3ce7766418b6d8471d5da3155ae9339093320c81d6d33617ad8b468224af5d12[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

3ce7766418b6d8471d5da3155ae9339093320c81d6d33617ad8b468224af5d12.exe
Size

6.3MB
MD5

07f5b795ac35d4aa346bf4455a531b6f
SHA1

49da28cacd9df8403d0e9a0d43f6aa4e9bdbc29c
SHA256

3ce7766418b6d8471d5da3155ae9339093320c81d6d33617ad8b468224af5d12
SHA512

3bcc2a49a5e02969b769523078250c784c6cb05af3e8c105d6da53056f874537049327b8985deae2c691a1a2cf220f1fbbc1fd871b3714828e504ce9be476289
SSDEEP

196608:1U69ID8kLz+PAWrJ5BxVVG6hrlo0rG1N0Tvu6Ps42P5DdnThjlahO:VID8kLz+ICLjVA0k42P5DdFjlahO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ce7766418b6d8471d5da3155ae9339093320c81d6d33617ad8b468224af5d12.exe

Files

3ce7766418b6d8471d5da3155ae9339093320c81d6d33617ad8b468224af5d12.exe
.exe windows:4 windows x86 arch:x86

58bdf2b555e47d06ec0022b8f0529cc3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

wininet

InternetCloseHandle
FtpPutFileA
InternetConnectA
InternetOpenA

ddraw

DirectDrawCreateEx

winmm

timeGetTime

ws2_32

inet_ntoa
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
recv
send
setsockopt
WSASocketA
gethostbyname
WSAEventSelect
inet_addr
htons
WSAConnect
WSAGetLastError
WSACloseEvent
WSACleanup
WSAStartup
WSACreateEvent
gethostname
closesocket

kernel32

GetCurrentProcess
CreateFileA
GetLocalTime
SetUnhandledExceptionFilter
GetPrivateProfileStringA
GetPrivateProfileIntA
GetCurrentDirectoryA
Sleep
GetLastError
CreateMutexA
InterlockedDecrement
InterlockedIncrement
DeleteFileA
GetProcAddress
LoadLibraryA
FreeLibrary
CreateEventA
SetEvent
lstrlenA
Module32Next
Module32First
Process32First
CreateToolhelp32Snapshot
SetEnvironmentVariableA
GetEnvironmentVariableA
WritePrivateProfileStringA
GetNumberFormatA
lstrcmpA
FindClose
FindNextFileA
FindFirstFileA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
IsBadWritePtr
lstrcmpiA
GetVersionExA
GlobalMemoryStatus
GetComputerNameA
IsBadReadPtr
ResetEvent
WaitForSingleObject
QueryPerformanceFrequency
QueryPerformanceCounter
GetDiskFreeSpaceExA
ReadFile
GetFileSize
GetTempFileNameA
GetTempPathA
SetCurrentDirectoryA
WideCharToMultiByte
CreateFileW
HeapFree
GetProcessHeap
GetModuleHandleA
IsProcessorFeaturePresent
WriteFile
GetCurrentThread
CloseHandle
OutputDebugStringA
GetStartupInfoA
Process32Next

user32

UnregisterClassA
ChangeDisplaySettingsA
DispatchMessageA
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
GetAsyncKeyState
SetTimer
SystemParametersInfoA
DrawTextW
ReleaseCapture
SetCapture
GetSystemMetrics
CharNextA
GetWindowLongA
CallWindowProcA
DestroyWindow
EnableWindow
SetWindowLongA
MoveWindow
GetWindowTextA
SetRect
CharUpperA
wsprintfA
GetKeyboardLayout
SetFocus
SendMessageA
BeginPaint
DrawTextA
EndPaint
PostQuitMessage
SetWindowTextA
GetActiveWindow
IsIconic
DefWindowProcA
IsWindow
PostMessageA
MessageBoxA
EnumDisplaySettingsA
LoadIconA
LoadCursorA
RegisterClassExA
CreateWindowExA
TranslateMessage
ShowWindow
UpdateWindow
GetClientRect
SetCursorPos
ShowCursor
PeekMessageA
GetMessageA
KillTimer

gdi32

CreateFontA
CreateFontIndirectA
SetBkMode
CreateDIBSection
CreateCompatibleDC
SetBkColor
GetObjectA
DeleteDC
SetTextColor
SelectObject
DeleteObject

advapi32

RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

ole32

CoCreateInstance
CoUninitialize
CoInitialize

d3d8

Direct3DCreate8

imagehlp

SymFunctionTableAccess
SymGetOptions
SymSetOptions
SymInitialize
SymCleanup
SymGetModuleInfo
SymGetSymFromAddr
StackWalk
SymGetModuleBase

imm32

ImmSetCompositionStringA
ImmGetDescriptionA
ImmGetOpenStatus
ImmReleaseContext
ImmGetContext
ImmSetOpenStatus

