9bfd9c98efad84e5e3f25ceaa3c4baa3ecca262a911faf8dc0934de48407fe88

Sharing

Copy URL Twitter E-mail

General

Target

9bfd9c98efad84e5e3f25ceaa3c4baa3ecca262a911faf8dc0934de48407fe88
Size

5.8MB
MD5

7b9b7542f81561871970bca1879d5acd
SHA1

943c731039e71c7bc99c466b2d4f5eabca6ed887
SHA256

9bfd9c98efad84e5e3f25ceaa3c4baa3ecca262a911faf8dc0934de48407fe88
SHA512

46d839431046a293093a7d883a9d8fd0ee693edcdc028b34dea506103df9481fc3bb301304f64ece8a3875b400980645467eaffc2cd69dad530dfc2e1052941d
SSDEEP

98304:QcwbvYyWe+77n+5IKS4txGNnVsH75HitaMZ3yHmI:1rK7tI/sC/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9bfd9c98efad84e5e3f25ceaa3c4baa3ecca262a911faf8dc0934de48407fe88

Files

9bfd9c98efad84e5e3f25ceaa3c4baa3ecca262a911faf8dc0934de48407fe88
.exe windows:6 windows x86 arch:x86

1c45d3ab836f9f3fb7ab82e398c3b292

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
GetPrivateProfileStringA
lstrlenA
GetCurrentDirectoryA
MoveFileA
FindClose
FindNextFileA
FindFirstFileA
SetFileAttributesA
SetThreadPriority
CreateEventA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
SetEvent
Sleep
OpenProcess
QueryPerformanceFrequency
ResetEvent
ExpandEnvironmentStringsW
GetSystemTime
GetVersion
FindNextFileW
CreatePipe
RemoveDirectoryW
MoveFileW
SetCurrentDirectoryA
GetEnvironmentVariableA
GetModuleFileNameA
GlobalFree
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
HeapCompact
UnlockFileEx
LockFileEx
ReadConsoleInputW
SetConsoleMode
ReadConsoleInputA
PeekConsoleInputA
GetSystemInfo
GetLastError
ReadProcessMemory
GetCurrentProcess
Module32Next
Module32First
CreateToolhelp32Snapshot
GetTickCount
GetCurrentDirectoryW
MultiByteToWideChar
HeapFree
GetProcessHeap
HeapAlloc
CloseHandle
GetNumberOfConsoleInputEvents
FlushViewOfFile
VirtualQuery
GetFileAttributesW
GetProcessTimes
SetFileTime
GenerateConsoleCtrlEvent
GetFileAttributesExA
SetEnvironmentVariableW
SystemTimeToFileTime
FindFirstFileW
GetFullPathNameW
LoadLibraryExA
SetErrorMode
GetFileAttributesA
DeviceIoControl
IsDBCSLeadByte
LocalFree
FormatMessageA
SetEndOfFile
SetEnvironmentVariableA
CreateProcessA
GetExitCodeProcess
WriteConsoleW
HeapReAlloc
SetStdHandle
SetFileAttributesW
SetCurrentDirectoryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
DeleteFileW
GetTimeZoneInformation
GetFileAttributesExW
SetConsoleCtrlHandler
LoadLibraryW
UnregisterWaitEx
InitializeSListHead
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
FreeLibraryAndExitThread
GetThreadTimes
OutputDebugStringW
FlushFileBuffers
CreateDirectoryW
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetOEMCP
GetACP
IsValidCodePage
GetModuleFileNameW
GetStdHandle
HeapSize
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
CreateSemaphoreW
GetStartupInfoW
TerminateProcess
CreateEventW
InitializeCriticalSectionAndSpinCount
SetLastError
UnhandledExceptionFilter
FileTimeToSystemTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
FileTimeToLocalFileTime
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetCPInfo
LoadLibraryExW
GetFullPathNameA
GetDriveTypeW
RtlUnwind
GetCommandLineA
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
GetModuleHandleW
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetThreadPriority
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
CreateTimerQueue
RaiseException
ExitThread
CreateThread
IsDebuggerPresent
CreateFileW
IsProcessorFeaturePresent
HeapValidate
GetSystemTimeAsFileTime
DuplicateHandle
DecodePointer
EncodePointer
GetStringTypeW
GetCurrentThreadId
QueryPerformanceCounter
ReleaseSemaphore
GetLocaleInfoA
CompareStringA
LoadLibraryA
lstrlenW
GlobalUnlock
GlobalLock
GetProcAddress
FreeLibrary
GetVersionExA
GetSystemDirectoryA
WideCharToMultiByte
WriteFile
SetFilePointer
ReadFile
OutputDebugStringA
WinExec
GetModuleHandleA
GetCurrentThread
SetUnhandledExceptionFilter
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetFileSize
GetTempPathA
RemoveDirectoryA
CreateDirectoryA
GlobalAlloc
CreateFileA
VerSetConditionMask
GetCurrentProcessId
VerifyVersionInfoW
GetConsoleOutputCP

user32

TranslateMessage
CharNextExA
CharNextW
GetClipboardData
CloseClipboard
LoadImageA
FlashWindowEx
DestroyIcon
InvalidateRect
GetDC
FillRect
ReleaseDC
PeekMessageA
ClientToScreen
GetClientRect
OpenClipboard
GetKeyboardLayout
GetKeyboardLayoutNameA
DispatchMessageA
DefWindowProcA
UnregisterClassA
RegisterClassExA
CreateWindowExA
IsWindow
DestroyWindow
MoveWindow
OffsetRect
SetRect
GetAsyncKeyState
PostQuitMessage
GetCursorPos
ScreenToClient
FindWindowA
LoadIconA
SetWindowPos
SystemParametersInfoA
GetKeyState
DestroyCursor
ShowCursor
SetCursor
SetCursorPos
SetCapture
ReleaseCapture
ChangeDisplaySettingsA
ShowWindow
GetCapture
FindWindowExA
EnableWindow
FindWindowW
IsIconic
GetWindowRect
GetSystemMetrics
LoadStringA
MessageBoxA
SetFocus
UpdateWindow
CharPrevA
GetMessageA
LoadCursorA
AdjustWindowRectEx
GetMenu
RegisterClassA
SetWindowLongA
GetWindowLongA
CharPrevExA

gdi32

CreateDIBSection
SetBkMode
CreateFontIndirectA
EnumFontFamiliesExA
GetStockObject
TextOutW
SetTextColor
SetBkColor
GetTextExtentPoint32W
GetCharABCWidthsFloatW
CreateSolidBrush
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
TextOutA
DeleteDC
GetTextExtentPoint32A
StretchBlt

advapi32

RegDeleteValueA
RegCloseKey
RegQueryValueExW
RegQueryValueA
RegSaveKeyA
RegEnumValueA
RegLoadKeyA
RegFlushKey
RegConnectRegistryA
CryptAcquireContextA
CryptGenRandom
RegQueryInfoKeyA
RegCreateKeyExA
RegCreateKeyA
RegEnumKeyExA
RegDeleteKeyA
RegSetValueExA
RegSetValueA
CryptReleaseContext
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyExW

shell32

ShellExecuteA
SHGetSpecialFolderPathA
ShellExecuteW
SetCurrentProcessExplicitAppUserModelID

ole32

CoInitializeEx
OleSetContainedObject
OleUninitialize
OleInitialize
CoGetClassObject
CoCreateInstance
CreateStreamOnHGlobal
CLSIDFromString
CoUninitialize
CoInitialize

winmm

timeBeginPeriod
timeGetDevCaps
timeEndPeriod
timeGetTime

d3d8

Direct3DCreate8

imm32

ImmGetCandidateListW
ImmIsIME
ImmNotifyIME
ImmGetOpenStatus
ImmSetConversionStatus
ImmGetConversionStatus
ImmGetIMEFileNameA
ImmSetCompositionStringW
ImmGetCompositionStringW
ImmAssociateContext
ImmReleaseContext
ImmGetContext

devil

ilSetPixels
ilTexImage
ilSave
ilShutDown
ilDeleteImages
ilCopyPixels
ilConvertImage
ilGetInteger
ilLoad
ilOriginFunc
ilEnable
ilBindImage
ilGenImages
ilInit

iphlpapi

GetAdaptersInfo
GetPerAdapterInfo

gdiplus

GdipFree
GdipAlloc
GdipDisposeImage
GdipCloneImage
GdipSaveImageToFile
GdipSaveImageToStream
GdipCreateBitmapFromStream
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromHBITMAP

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

imagehlp

EnumerateLoadedModules
GetTimestampForLoadedLibrary
StackWalk

granny2

_GrannyUpdateModelMatrix@20
_GrannySampleModelAnimationsAccelerated@20
_GrannyFreeCompletedModelControls@4
_GrannySetModelClock@8
_GrannyGetSourceSkeleton@4
_GrannyGetFileInfo@4
_GrannyFreeFile@4
_GrannyFreeFileSection@8
_GrannyReadEntireFileFromMemory@8
_GrannyConvertSingleObject@20
_GrannyNewLocalPose@4
_GrannyGetMaterialTextureByType@8
_GrannySetLogCallback@4
_GrannyGetMeshVertexCount@4
_GrannyMeshIsRigid@4
_GrannyGetMeshIndexCount@4
_GrannyGetSourceModel@4
_GrannyFindTrackGroupForModel@12
_GrannyFreeControl@4
_GrannyCompleteControlAt@8
_GrannyControlIsComplete@4
_GrannyFreeLocalPose@4
_GrannyGetWorldPoseComposite4x4Array@4
_GrannyInstantiateModel@4
_GrannyGetTotalTypeSize@4
_GrannyFreeModelInstance@4
_GrannyNewMeshBinding@12
_GrannyFreeMeshBinding@4
_GrannyGetMeshBindingToBoneIndices@4
_GrannyFindBoneByName@12
_GrannyNewWorldPose@4
_GrannyFreeWorldPose@4
_GrannyGetWorldPose4x4@8
_GrannyGetWorldPoseComposite4x4@8
_GrannyFindMatchingMember@16
_GrannyGetControlLoopCount@4
_GrannySetControlLoopCount@8
_GrannyGetControlSpeed@4
_GrannySetControlSpeed@8
_GrannyGetControlLocalDuration@4
_GrannySetControlEaseIn@8
_GrannySetControlEaseInCurve@28
_GrannySetControlEaseOut@8
_GrannySetControlEaseOutCurve@28
_GrannyGetControlRawLocalClock@4
_GrannySetControlRawLocalClock@8
_GrannyPlayControlledAnimation@12
_GrannyBeginControlledAnimation@8
_GrannyEndControlledAnimation@4
_GrannySetTrackGroupTarget@12
_GrannySetTrackGroupLOD@16
_GrannyGetMeshTriangleGroupCount@4
_GrannyGetMeshTriangleGroups@4
_GrannyGetMeshVertexType@4
_GrannyCopyMeshVertices@12
_GrannyGetMeshVertices@4
_GrannyCopyMeshIndices@12
_GrannyNewMeshDeformer@16
_GrannyFreeMeshDeformer@4
_GrannyDeformVertices@24
GrannyPNT332VertexType
_GrannyFreeControlIfComplete@4
_GrannyFreeControlOnceUnused@4

mss32

_AIL_auto_update_3D_position@8
_AIL_3D_sample_volume@4
_AIL_mem_free_lock@4
_AIL_3D_sample_status@4
_AIL_file_read@8
_AIL_set_file_callbacks@16
_AIL_WAV_info@8
_AIL_decompress_ASI@24
_AIL_decompress_ADPCM@12
_AIL_file_type@8
_AIL_open_digital_driver@16
_AIL_open_stream@12
_AIL_close_digital_driver@4
_AIL_enumerate_3D_providers@12
_AIL_open_3D_provider@4
_AIL_close_3D_provider@4
_AIL_open_3D_listener@4
_AIL_close_3D_listener@4
_AIL_set_3D_position@16
_AIL_set_3D_velocity@20
_AIL_set_3D_orientation@28
_AIL_startup@0
_AIL_shutdown@0
_AIL_set_redist_directory@4
_AIL_close_stream@4
_AIL_start_stream@4
_AIL_pause_stream@8
_AIL_set_stream_volume_levels@12
_AIL_stream_volume_levels@12
_AIL_set_stream_loop_count@8
_AIL_stream_status@4
_AIL_last_error@0
_AIL_allocate_sample_handle@4
_AIL_release_sample_handle@4
_AIL_init_sample@4
_AIL_set_sample_file@12
_AIL_start_sample@4
_AIL_stop_sample@4
_AIL_set_3D_sample_loop_count@8
_AIL_set_3D_sample_volume@8
_AIL_set_3D_sample_file@8
_AIL_end_3D_sample@4
_AIL_resume_3D_sample@4
_AIL_resume_sample@4
_AIL_end_sample@4
_AIL_set_sample_volume_pan@12
_AIL_set_sample_loop_count@8
_AIL_sample_status@4
_AIL_sample_volume_pan@12
_AIL_allocate_3D_sample_handle@4
_AIL_release_3D_sample_handle@4
_AIL_start_3D_sample@4
_AIL_stop_3D_sample@4

