP

24576:TMO9+amhTU4AwAKF97h8L5butyONc4WA/NR3k/98FfJ:T7qjA+SL5asONc4PL3k/9qfJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
506356f5bb1212ea076c64fd705cf7094014afe57c1a633f5af4e37bdead4d9b

Files

506356f5bb1212ea076c64fd705cf7094014afe57c1a633f5af4e37bdead4d9b
.exe windows:6 windows x86 arch:x86

decd3d709c2d5f871ccce4f47a440199

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BuildServer\bna-3\work-git\phoenix-repository\phoenix\Release\Battle.net.exe.pdb

Imports

wininet

HttpOpenRequestA
InternetSetStatusCallbackA
HttpQueryInfoA
InternetReadFileExA
InternetCloseHandle
InternetConnectA
HttpSendRequestA
InternetSetCookieW
InternetSetOptionA
InternetCrackUrlA
InternetOpenA

kernel32

WriteFile
TerminateProcess
CreateDirectoryW
GetFileAttributesW
GetModuleFileNameW
FindFirstFileW
FindClose
GetComputerNameW
GetModuleHandleA
SetEvent
CreateEventW
VirtualFree
VirtualAlloc
LoadLibraryW
ReadFile
GetFileSizeEx
GetFileSize
GetCompressedFileSizeW
GetFileAttributesExW
SetCurrentDirectoryW
GetCurrentDirectoryW
FindNextFileW
FlushFileBuffers
GetShortPathNameW
GetDiskFreeSpaceExW
SetFilePointer
MoveFileW
RemoveDirectoryW
SetEndOfFile
GetVolumeInformationW
DeviceIoControl
GetFileInformationByHandle
SetFileTime
SetFileAttributesW
DeleteFileW
SetFilePointerEx
SetFileValidData
GetSystemInfo
GetProcessAffinityMask
SetThreadAffinityMask
LocalFree
LocalAlloc
WideCharToMultiByte
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
OpenProcess
MultiByteToWideChar
SetThreadPriority
GetThreadPriority
TlsAlloc
TlsSetValue
TlsGetValue
TlsFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
QueryPerformanceFrequency
GetTickCount
FileTimeToSystemTime
SystemTimeToFileTime
GetVersionExW
GetSystemDefaultLCID
GetCommandLineW
SetLastError
WriteConsoleW
InterlockedPushEntrySList
GetTimeZoneInformation
InterlockedPopEntrySList
HeapReAlloc
GetConsoleMode
GetConsoleCP
GetDriveTypeW
GetCurrentThread
GetModuleHandleW
VirtualQuery
SetUnhandledExceptionFilter
IsDebuggerPresent
OutputDebugStringW
WaitForSingleObject
CreateThread
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
CreateFileW
Sleep
GetLastError
GetDiskFreeSpaceW
FreeLibrary
CloseHandle
GetProcAddress
ReadConsoleW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
InterlockedFlushSList
QueryDepthSList
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
HeapFree
HeapAlloc
GetStdHandle
ExitProcess
GetFileType
DuplicateHandle
VirtualProtect
LoadLibraryExW
FreeLibraryAndExitThread
SetStdHandle
GetCommandLineA
UnregisterWaitEx
CreateTimerQueue
RtlUnwind
ExitThread
GetModuleHandleExW
EncodePointer
DecodePointer
RaiseException
GetStringTypeW
TryEnterCriticalSection
GetCPInfo
InitializeCriticalSectionAndSpinCount
SwitchToThread
CompareStringW
LCMapStringW
GetLocaleInfoW
InitializeSListHead
ResetEvent
WaitForSingleObjectEx
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetStartupInfoW
SignalObjectAndWait
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
GetFullPathNameW

user32

GetForegroundWindow
GetWindowThreadProcessId
GetShellWindow
MessageBoxW

advapi32

OpenServiceW
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupPrivilegeValueW
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
DuplicateTokenEx
MapGenericMask
CloseServiceHandle
QueryServiceConfigW
OpenSCManagerW
ConvertSecurityDescriptorToStringSecurityDescriptorW
SetEntriesInAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
GetFileSecurityW
AllocateAndInitializeSid
BuildTrusteeWithSidW
OpenThreadToken
DuplicateToken
AccessCheck

shell32

ShellExecuteExW
SHGetFolderPathW
CommandLineToArgvW

oleaut32

VariantClear

wintrust

WinVerifyTrust

crypt32

CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CertFreeCertificateContext
CertCloseStore
CryptMsgClose
CryptQueryObject

Sections

.text
Size: 734KB - Virtual size: 733KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

decd3d709c2d5f871ccce4f47a440199

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

advapi32

shell32

oleaut32

wintrust

crypt32

Sections

.text Size: 734KB - Virtual size: 733KB

.rdata Size: 158KB - Virtual size: 157KB

.data Size: 14KB - Virtual size: 32KB

.rsrc Size: 112KB - Virtual size: 112KB

.reloc Size: 36KB - Virtual size: 35KB

.text
Size: 734KB - Virtual size: 733KB

.rdata
Size: 158KB - Virtual size: 157KB

.data
Size: 14KB - Virtual size: 32KB

.rsrc
Size: 112KB - Virtual size: 112KB

.reloc
Size: 36KB - Virtual size: 35KB