entry[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

entry.exe
Size

3.0MB
MD5

7fb9e33eaf07305d22423ed96e46935f
SHA1

529de465daa2033996af1cfc5ed8939e55e611ce
SHA256

b09148d5c56b32de29158bd83bb504fd115e3461afe0a357a2b1cfe65a0a31a5
SHA512

8d2029db719b8954c867e35d6f6bcbf5d0cd48aeb063098a5a7a7f173c466cb296f796e4d20a4684da114b61a620f47b68ba1894172be3ecee410e4858304df1
SSDEEP

49152:xJM114ynFyx3/MU1tKPSYNQy42pUNuxnJzerge0v05z9V:xq+eFaUEQPSYSy4cH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
entry.exe

Files

entry.exe
.exe windows:6 windows x86 arch:x86

f7b1e708dacea69bb2835f7531fc1123

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSection
LeaveCriticalSection
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
SetStdHandle
GetTimeZoneInformation
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
VirtualProtect
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapAlloc
ReadConsoleW
HeapFree
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
GetStdHandle
GetModuleFileNameW
GetCommandLineW
GetFileType
ExitProcess
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedPushEntrySList
RtlUnwind
SetLastError
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringEx
DecodePointer
EncodePointer
EnterCriticalSection
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
HeapSize
HeapQueryInformation
SetEndOfFile
WriteConsoleW
SetFileAttributesA
FindFirstFileA
FindNextFileA
FindClose
InitializeCriticalSectionEx
GetStringTypeW
InitOnceComplete
InitOnceBeginInitialize
GetLocaleInfoEx
LocalFree
GetFileInformationByHandleEx
GetModuleHandleW
AreFileApisANSI
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
RaiseException
GetModuleHandleExW
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
SleepConditionVariableSRW
WakeAllConditionVariable
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThreadId
WaitForSingleObjectEx
FormatMessageA
QueryPerformanceFrequency
CreateFileW
IsProcessorFeaturePresent
GetProcessHeap
HeapValidate
QueryPerformanceCounter
ReleaseSemaphore
GetLocaleInfoA
CompareStringA
WideCharToMultiByte
lstrlenW
GlobalLock
GlobalUnlock
LoadLibraryA
GetProcAddress
FreeLibrary
GetVersionExA
GetSystemDirectoryA
GetModuleHandleA
WriteFile
ReadFile
OutputDebugStringA
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetFileSize
CreateFileA
GetModuleFileNameA
GlobalFree
GlobalAlloc
DeleteCriticalSection
Sleep
GetSystemInfo
GetLastError
ReadProcessMemory
GetCurrentProcess
Module32Next
CloseHandle
Module32First
GetCurrentProcessId
CreateToolhelp32Snapshot
GetTickCount
GetCurrentDirectoryW
MultiByteToWideChar
CreateDirectoryA

user32

InvalidateRect
GetDC
FillRect
ReleaseDC
PeekMessageA
ClientToScreen
GetClientRect
OffsetRect
SetRect
PostQuitMessage
GetCursorPos
ScreenToClient
FindWindowA
LoadIconA
SystemParametersInfoA
SetWindowPos
GetSystemMetrics
GetKeyState
LoadImageA
CharPrevExA
CharNextExA
CharNextW
GetClipboardData
CloseClipboard
OpenClipboard
GetKeyboardLayout
GetKeyboardLayoutNameA
DispatchMessageA
TranslateMessage
GetMessageA
LoadCursorA
AdjustWindowRectEx
SetWindowTextA
GetMenu
RegisterClassA
MessageBoxA
SetWindowLongA
GetWindowLongA
UpdateWindow
SetFocus
MoveWindow
DestroyWindow
IsWindow
CreateWindowExA
DefWindowProcA
DestroyCursor
ShowCursor
SetCursor
SetCursorPos
SetCapture
ReleaseCapture
ChangeDisplaySettingsA
ShowWindow
GetCapture

gdi32

GetStockObject
CreateFontIndirectA
DeleteObject
StretchBlt
GetTextExtentPoint32A
CreateSolidBrush
GetCharABCWidthsFloatW
EnumFontFamiliesExA
TextOutA
CreateDIBSection
SetBkMode
DeleteDC
CreateCompatibleDC
TextOutW
SetTextColor
SetBkColor
SelectObject
GetTextExtentPoint32W

ole32

CoCreateInstance
CoInitialize
CoInitializeEx
CoUninitialize

winmm

timeGetTime

d3d8

Direct3DCreate8

python27

PyList_New
PyString_FromString
PyList_Append
Py_InitModule4
PyModule_AddIntConstant
_Py_NoneStruct
PyTuple_Size
PyDict_GetItemString
PyLong_AsLong
PyExc_ValueError
PyBool_FromLong
PyDict_Size
PyDict_Next
PyImport_ImportModule
PyString_InternFromString
PyObject_GetAttrString
PyObject_GetAttr
PyCallable_Check
PyLong_AsLongLong
PyFloat_AsDouble
PyErr_Clear
PyErr_BadArgument
PyErr_Print
PyObject_CallObject
PyNumber_Check
PyDict_SetItemString
PyModule_GetDict
PyErr_Fetch
PyTuple_GetItem
Py_Initialize
Py_Finalize
PyRun_StringFlags
PyImport_AddModule
PyExc_RuntimeError
PyErr_SetString
PyString_AsString
PyThreadState_Get
Py_BuildValue
PyInt_AsLong
Py_SetProgramName

