6e938fce58e1331f4bd0c4c211e164a6244c94e86c6049d2abf517f2e44ae720

Sharing

Copy URL Twitter E-mail

General

Target

6e938fce58e1331f4bd0c4c211e164a6244c94e86c6049d2abf517f2e44ae720
Size

148KB
MD5

cdb0f223c469711e6a77e7999e89b7e5
SHA1

f7aa6319378cd4336fc7860b8a73db61a1b26ec7
SHA256

6e938fce58e1331f4bd0c4c211e164a6244c94e86c6049d2abf517f2e44ae720
SHA512

294d10c24cd6fd9aa34f4db59f5a9378c58ffa50fb8f46f5ba90eac9b1f1470f24e0c910b6f4c9af26192963af1f0d29934bbacaccee7ff1c44118c939bdca47
SSDEEP

3072:+Wb4gvHlECiP0jiW4RaFH6SAg0Fu/6F26Fi:+W3vHlWRaFaSAOc2A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6e938fce58e1331f4bd0c4c211e164a6244c94e86c6049d2abf517f2e44ae720

Files

6e938fce58e1331f4bd0c4c211e164a6244c94e86c6049d2abf517f2e44ae720
.exe windows:4 windows x86 arch:x86

2a60af495527e956e8fd147aee66f57c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey

ck2

?GetManagerByGuid@CKContext@@QAEPAVCKBaseManager@@UCKGUID@@@Z
?GetRenderManager@CKContext@@QAEPAVCKRenderManager@@XZ
?ParsePlugins@CKPluginManager@@QAEHPAD@Z
?CKGetPluginManager@@YAPAVCKPluginManager@@XZ
?Pause@CKContext@@QAEHXZ
?Play@CKContext@@QAEHXZ
?IsPlaying@CKContext@@QAEHXZ
?GetPluginCount@CKPluginManager@@QAEHH@Z
?CKCloseContext@@YAHPAVCKContext@@@Z
?CKStartUp@@YAHXZ
?SetVirtoolsVersion@CKContext@@QAEXW4CK_VIRTOOLS_VERSION@@I@Z
?CKCreateContext@@YAHPAPAVCKContext@@PAXPBD@Z
?Process@CKContext@@QAEHXZ
?ResetChronos@CKTimeManager@@QAEXHH@Z
?GetTimeToWaitForLimits@CKTimeManager@@QAEXAAM0@Z
?GetTimeManager@CKContext@@QAEPAVCKTimeManager@@XZ
?ApplyEnvironmentSettings@CKScene@@QAEXPAVXObjectPointerArray@@@Z
?SetBackgroundColor@CKScene@@QAEXI@Z
?GetCurrentScene@CKContext@@QAEPAVCKScene@@XZ
?GetPathManager@CKContext@@QAEPAVCKPathManager@@XZ
?LaunchScene@CKLevel@@QAEHPAVCKScene@@W4CK_SCENEOBJECTACTIVITY_FLAGS@@W4CK_SCENEOBJECTRESET_FLAGS@@@Z
?SetMaximumDeltaTime@CKTimeManager@@QAEXM@Z
?SetMinimumDeltaTime@CKTimeManager@@QAEXM@Z
?ChangeLimitOptions@CKTimeManager@@QAEXW4CK_FRAMERATE_LIMITS@@0@Z
?AddRenderContext@CKLevel@@QAEXPAVCKRenderContext@@H@Z
?RemoveRenderContext@CKLevel@@QAEXPAVCKRenderContext@@@Z
?GetRenderContext@CKLevel@@QAEPAVCKRenderContext@@H@Z
?GetLocalParameterCount@CKBehavior@@QAEHXZ
?GetCurrentLevel@CKContext@@QAEPAVCKLevel@@XZ
?Load@CKContext@@QAEHPADPAVCKObjectArray@@W4CK_LOAD_FLAGS@@PAUCKGUID@@@Z
?CreateCKObjectArray@@YAPAVCKObjectArray@@XZ
?CKShutdown@@YAHXZ
?ClearAll@CKContext@@QAEHXZ
?Reset@CKContext@@QAEHH@Z
?AddPath@CKPathManager@@QAEHHAAVXString@@@Z
?DeleteCKObjectArray@@YAXPAVCKObjectArray@@@Z
?AddBigFile@CKPathManager@@QAEHPBD@Z

gdi32

DeleteObject
CreateSolidBrush

kernel32

GetCurrentDirectoryA
SetCurrentDirectoryA
GetModuleFileNameA
GetModuleHandleA
CloseHandle
Sleep
GetLastError
CreateMutexA
CompareStringA
InterlockedExchange
FreeLibrary
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryA
FlushInstructionCache
VirtualQuery
GetVersion
SetLastError
CreateFileA
InitializeCriticalSection
IsBadCodePtr
IsBadReadPtr
GetStringTypeA
GetLocaleInfoA
HeapSize
FlushFileBuffers
ReadFile
SetFilePointer
IsBadWritePtr
EnterCriticalSection
LeaveCriticalSection
FindNextFileA
SetStdHandle
FindClose
SetEndOfFile
FindFirstFileA
ExitProcess
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapReAlloc
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
LCMapStringA
TlsFree
GetCurrentThreadId
TlsSetValue
TlsGetValue
TlsAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
LockResource
GetFileType
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
GetACP
GetOEMCP

user32

MessageBoxA
ShowCursor
SetWindowPos
UpdateWindow
LoadIconA
LoadCursorA
RegisterClassExA
SetRect
AdjustWindowRectEx
MoveWindow
DefWindowProcA
PostQuitMessage
ShowWindow
GetFocus
DispatchMessageA
PeekMessageA
TranslateMessage
DestroyWindow
CreateWindowExA

vxmath

??1XString@@QAE@XZ
??0XString@@QAE@PBDH@Z

Sections

.sforce3
Size: 112KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RSRC
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sforce3
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.start
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2a60af495527e956e8fd147aee66f57c

Headers

File Characteristics

Imports

advapi32

ck2

gdi32

kernel32

user32

vxmath

Sections

.sforce3 Size: 112KB - Virtual size: 120KB

.RSRC Size: 16KB - Virtual size: 13KB

.sforce3 Size: 4KB - Virtual size: 4KB

.idata Size: 4KB - Virtual size: 4KB

.start Size: 8KB - Virtual size: 4KB

.sforce3
Size: 112KB - Virtual size: 120KB

.RSRC
Size: 16KB - Virtual size: 13KB

.sforce3
Size: 4KB - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 4KB

.start
Size: 8KB - Virtual size: 4KB