434e0f9e6f09c5b1a0608e05c01ce9d0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

434e0f9e6f09c5b1a0608e05c01ce9d0N.exe
Size

1.6MB
MD5

434e0f9e6f09c5b1a0608e05c01ce9d0
SHA1

9076f67a30cfe85d96f945606072d7bd3a97ab8a
SHA256

064e5af140e9f2ea2786bda3b15da874485272ec6f263de9b9d758df9c7f7b5c
SHA512

f4b86687fceca62c28668bd88172892682f2c794ba5adb64c28816cb902dbbbf00c821593f73c14074becfb6a56d2206f44393c9515900f15022a5eec5fb88bc
SSDEEP

49152:/F3ASxU1Zq0nR4pcuQKpvxpeD0SkJGVuNEx:txxU1ZXu59

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
434e0f9e6f09c5b1a0608e05c01ce9d0N.exe

Files

434e0f9e6f09c5b1a0608e05c01ce9d0N.exe
.exe windows:6 windows x86 arch:x86

3d35097932e9dc78e3b260758cca3c64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BuildAgent\work\28a9fc745d959c22\installer\bin\Win32\Release\Amazon Games Setup.pdb

Imports

kernel32

Process32NextW
GetDiskFreeSpaceExW
LoadLibraryA
QueryPerformanceFrequency
Process32FirstW
RaiseException
GetOverlappedResult
DecodePointer
DeleteCriticalSection
GetCurrentProcessId
GlobalMemoryStatusEx
WideCharToMultiByte
GetDiskFreeSpaceExA
QueryPerformanceCounter
GetDynamicTimeZoneInformation
FormatMessageW
SetThreadPriority
GetCurrentThread
SetFilePointerEx
MoveFileExW
CreateMutexA
GetExitCodeThread
ExitProcess
SystemTimeToFileTime
GetSystemTime
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetLastError
GetThreadTimes
MultiByteToWideChar
CreateEventW
CreateToolhelp32Snapshot
GetModuleHandleA
ReleaseMutex
GetVersionExW
GetLocaleInfoW
InitializeCriticalSectionEx
CreateMutexW
GetTempPathW
SetFilePointer
GetThreadLocale
GetModuleFileNameW
RemoveDirectoryW
GetStdHandle
ReadFile
CreateDirectoryW
GetExitCodeProcess
GetModuleHandleW
CreateProcessW
GetProcAddress
CreateThread
LoadLibraryW
CloseHandle
DeleteFileW
GetLastError
Sleep
GetCurrentThreadId
CreateFileW
WaitForSingleObject
WriteFile
GetCurrentProcess
OutputDebugStringW
SetEndOfFile
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
ReadConsoleW
HeapSize
FlushFileBuffers
GetTimeZoneInformation
HeapReAlloc
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
HeapFree
HeapAlloc
GetACP
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
TryEnterCriticalSection
GetStringTypeW
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
EncodePointer
IsProcessorFeaturePresent
QueueUserWorkItem
GetModuleHandleExW
GetCurrentDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetFileAttributesW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
CompareStringW
LCMapStringW
GetCPInfo
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
CreateTimerQueue
FreeLibrary
FreeLibraryAndExitThread
LoadLibraryExW
SignalObjectAndWait
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind
GetFileType
GetModuleFileNameA
WriteConsoleW
SetStdHandle
GetCommandLineW

user32

MessageBoxW
FindWindowW
SetForegroundWindow
ShowWindow
GetWindowRect
EnumWindows
GetMessageW
DefWindowProcW
GetDC
PostMessageW
IsIconic
GetWindowTextW
GetWindowThreadProcessId
wsprintfW
EndPaint
BeginPaint
InvalidateRect
ReleaseDC
GetCursorPos
ReleaseCapture
UpdateWindow
SystemParametersInfoW
PostQuitMessage
DrawIconEx
SetCapture
LoadCursorW
TranslateMessage
SetTimer
DispatchMessageW
RegisterClassExW
GetSystemMetrics
GetIconInfo
CreateWindowExW
SetWindowPos

comdlg32

GetSaveFileNameW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExW
RegSetValueExW
GetUserNameW
RegCloseKey

shell32

ShellExecuteA
SHParseDisplayName
ShellExecuteExW
SHCreateShellItem
CommandLineToArgvW
SHGetFolderPathW

ole32

CoInitializeSecurity
CoInitializeEx
CoTaskMemFree
CoCreateInstance
CoUninitialize

oleaut32

VariantClear
SysAllocString
SysAllocStringLen
VariantInit
SysFreeString

winhttp

WinHttpReceiveResponse
WinHttpOpen
WinHttpConnect
WinHttpSendRequest
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpAddRequestHeaders

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

rpcrt4

UuidCreate

msimg32

AlphaBlend

gdi32

CreateSolidBrush
DeleteObject
GetObjectW
Rectangle
CreatePen
SetBkMode
SetTextColor
GetTextExtentPoint32W
TextOutW
DeleteDC
CreateFontW
CreateDIBitmap
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
BitBlt

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 249KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d35097932e9dc78e3b260758cca3c64

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

comdlg32

advapi32

shell32

ole32

oleaut32

winhttp

version

rpcrt4

msimg32

gdi32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 249KB - Virtual size: 248KB

.data Size: 59KB - Virtual size: 86KB

.rsrc Size: 149KB - Virtual size: 148KB

.reloc Size: 58KB - Virtual size: 58KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 249KB - Virtual size: 248KB

.data
Size: 59KB - Virtual size: 86KB

.rsrc
Size: 149KB - Virtual size: 148KB

.reloc
Size: 58KB - Virtual size: 58KB