imm32

ImmGetOpenStatus
ImmSetConversionStatus
ImmGetConversionStatus
ImmGetCandidateListW
ImmSetCompositionStringW
ImmGetCompositionStringW
ImmAssociateContext
ImmReleaseContext
ImmGetContext
ImmIsIME
ImmGetIMEFileNameA
ImmNotifyIME

speedtreert

?GetNumLeafLodLevels@CSpeedTreeRT@@QBEGXZ
?GetNumBranchLodLevels@CSpeedTreeRT@@QBEGXZ
?SetLodLimits@CSpeedTreeRT@@QAEXMM@Z
?SetDropToBillboard@CSpeedTreeRT@@SAX_N@Z
?SetLodLevel@CSpeedTreeRT@@QAEXM@Z
?ComputeLodLevel@CSpeedTreeRT@@QAEXXZ
?SetLocalMatrices@CSpeedTreeRT@@QAEXII@Z
?SetFrondWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetBranchWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetLeafWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetNumLeafRockingGroups@CSpeedTreeRT@@QAEXI@Z
?SetLeafRockingState@CSpeedTreeRT@@QAEX_N@Z
?GetFrondMaterial@CSpeedTreeRT@@QBEPBMXZ
?GetLeafMaterial@CSpeedTreeRT@@QBEPBMXZ
?GetBranchMaterial@CSpeedTreeRT@@QBEPBMXZ
?SetFrondLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetLeafLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetBranchLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetTreePosition@CSpeedTreeRT@@QAEXMMM@Z
?GetGeometry@CSpeedTreeRT@@QAEXAAUSGeometry@1@KFFF@Z
?SetTreeSize@CSpeedTreeRT@@QAEXMM@Z
?LoadTree@CSpeedTreeRT@@QAE_NPBEI@Z
?LoadTree@CSpeedTreeRT@@QAE_NPBD@Z
?MakeInstance@CSpeedTreeRT@@QAEPAV1@XZ
?Compute@CSpeedTreeRT@@QAE_NPBMI_N@Z
??3CSpeedTreeRT@@SAXPAX@Z
??2CSpeedTreeRT@@SAPAXI@Z
??1CSpeedTreeRT@@QAE@XZ
??0CSpeedTreeRT@@QAE@XZ
??1STextures@CSpeedTreeRT@@QAE@XZ
??0STextures@CSpeedTreeRT@@QAE@XZ
??1SGeometry@CSpeedTreeRT@@QAE@XZ
??0SGeometry@CSpeedTreeRT@@QAE@XZ
?SetCamera@CSpeedTreeRT@@SAXPBM0@Z
?GetNumFrondLodLevels@CSpeedTreeRT@@QBEGXZ
?SetLightAttributes@CSpeedTreeRT@@SAXIPBM@Z
?SetLightState@CSpeedTreeRT@@SAXI_N@Z
?SetNumWindMatrices@CSpeedTreeRT@@SAXI@Z
?SetWindStrength@CSpeedTreeRT@@QAEMMMM@Z
?SetTime@CSpeedTreeRT@@SAXM@Z
?GetTextures@CSpeedTreeRT@@QBEXAAUSTextures@1@@Z
?SetTextureFlip@CSpeedTreeRT@@SAX_N@Z
?GetCurrentError@CSpeedTreeRT@@SAPBDXZ
?GetBoundingBox@CSpeedTreeRT@@QBEXPAM@Z
?GetCollisionObjectCount@CSpeedTreeRT@@QAEIXZ
?GetCollisionObject@CSpeedTreeRT@@QAEXIAAW4ECollisionObjectType@1@PAM1@Z
?GetTreePosition@CSpeedTreeRT@@QBEPBMXZ

