IGLOO[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

IGLOO.exe
Size

1.5MB
MD5

7737d7ea0a4dfe963e503b9d4ed02df4
SHA1

820157340033dc778f6a11b6a749ea1cd602d967
SHA256

7c26aef6a10320fa26be0e5111414b64ca0915b37d16873c9f82a0e34d4e44cf
SHA512

4818ea46016069dc62fb38b894ab12878e06891273a25b1b91eb3b523ca340489fd1a3155e7507f7eb972e4d63d15b7ab5243adaa04b3c11aa2bfaade205adab
SSDEEP

24576:E4pNSNFXgsuAW48an8huGKFLPnKdtRYYg0JlF2Bn7JUJemXLk:E4aNFXgsu9Un8ynGtKUJy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
IGLOO.exe

Files

IGLOO.exe
.exe windows:6 windows x64 arch:x64

3b10099f14a7d5546ee0d243dec0e66e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\IGL App\IGLOO\x64\Release\IGLOO.pdb

Imports

d3d9

Direct3DCreate9

kernel32

GetCurrentProcess
CreateThread
CreateProcessA
VirtualProtect
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
QueryFullProcessImageNameW
MoveFileA
LocalFree
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetFileInformationByHandleEx
AreFileApisANSI
DeleteCriticalSection
GetFileAttributesExW
FindFirstFileW
FindClose
CreateDirectoryW
GetCurrentDirectoryW
GetLocaleInfoEx
FormatMessageA
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
CloseHandle
CreateFileW
QueryPerformanceCounter
FreeLibrary
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
GetLocaleInfoA
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
RtlCaptureContext
GlobalAlloc
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
MultiByteToWideChar
Sleep
GetModuleHandleA
SleepConditionVariableSRW

user32

GetKeyboardLayout
GetForegroundWindow
SetCapture
ScreenToClient
DestroyWindow
GetWindowRect
DispatchMessageA
DefWindowProcW
SetCursor
GetClientRect
IsWindowUnicode
TrackMouseEvent
ClientToScreen
SetWindowPos
MessageBoxA
GetCapture
LoadIconA
CreateWindowExW
CallNextHookEx
GetSystemMetrics
LoadCursorA
GetMessageExtraInfo
UnregisterClassW
RegisterClassExW
GetClipboardData
ShowWindow
SetWindowsHookExA
TranslateMessage
SetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
PeekMessageA
PostQuitMessage
SetCursorPos
SetForegroundWindow
GetKeyState
UpdateWindow
ReleaseCapture

advapi32

OpenProcessToken
AddAccessAllowedAce
GetLengthSid
GetTokenInformation
InitializeAcl
IsValidSid
SetSecurityInfo
CopySid
ConvertSidToStringSidA

shell32

Shell_NotifyIconA

libcurl

curl_easy_strerror
curl_easy_perform
curl_easy_setopt
curl_easy_cleanup
curl_slist_free_all
curl_easy_escape
curl_slist_append
curl_easy_init

msvcp140

?_Winerror_map@std@@YAHH@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
_Query_perf_counter
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?uncaught_exceptions@std@@YAHXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
?setf@ios_base@std@@QEAAHHH@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Query_perf_frequency

wininet

InternetOpenA
InternetCloseHandle
InternetReadFile
InternetOpenUrlA
DeleteUrlCacheEntryA

urlmon

URLDownloadToFileA

d3dx9_43

D3DXCreateTextureFromFileInMemory

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow
ImmSetCandidateWindow

dwmapi

DwmExtendFrameIntoClientArea

shlwapi

PathFindFileNameW

rpcrt4

RpcStringFreeA
UuidToStringA

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception
__C_specific_handler
__current_exception_context
memset
memmove
memcpy
memchr
_CxxThrowException
memcmp
__std_terminate
__std_exception_copy
__std_exception_destroy
strstr

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_cexit
_get_narrow_winmain_command_line
_initterm
_initterm_e
_exit
_invalid_parameter_noinfo_noreturn
_c_exit
_register_thread_local_exe_atexit_callback
_crt_atexit
_beginthreadex
terminate
exit
_register_onexit_function
_seh_filter_exe
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
abort
_resetstkoflw
_invalid_parameter_noinfo
system
_errno

api-ms-win-crt-time-l1-1-0

strftime
_time64
asctime
_localtime64

api-ms-win-crt-stdio-l1-1-0

fputc
__stdio_common_vsscanf
_wfopen
fflush
__stdio_common_vfprintf
_popen
fgets
__p__commode
fclose
fseek
ftell
_get_stream_buffer_pointers
_set_fmode
_fseeki64
fread
fsetpos
ungetc
setvbuf
fgetpos
__stdio_common_vsprintf
_pclose
fwrite
fgetc
__acrt_iob_func

api-ms-win-crt-heap-l1-1-0

malloc
free
_set_new_mode
calloc
realloc
_callnewh

api-ms-win-crt-math-l1-1-0

cosf
expf
floor
ceilf
fmodf
sqrtf
pow
sinf
_dclass
sqrt
_dsign
atan2f
acosf
ldexp
powf
__setusermatherr

api-ms-win-crt-convert-l1-1-0

strtol
strtoull
strtod
strtoll

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
remove
_lock_file

api-ms-win-crt-locale-l1-1-0

localeconv
___lc_codepage_func
_configthreadlocale

api-ms-win-crt-string-l1-1-0

strcmp
strncpy
strncmp

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: 605KB - Virtual size: 604KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 233KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 396KB - Virtual size: 399KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b10099f14a7d5546ee0d243dec0e66e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d9

kernel32

user32

advapi32

shell32

libcurl

msvcp140

wininet

urlmon

d3dx9_43

imm32

dwmapi

shlwapi

rpcrt4

psapi

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 605KB - Virtual size: 604KB

.rdata Size: 233KB - Virtual size: 232KB

.data Size: 396KB - Virtual size: 399KB

.pdata Size: 22KB - Virtual size: 22KB

.rsrc Size: 250KB - Virtual size: 249KB

.reloc Size: 1024B - Virtual size: 956B

.text
Size: 605KB - Virtual size: 604KB

.rdata
Size: 233KB - Virtual size: 232KB

.data
Size: 396KB - Virtual size: 399KB

.pdata
Size: 22KB - Virtual size: 22KB

.rsrc
Size: 250KB - Virtual size: 249KB

.reloc
Size: 1024B - Virtual size: 956B