c:\hudson\ZeusBase\ZeusGreen\GameMaker\Runner\VC_Runner\Win32\Release-Zeus\Runner.pdb
Static task
static1
1 signatures
General
-
Target
onaf1.zip
-
Size
59.2MB
-
MD5
6e416f2af9c23789cbd9b2a358baf04d
-
SHA1
7da47317868ff056735baa8ae7146ad5d04a0a44
-
SHA256
716f675af9d426b14f150b23a70321365d4eca1fc8ca42abea58eba70e786846
-
SHA512
f19cda1e1c52f13c17977f289f32f6b8cbb99f61133942303ba15e99d390c673f9b7cae10e51c3de58c72806607b2e1887bcb1fae4cdafffff39d7d5a36b151c
-
SSDEEP
1572864:XICu5y3+iLhM59+hSgUOZr6SMCIij3CnhAeEi/lnldaMFu:E2TLhEA0gUOh6SMCkJBdGMFu
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/ONAF1.exe
Files
-
onaf1.zip.zip
-
ONAF1.exe.exe windows:6 windows x86 arch:x86
e153cd6135e3839cd0268e0264aa0f9c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
wininet
InternetReadFile
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetCanonicalizeUrlA
InternetWriteFile
InternetConnectA
InternetCrackUrlA
HttpEndRequestW
HttpQueryInfoA
InternetGetConnectedState
dxgi
CreateDXGIFactory1
d3d11
D3D11CreateDevice
dbghelp
MiniDumpWriteDump
SymInitialize
SymFromAddr
winmm
mciSendStringA
joyGetPosEx
joyGetPos
mciGetErrorStringA
ws2_32
WSAStartup
gethostname
socket
setsockopt
send
recvfrom
recv
listen
inet_ntoa
inet_addr
WSACleanup
ioctlsocket
connect
closesocket
bind
accept
getpeername
select
__WSAFDIsSet
ntohs
ntohl
htons
htonl
WSAGetLastError
WSAAddressToStringA
getaddrinfo
getsockopt
freeaddrinfo
sendto
gdiplus
GdiplusStartup
GdiplusShutdown
comctl32
InitCommonControlsEx
version
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
rpcrt4
UuidToStringW
UuidCreate
kernel32
FindFirstFileExA
GetFullPathNameA
SetCurrentDirectoryW
HeapReAlloc
GetTimeZoneInformation
MoveFileExW
SetFilePointerEx
SetStdHandle
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
DecodePointer
GetStringTypeW
GetACP
WriteFile
GetStdHandle
GetModuleFileNameA
PeekNamedPipe
GetFileType
GetDriveTypeW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
ReadFile
SetFileAttributesW
GetFileAttributesExW
GetModuleHandleExW
HeapWalk
HeapValidate
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
EncodePointer
RtlUnwind
VirtualQuery
GetProcessHeap
FindNextFileA
IsValidCodePage
HeapFree
HeapAlloc
InitializeSListHead
GetSystemTimeAsFileTime
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetProcAddress
LoadLibraryW
WideCharToMultiByte
CloseHandle
WaitForSingleObjectEx
CreateEventExW
OutputDebugStringA
MultiByteToWideChar
GetConsoleWindow
GetOEMCP
GetCurrentDirectoryW
DeleteFileW
GetFullPathNameW
SetLastError
CreateThread
GetExitCodeThread
GetModuleHandleW
LocalFree
FormatMessageW
SetCurrentDirectoryA
GetCurrentDirectoryA
FreeLibrary
GetEnvironmentVariableW
CreateDirectoryW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
RemoveDirectoryW
Sleep
GetExitCodeProcess
CreateProcessW
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
SetWaitableTimer
GetTickCount
CreateWaitableTimerW
GetCurrentProcess
GetCurrentThread
SetThreadPriority
SetPriorityClass
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalMemoryStatusEx
GetSystemInfo
GetVersionExW
GetLocaleInfoW
GetUserDefaultLCID
ExitProcess
lstrlenA
GetCommandLineW
ExpandEnvironmentStringsW
CreateFileW
GetFinalPathNameByHandleW
SetUnhandledExceptionFilter
SetErrorMode
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
MoveFileA
EnterCriticalSection
RtlCaptureStackBackTrace
TlsGetValue
TlsSetValue
TlsFree
IsProcessorFeaturePresent
UnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
RaiseException
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetConsoleCtrlHandler
OutputDebugStringW
WriteConsoleW
SetEndOfFile
GetLastError
HeapSize
TlsAlloc
user32
GetDlgItemTextW
DrawTextW
GetDC
ReleaseDC
SetWindowTextW
ScreenToClient
MoveWindow
SetCursorPos
ClientToScreen
MapWindowPoints
GetActiveWindow
GetCursorPos
wsprintfW
GetAsyncKeyState
keybd_event
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
IsClipboardFormatAvailable
GetFocus
SetDlgItemTextA
SetDlgItemTextW
DispatchMessageW
PeekMessageW
IsDialogMessageW
SetProcessDPIAware
GetForegroundWindow
DialogBoxParamW
SetWindowLongW
ChangeDisplaySettingsW
EnumDisplaySettingsW
MonitorFromWindow
GetMonitorInfoW
CallNextHookEx
SetCursor
AdjustWindowRectEx
GetWindowRect
GetClientRect
SetForegroundWindow
GetSystemMetrics
ReleaseCapture
SetCapture
GetKeyState
SetFocus
BringWindowToTop
GetDlgItem
TranslateMessage
EndDialog
SetWindowPos
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
PostMessageW
SendMessageW
MessageBoxW
GetRawInputDeviceList
GetRawInputDeviceInfoA
CreateDialogParamW
LoadImageW
UpdateWindow
LoadCursorW
gdi32
GetDeviceCaps
DeleteObject
SelectObject
CreateFontA
comdlg32
GetSaveFileNameW
GetOpenFileNameW
advapi32
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
shell32
ShellExecuteW
SHGetFolderPathW
ole32
CoInitialize
CoCreateInstance
CoTaskMemFree
CoCreateFreeThreadedMarshaler
dwmapi
DwmGetCompositionTimingInfo
Sections
.text Size: 3.2MB - Virtual size: 3.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 991KB - Virtual size: 991KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 534KB - Virtual size: 2.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
minATL Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.mydata Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 512B - Virtual size: 412B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 368KB - Virtual size: 368KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
data.win
-
msc_end.ogg
-
msc_menu.ogg
-
options.ini
-
sfx_6am.ogg
-
sfx_deathsound.ogg
-
sfx_lowstomp.ogg
-
sfx_musicbox.ogg
-
sfx_runbeaver.ogg