502e98f0fdd6ef1989679803c0eddd4253e5c524e9437a53c0d4e94c0cf41d2a

Sharing

Copy URL Twitter E-mail

General

Target

502e98f0fdd6ef1989679803c0eddd4253e5c524e9437a53c0d4e94c0cf41d2a
Size

13.4MB
MD5

2aaf5ffc1678125d4fde29b3cb0e0a95
SHA1

23374732b2a40f9eb8c96b5cad56bc7c1c63ef84
SHA256

502e98f0fdd6ef1989679803c0eddd4253e5c524e9437a53c0d4e94c0cf41d2a
SHA512

9a9a5a266cc1f85b8b0259b5af7dd324478fc6e4050d99487d083b2d7a724e8c6dfc2e536623e304af8bcd175ceba879b20d8a07ceee2a7b44fcfac2c6d55595
SSDEEP

393216:V9Q1/kHKNQaOjLknusLIQ1f/H6Om0nc/:V21s8QaqLknusUQ1fiOmB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
502e98f0fdd6ef1989679803c0eddd4253e5c524e9437a53c0d4e94c0cf41d2a

Files

502e98f0fdd6ef1989679803c0eddd4253e5c524e9437a53c0d4e94c0cf41d2a
.exe windows:5 windows x86 arch:x86

e9d19a9d2f36adba204c139c303f0087

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

zlibwapi

ord46

ws2_32

inet_addr

imm32

ImmIsIME

d3d8

Direct3DCreate8

dsound

ord11

ddraw

DirectDrawCreate

speedtreert

?GetBoundingBox@CSpeedTreeRT@@QBEXPAM@Z

ftdriver

?CreateFTManager@@YAPAVIFTManager@@HHH@Z

shlwapi

StrToIntW

wininet

InternetConnectA

winmm

timeGetTime

immwrapper

?Release@AMImmWrapper@@QAE_NXZ

version

VerQueryValueA

kernel32

GetVersionExW
GetVersion
GetVersionExA

user32

PostMessageW

gdi32

CreateEllipticRgn

advapi32

LookupPrivilegeValueW

shell32

SHOpenFolderAndSelectItems

ole32

CoInitializeEx

oleaut32

OleCreateFontIndirect

elementskill

?GetComboSkActivated@ElementSkill@GNET@@SAXABUComboSkillState@2@AAV?$vector@U?$pair@IH@std@@V?$allocator@U?$pair@IH@std@@@2@@std@@@Z

msvcp80

?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ

msvcr80

_findnext32

urlmon

URLDownloadToFileW

fmodex

?getMode@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAI@Z

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 228KB - Virtual size: 453KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HnU
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.@nI
Size: 4KB - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ich
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e9d19a9d2f36adba204c139c303f0087

Headers

File Characteristics

Imports

zlibwapi

ws2_32

imm32

d3d8

dsound

ddraw

speedtreert

ftdriver

shlwapi

wininet

winmm

immwrapper

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

elementskill

msvcp80

msvcr80

urlmon

fmodex

Exports

Exports

Sections

.text Size: 6.9MB - Virtual size: 6.9MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 228KB - Virtual size: 453KB

.tls Size: 8KB - Virtual size: 4KB

.data1 Size: 4KB - Virtual size: 2KB

.HnU Size: 3.1MB - Virtual size: 3.1MB

.@nI Size: 4KB - Virtual size: 232B

.ich Size: 1.9MB - Virtual size: 1.9MB

.rsrc Size: 32KB - Virtual size: 31KB

.text
Size: 6.9MB - Virtual size: 6.9MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 228KB - Virtual size: 453KB

.tls
Size: 8KB - Virtual size: 4KB

.data1
Size: 4KB - Virtual size: 2KB

.HnU
Size: 3.1MB - Virtual size: 3.1MB

.@nI
Size: 4KB - Virtual size: 232B

.ich
Size: 1.9MB - Virtual size: 1.9MB

.rsrc
Size: 32KB - Virtual size: 31KB