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

msvcirt

??5istream@@QAEAAV0@AAH@Z
??1ios@@UAE@XZ
??1ofstream@@UAE@XZ
??_Difstream@@QAEXXZ
??1ifstream@@UAE@XZ
??5istream@@QAEAAV0@PAD@Z
?eatwhite@istream@@QAEXXZ
_mtunlock
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
?getline@istream@@QAEAAV1@PADHD@Z
?lock@ios@@QAAXXZ
??5istream@@QAEAAV0@AAI@Z
?open@ofstream@@QAEXPBDHH@Z
??0ifstream@@QAE@XZ
?open@ifstream@@QAEXPBDHH@Z
??6ostream@@QAEAAV0@I@Z
??6ostream@@QAEAAV0@G@Z
?unlock@ios@@QAAXXZ
??5istream@@QAEAAV0@AAG@Z
??0ofstream@@QAE@PBDHH@Z
??6ostream@@QAEAAV0@PBD@Z
??6ostream@@QAEAAV0@N@Z
?endl@@YAAAVostream@@AAV1@@Z
??6ostream@@QAEAAV0@H@Z
??6ostream@@QAEAAV0@K@Z
?get@istream@@IAEAAV1@PADHH@Z
?close@ofstream@@QAEXXZ
??_Dofstream@@QAEXXZ
?openprot@filebuf@@2HB
??0ifstream@@QAE@PBDHH@Z
??5istream@@QAEAAV0@AAM@Z
??5istream@@QAEAAV0@AAK@Z
?close@ifstream@@QAEXXZ
_mtlock
??0ofstream@@QAE@XZ

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIID@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??_F?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Xlen@std@@YAXXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??8std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z

msvcrt

strrchr
tolower
toupper
_getcwd
strchr
atof
fscanf
_mbschr
_CIatan2
_mbsstr
fwrite
wcsstr
_CIpow
_CIsqrt
_mbscspn
strpbrk
strcspn
_itoa
strncat
_mbstok
localtime
_atoi64
_mbsupr
printf
_CIlog
vsprintf
_CIcos
_CIasin
_CIacos
ceil
_CItan
_finite
bsearch
floor
fprintf
_strupr
_CIlog10
_beginthreadex
_endthreadex
_errno
system
_stricmp
__RTDynamicCast
_mbsinc
_ismbcspace
fgets
_EH_prolog
_vsnprintf
isdigit
isalpha
isalnum
isspace
sscanf
free
_strdup
setlocale
longjmp
_setjmp3
_controlfp
exit
malloc
calloc
_CxxThrowException
clock
memcpy
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_unlink
_ftol
strtok
memmove
_CIatan
_strnicmp
strncpy
_mkdir
sprintf
??2@YAPAXI@Z
__CxxFrameHandler
atoi
_purecall
rand
srand
time
rename
fclose
fopen
strncmp
_chdir
_snprintf
fread
ftell
fseek
_CIsin

dinput8

DirectInput8Create

Sections

.text
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 216KB - Virtual size: 747KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

58bdf2b555e47d06ec0022b8f0529cc3

Headers

File Characteristics

Imports

rpcrt4

wininet

ddraw

winmm

ws2_32

kernel32

user32

gdi32

advapi32

ole32

d3d8

imagehlp

imm32

version

msvcirt

msvcp60

msvcrt

dinput8

Sections

.text Size: 5.8MB - Virtual size: 5.8MB

.rdata Size: 236KB - Virtual size: 235KB

.data Size: 216KB - Virtual size: 747KB

.data1 Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 5.8MB - Virtual size: 5.8MB

.rdata
Size: 236KB - Virtual size: 235KB

.data
Size: 216KB - Virtual size: 747KB

.data1
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB