690900241148b2ba9ddc95d60d59b56bf2a5bb1a7efd2c0ba8fb009c8b4a0203[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

690900241148b2ba9ddc95d60d59b56bf2a5bb1a7efd2c0ba8fb009c8b4a0203.exe
Size

7.3MB
MD5

34939b6902a62cf02735d175b263dfed
SHA1

966b9e1c63d1154d8d962d5053bfa4630fe1b66d
SHA256

690900241148b2ba9ddc95d60d59b56bf2a5bb1a7efd2c0ba8fb009c8b4a0203
SHA512

16827ab4068687a65e2045fe524445e281897575636c9e835f8d44aa467cb94474f32085c5bc94478ce1dc239de12f4a0820fc89a93960bfc997393c6f7ad857
SSDEEP

196608:bcY48x8kLzmgAWXGABxVVG6hrlo0rG1NETvu6Ps42g5DdnHhjlahO2:A8x8kLzmjOLjVAEk42g5DdBjlahO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
690900241148b2ba9ddc95d60d59b56bf2a5bb1a7efd2c0ba8fb009c8b4a0203.exe

Files

690900241148b2ba9ddc95d60d59b56bf2a5bb1a7efd2c0ba8fb009c8b4a0203.exe
.exe windows:4 windows x86 arch:x86

1be10437bc6b51a93d46e60600bc8450

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

wininet

InternetCloseHandle
FtpPutFileA
InternetConnectA
InternetOpenA

ddraw

DirectDrawCreateEx

winmm

timeGetTime

ws2_32

inet_ntoa
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
recv
send
setsockopt
WSASocketA
gethostbyname
WSAEventSelect
inet_addr
htons
WSAConnect
WSAGetLastError
WSACloseEvent
WSACleanup
WSAStartup
WSACreateEvent
gethostname
closesocket

kernel32

GetCurrentProcess
CreateFileA
GetLocalTime
SetUnhandledExceptionFilter
GetPrivateProfileStringA
GetPrivateProfileIntA
GetCurrentDirectoryA
Sleep
GetLastError
CreateMutexA
InterlockedDecrement
InterlockedIncrement
DeleteFileA
GetProcAddress
LoadLibraryA
FreeLibrary
CreateEventA
SetEvent
lstrlenA
Module32Next
Module32First
Process32First
CreateToolhelp32Snapshot
SetEnvironmentVariableA
GetEnvironmentVariableA
WritePrivateProfileStringA
GetNumberFormatA
lstrcmpA
FindClose
FindNextFileA
FindFirstFileA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
IsBadWritePtr
lstrcmpiA
GetVersionExA
GlobalMemoryStatus
GetComputerNameA
IsBadReadPtr
ResetEvent
WaitForSingleObject
QueryPerformanceFrequency
QueryPerformanceCounter
GetDiskFreeSpaceExA
ReadFile
GetFileSize
GetTempFileNameA
GetTempPathA
SetCurrentDirectoryA
WideCharToMultiByte
CreateFileW
HeapFree
GetProcessHeap
GetModuleHandleA
IsProcessorFeaturePresent
WriteFile
GetCurrentThread
CloseHandle
OutputDebugStringA
GetStartupInfoA
Process32Next

user32

UnregisterClassA
ChangeDisplaySettingsA
DispatchMessageA
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
GetAsyncKeyState
SetTimer
SystemParametersInfoA
DrawTextW
ReleaseCapture
SetCapture
GetSystemMetrics
CharNextA
GetWindowLongA
CallWindowProcA
DestroyWindow
EnableWindow
SetWindowLongA
MoveWindow
GetWindowTextA
SetRect
CharUpperA
wsprintfA
GetKeyboardLayout
SetFocus
SendMessageA
BeginPaint
DrawTextA
EndPaint
PostQuitMessage
SetWindowTextA
GetActiveWindow
IsIconic
DefWindowProcA
IsWindow
PostMessageA
MessageBoxA
EnumDisplaySettingsA
LoadIconA
LoadCursorA
RegisterClassExA
CreateWindowExA
TranslateMessage
ShowWindow
UpdateWindow
GetClientRect
SetCursorPos
ShowCursor
PeekMessageA
GetMessageA
KillTimer

gdi32

CreateFontA
CreateFontIndirectA
SetBkMode
CreateDIBSection
CreateCompatibleDC
SetBkColor
GetObjectA
DeleteDC
SetTextColor
SelectObject
DeleteObject

advapi32

RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

ole32

CoCreateInstance
CoUninitialize
CoInitialize

imagehlp

SymFunctionTableAccess
SymGetOptions
SymSetOptions
SymInitialize
SymCleanup
SymGetModuleInfo
SymGetSymFromAddr
StackWalk
SymGetModuleBase

imm32

ImmSetCompositionStringA
ImmGetDescriptionA
ImmGetOpenStatus
ImmReleaseContext
ImmGetContext
ImmSetOpenStatus