speedtreert

?GetTextures@CSpeedTreeRT@@QBEXAAUSTextures@1@@Z
?SetTextureFlip@CSpeedTreeRT@@SAX_N@Z
?GetCurrentError@CSpeedTreeRT@@SAPBDXZ
?GetBoundingBox@CSpeedTreeRT@@QBEXPAM@Z
?GetGeometry@CSpeedTreeRT@@QAEXAAUSGeometry@1@KFFF@Z
?GetCollisionObject@CSpeedTreeRT@@QAEXIAAW4ECollisionObjectType@1@PAM1@Z
?SetLeafRockingState@CSpeedTreeRT@@QAEX_N@Z
?GetFrondMaterial@CSpeedTreeRT@@QBEPBMXZ
?GetNumFrondLodLevels@CSpeedTreeRT@@QBEGXZ
?GetNumLeafLodLevels@CSpeedTreeRT@@QBEGXZ
?GetNumBranchLodLevels@CSpeedTreeRT@@QBEGXZ
?SetLodLimits@CSpeedTreeRT@@QAEXMM@Z
?SetDropToBillboard@CSpeedTreeRT@@SAX_N@Z
?SetLodLevel@CSpeedTreeRT@@QAEXM@Z
?ComputeLodLevel@CSpeedTreeRT@@QAEXXZ
?SetLocalMatrices@CSpeedTreeRT@@QAEXII@Z
?SetFrondWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetBranchWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetLeafWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?GetCollisionObjectCount@CSpeedTreeRT@@QAEIXZ
?SetNumLeafRockingGroups@CSpeedTreeRT@@QAEXI@Z
?GetBranchMaterial@CSpeedTreeRT@@QBEPBMXZ
?SetTime@CSpeedTreeRT@@SAXM@Z
?SetWindStrength@CSpeedTreeRT@@QAEMMMM@Z
?SetNumWindMatrices@CSpeedTreeRT@@SAXI@Z
?SetLightState@CSpeedTreeRT@@SAXI_N@Z
?SetLightAttributes@CSpeedTreeRT@@SAXIPBM@Z
?GetLeafMaterial@CSpeedTreeRT@@QBEPBMXZ
?SetFrondLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetLeafLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetBranchLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetTreePosition@CSpeedTreeRT@@QAEXMMM@Z
?GetTreePosition@CSpeedTreeRT@@QBEPBMXZ
?SetTreeSize@CSpeedTreeRT@@QAEXMM@Z
?LoadTree@CSpeedTreeRT@@QAE_NPBEI@Z
?LoadTree@CSpeedTreeRT@@QAE_NPBD@Z
?MakeInstance@CSpeedTreeRT@@QAEPAV1@XZ
?Compute@CSpeedTreeRT@@QAE_NPBMI_N@Z
??3CSpeedTreeRT@@SAXPAX@Z
??2CSpeedTreeRT@@SAPAXI@Z
??1CSpeedTreeRT@@QAE@XZ
??0CSpeedTreeRT@@QAE@XZ
??1STextures@CSpeedTreeRT@@QAE@XZ
??0STextures@CSpeedTreeRT@@QAE@XZ
??1SGeometry@CSpeedTreeRT@@QAE@XZ
??0SGeometry@CSpeedTreeRT@@QAE@XZ
?SetCamera@CSpeedTreeRT@@SAXPBM0@Z

dinput8

DirectInput8Create

ws2_32

inet_addr
htons
socket
connect
send
recv
__WSAFDIsSet
closesocket
ioctlsocket
select
WSAGetLastError
WSAStartup
gethostbyname
WSACleanup

ddraw

DirectDrawCreate

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 483KB - Virtual size: 804KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 476KB - Virtual size: 475KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c45d3ab836f9f3fb7ab82e398c3b292

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

winmm

d3d8

imm32

devil

iphlpapi

gdiplus

version

imagehlp

granny2

mss32

speedtreert

dinput8

ws2_32

ddraw

oleaut32

Sections

.text Size: 3.6MB - Virtual size: 3.6MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 483KB - Virtual size: 804KB

.data1 Size: 2KB - Virtual size: 2KB

.rsrc Size: 476KB - Virtual size: 475KB

.text
Size: 3.6MB - Virtual size: 3.6MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 483KB - Virtual size: 804KB

.data1
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 476KB - Virtual size: 475KB