granny2

_GrannyGetMeshIndexCount@4
_GrannyFreeControl@4
_GrannyFreeControlOnceUnused@4
_GrannyCompleteControlAt@8
_GrannyControlIsComplete@4
_GrannyFreeControlIfComplete@4
_GrannyGetControlLoopCount@4
_GrannySetControlLoopCount@8
_GrannyGetControlSpeed@4
_GrannySetControlSpeed@8
_GrannyGetControlLocalDuration@4
_GrannySetControlEaseIn@8
_GrannySetControlEaseInCurve@28
_GrannySetControlEaseOut@8
_GrannyMeshIsRigid@4
_GrannyGetControlRawLocalClock@4
_GrannySetControlRawLocalClock@8
_GrannyPlayControlledAnimation@12
_GrannyGetMeshTriangleGroupCount@4
_GrannyGetMeshTriangleGroups@4
_GrannyGetMeshVertexCount@4
_GrannyGetMeshVertexType@4
_GrannyGetTotalTypeSize@4
_GrannyGetWorldPoseComposite4x4@8
_GrannyGetWorldPose4x4@8
_GrannyFreeWorldPose@4
_GrannyNewWorldPose@4
_GrannyFindBoneByName@12
_GrannyGetMeshBindingToBoneIndices@4
_GrannyFreeMeshBinding@4
_GrannyNewMeshBinding@12
_GrannyFreeModelInstance@4
_GrannyInstantiateModel@4
_GrannyGetWorldPoseComposite4x4Array@4
_GrannyGetMaterialTextureByType@8
_GrannyFindMatchingMember@16
_GrannyConvertSingleObject@20
_GrannyReadEntireFileFromMemory@8
_GrannyFreeLocalPose@4
_GrannyFreeFile@4
_GrannyGetFileInfo@4
_GrannyNewLocalPose@4
_GrannyGetSourceSkeleton@4
_GrannySetModelClock@8
_GrannyFreeCompletedModelControls@4
_GrannyCopyMeshVertices@12
_GrannyGetMeshVertices@4
_GrannyCopyMeshIndices@12
_GrannyNewMeshDeformer@16
_GrannyFreeMeshDeformer@4
_GrannyDeformVertices@24
GrannyPNT332VertexType
_GrannySampleModelAnimationsAccelerated@20
_GrannyUpdateModelMatrix@20
_GrannySetControlEaseOutCurve@28
_GrannyFreeFileSection@8

dinput8

DirectInput8Create

ddraw

DirectDrawCreate

mss32

_AIL_decompress_ASI@24
_AIL_decompress_ADPCM@12
_AIL_file_type@8
_AIL_open_digital_driver@16
_AIL_auto_update_3D_position@8
_AIL_3D_sample_volume@4
_AIL_3D_sample_status@4
_AIL_set_3D_sample_loop_count@8
_AIL_set_3D_sample_volume@8
_AIL_set_3D_sample_file@8
_AIL_end_3D_sample@4
_AIL_resume_3D_sample@4
_AIL_stop_3D_sample@4
_AIL_start_3D_sample@4
_AIL_release_3D_sample_handle@4
_AIL_allocate_3D_sample_handle@4
_AIL_sample_volume_pan@12
_AIL_open_stream@12
_AIL_set_sample_loop_count@8
_AIL_set_sample_volume_pan@12
_AIL_end_sample@4
_AIL_resume_sample@4
_AIL_stop_sample@4
_AIL_WAV_info@8
_AIL_set_sample_file@12
_AIL_init_sample@4
_AIL_release_sample_handle@4
_AIL_allocate_sample_handle@4
_AIL_last_error@0
_AIL_stream_status@4
_AIL_set_stream_loop_count@8
_AIL_stream_volume_levels@12
_AIL_set_stream_volume_levels@12
_AIL_pause_stream@8
_AIL_start_stream@4
_AIL_close_stream@4
_AIL_set_redist_directory@4
_AIL_shutdown@0
_AIL_startup@0
_AIL_set_3D_orientation@28
_AIL_set_3D_velocity@20
_AIL_set_3D_position@16
_AIL_close_3D_listener@4
_AIL_open_3D_listener@4
_AIL_close_3D_provider@4
_AIL_open_3D_provider@4
_AIL_enumerate_3D_providers@12
_AIL_file_read@8
_AIL_mem_free_lock@4
_AIL_start_sample@4
_AIL_close_digital_driver@4
_AIL_set_file_callbacks@16
_AIL_sample_status@4

devil

ilDeleteImages
ilGetData
ilSave
ilTexImage
ilSetPixels
ilCopyPixels
ilInit
ilConvertImage
ilGetInteger
ilLoad
ilOriginFunc
ilEnable
ilBindImage
ilShutDown
ilGenImages

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

ws2_32

__WSAFDIsSet
closesocket
connect
ioctlsocket
recv
select
send
WSACleanup
WSAGetLastError
htons
inet_addr
gethostbyname
WSAStartup
socket

advapi32

CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 571KB - Virtual size: 571KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 171KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fptable
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f7b1e708dacea69bb2835f7531fc1123

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

ole32

winmm

d3d8

python27

imm32

speedtreert

granny2

dinput8

ddraw

mss32

devil

version

ws2_32

advapi32

oleaut32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 571KB - Virtual size: 571KB

.data Size: 171KB - Virtual size: 423KB

.data1 Size: 2KB - Virtual size: 2KB

.fptable Size: 512B - Virtual size: 128B

.rsrc Size: 45KB - Virtual size: 44KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 571KB - Virtual size: 571KB

.data
Size: 171KB - Virtual size: 423KB

.data1
Size: 2KB - Virtual size: 2KB

.fptable
Size: 512B - Virtual size: 128B

.rsrc
Size: 45KB - Virtual size: 44KB