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

msvcirt

??5istream@@QAEAAV0@AAH@Z
??1ios@@UAE@XZ
??1ofstream@@UAE@XZ
??_Difstream@@QAEXXZ
??1ifstream@@UAE@XZ
??5istream@@QAEAAV0@PAD@Z
?eatwhite@istream@@QAEXXZ
_mtunlock
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
?getline@istream@@QAEAAV1@PADHD@Z
?lock@ios@@QAAXXZ
??5istream@@QAEAAV0@AAI@Z
?open@ofstream@@QAEXPBDHH@Z
??0ifstream@@QAE@XZ
?open@ifstream@@QAEXPBDHH@Z
??6ostream@@QAEAAV0@I@Z
??6ostream@@QAEAAV0@G@Z
?unlock@ios@@QAAXXZ
??5istream@@QAEAAV0@AAG@Z
??0ofstream@@QAE@PBDHH@Z
??6ostream@@QAEAAV0@PBD@Z
??6ostream@@QAEAAV0@N@Z
?endl@@YAAAVostream@@AAV1@@Z
??6ostream@@QAEAAV0@H@Z
??6ostream@@QAEAAV0@K@Z
?get@istream@@IAEAAV1@PADHH@Z
?close@ofstream@@QAEXXZ
??_Dofstream@@QAEXXZ
?openprot@filebuf@@2HB
??0ifstream@@QAE@PBDHH@Z
??5istream@@QAEAAV0@AAM@Z
??5istream@@QAEAAV0@AAK@Z
?close@ifstream@@QAEXXZ
_mtlock
??0ofstream@@QAE@XZ

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIID@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??_F?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Xlen@std@@YAXXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??8std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z

msvcrt

strrchr
tolower
toupper
_getcwd
strchr
atof
fscanf
_mbschr
_CIatan2
_mbsstr
fwrite
wcsstr
_CIpow
_CIsqrt
_mbscspn
strpbrk
strcspn
_itoa
strncat
_mbstok
localtime
_atoi64
_mbsupr
printf
_CIlog
vsprintf
_CIcos
_CIasin
_CIacos
ceil
_CItan
_finite
bsearch
floor
fprintf
_strupr
_CIlog10
_beginthreadex
_endthreadex
_errno
system
_stricmp
__RTDynamicCast
_mbsinc
_ismbcspace
fgets
_EH_prolog
_vsnprintf
isdigit
isalpha
isalnum
isspace
sscanf
free
_strdup
setlocale
longjmp
_setjmp3
_controlfp
exit
malloc
calloc
_CxxThrowException
clock
memcpy
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_unlink
_ftol
strtok
memmove
_CIatan
_strnicmp
strncpy
_mkdir
sprintf
??2@YAPAXI@Z
__CxxFrameHandler
atoi
_purecall
rand
srand
time
rename
fclose
fopen
strncmp
_chdir
_snprintf
fread
ftell
fseek
_CIsin

dinput8

DirectInput8Create

Sections

.text
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 216KB - Virtual size: 748KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gdi
Size: 1024KB - Virtual size: 1024KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1be10437bc6b51a93d46e60600bc8450

Headers

File Characteristics

Imports

rpcrt4

wininet

ddraw

winmm

ws2_32

kernel32

user32

gdi32

advapi32

ole32

imagehlp

imm32

version

msvcirt

msvcp60

msvcrt

dinput8

Sections

.text Size: 5.8MB - Virtual size: 5.8MB

.rdata Size: 236KB - Virtual size: 236KB

.data Size: 216KB - Virtual size: 748KB

.data1 Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 2KB

Size: 4KB - Virtual size: 4KB

.gdi Size: 1024KB - Virtual size: 1024KB

.text
Size: 5.8MB - Virtual size: 5.8MB

.rdata
Size: 236KB - Virtual size: 236KB

.data
Size: 216KB - Virtual size: 748KB

.data1
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 2KB

.gdi
Size: 1024KB - Virtual size: 1024KB