3f0b886969786d6579e88f8dfa5ece4e478781dba3826703d49f41f11939b8f8

Sharing

Copy URL Twitter E-mail

General

Target

3f0b886969786d6579e88f8dfa5ece4e478781dba3826703d49f41f11939b8f8
Size

11.8MB
MD5

b156bdfcb8808574eddfbf4889922356
SHA1

9903d4d5eff229a8e2f2578fb94deb56c9f0eafd
SHA256

3f0b886969786d6579e88f8dfa5ece4e478781dba3826703d49f41f11939b8f8
SHA512

5d988f676a61429d9bc13756a40f277c46e37aa4c8d048af52ac14ed5d1eef8a69e8c3116e979e479068f007c9f5ea2b6f6f3739f44ef44cac138c447e23e523
SSDEEP

98304:VaXTbi0+dJWNRDnrPORkHlUc6zScs325657JpFobg5wD3vjR0PHYWt0y3eRrjiZF:WbiovFP6PGlo0YflQ9bSHIPTp9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f0b886969786d6579e88f8dfa5ece4e478781dba3826703d49f41f11939b8f8

Files

3f0b886969786d6579e88f8dfa5ece4e478781dba3826703d49f41f11939b8f8
.exe windows:5 windows x86 arch:x86

4ba9e6e4ada314bc1fda9a08f387e020

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\p4\pc\trixie\bin\release\witn.pdb

Imports

ws2_32

recv
shutdown
closesocket
recvfrom
sendto
connect
ioctlsocket
getsockopt
bind
getsockname
getaddrinfo
freeaddrinfo
select
socket
WSACleanup
WSAStartup
WSAGetLastError
ntohl
setsockopt
htonl
ntohs
htons

d3d9

Direct3DCreate9
D3DPERF_SetMarker

d3dx9_42

D3DXFillTexture
D3DXCreateEffectFromFileA
D3DXCreateEffect
D3DXMatrixMultiply
D3DXMatrixTranspose
D3DXCreateTextureFromFileExA
D3DXCreateTexture

dsound

ord11
ord2

x3daudio1_6

X3DAudioInitialize

xinput1_3

ord3
ord2

steam_api

SteamAPI_UnregisterCallResult
SteamUserStats
SteamAPI_RestartAppIfNecessary
SteamRemoteStorage
SteamAPI_Init
SteamClient
SteamAPI_Shutdown
SteamAPI_RunCallbacks
SteamAPI_RegisterCallResult
SteamApps
SteamNetworking
SteamFriends
SteamMatchmaking
SteamAPI_UnregisterCallback
SteamUtils
SteamAPI_RegisterCallback
SteamAPI_SetMiniDumpComment
SteamUser
SteamAPI_WriteMiniDump

binkw32

_BinkClose@4
_BinkGetSummary@8
_BinkShouldSkip@4
_BinkRegisterFrameBuffers@8
_BinkGetRects@8
_BinkRequestStopAsyncThread@4
_BinkWaitStopAsyncThread@4
_BinkStartAsyncThread@8
_BinkOpenXAudio2@4
_BinkSetSoundSystem@8
_BinkSetMemory@8
_BinkNextFrame@4
_BinkPause@8
_BinkSetVolume@12
_BinkGetTrackID@8
_BinkDoFrameAsyncWait@8
_BinkSetIOSize@4
_BinkControlBackgroundIO@8
_BinkDoFrameAsync@12
_BinkDoFrame@4
_BinkSetSoundTrack@8
_BinkOpen@8
_BinkSetSpeakerVolumes@20
_BinkGetFrameBuffersInfo@8
_BinkWait@4
_BinkGetRealtime@12

winmm

timeGetTime

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

kernel32

GetStringTypeW
GetStringTypeA
GetLocaleInfoA
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
CompareStringW
CompareStringA
IsValidCodePage
GetOEMCP
GetACP
GetFileType
SetHandleCount
VirtualFree
GetStdHandle
GetModuleHandleW
GetUserDefaultLCID
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoA
GetCommandLineA
HeapReAlloc
GetDriveTypeA
RtlUnwind
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
InterlockedDecrement
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
HeapCreate
ReadFileEx
InterlockedExchangeAdd
FreeLibrary
LoadLibraryA
GetExitCodeThread
InitializeCriticalSectionAndSpinCount
TlsSetValue
TlsFree
TlsAlloc
OpenEventA
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
GetCurrentProcessId
GetFullPathNameA
SetLastError
GetStartupInfoW
GetCommandLineW
GetEnvironmentStringsW
GetCurrentDirectoryW
GetConsoleWindow
FindResourceW
SizeofResource
LoadResource
LockResource
UnmapViewOfFile
ExitProcess
RemoveVectoredExceptionHandler
GetSystemDirectoryW
GetWindowsDirectoryW
VirtualQuery
AddVectoredExceptionHandler
DeleteFileA
SetUnhandledExceptionFilter
SetProcessAffinityMask
TlsGetValue
GetProcessHeap
HeapFree
GetFileInformationByHandle
CreateFileW
CloseHandle
lstrcmpiW
GetModuleHandleA
CreateFileA
GetSystemTime
WaitForSingleObject
GetCurrentProcess
GetTickCount
HeapAlloc
GetModuleFileNameA
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetCurrentThreadId
lstrlenW
InterlockedIncrement
FileTimeToSystemTime
GetLastError
InterlockedExchange
GetModuleHandleExA
GetFullPathNameW
GetComputerNameA
GetFileTime
GetProcAddress
InterlockedCompareExchange
GetProcessTimes
HeapSize
QueryPerformanceFrequency
QueryPerformanceCounter
SetCurrentDirectoryA
GlobalFree
GlobalUnlock
MultiByteToWideChar
GlobalLock
GlobalAlloc
GetCurrentDirectoryA
SystemTimeToFileTime
GetLocalTime
WideCharToMultiByte
GetEnvironmentVariableA
CompareFileTime
FindClose
FindNextFileA
FindFirstFileA
ResumeThread
SetThreadPriority
CreateThread
GetCurrentThread
GetThreadPriority
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
Sleep
TerminateThread
SuspendThread
InitializeCriticalSection
TryEnterCriticalSection
SetEvent
ResetEvent
WaitForMultipleObjects
CreateEventA
GetFileSize
FlushFileBuffers
CopyFileA
GetFileAttributesExA
GetFileAttributesA
ReadFile
WriteFile
WriteFileEx
CreateDirectoryA
SetFilePointer
OutputDebugStringA
GetModuleFileNameW
ReleaseSemaphore
CreateSemaphoreA
VirtualAlloc
GlobalMemoryStatusEx
GetSystemInfo
GetUserDefaultLangID
GetProcessAffinityMask
SetThreadAffinityMask

user32

GetKeyState
GetKeyboardState
ToUnicode
GetRawInputData
SetCursor
ScreenToClient
SystemParametersInfoA
SetWindowTextW
PeekMessageA
TranslateMessage
DispatchMessageA
PtInRect
LoadStringW
MessageBoxW
MessageBoxA
GetWindowRect
GetWindowInfo
GetClassInfoA
SetWindowLongA
SetWindowPos
LoadIconA
LoadCursorA
RegisterClassExA
ClipCursor
EnumDisplaySettingsA
SetFocus
GetSystemMetrics
LockSetForegroundWindow
RegisterRawInputDevices
GetClientRect
DefWindowProcA
GetCursorPos
DestroyWindow
UnregisterClassA
PostQuitMessage
PostMessageA
SetForegroundWindow
ShowWindow
CreateDialogIndirectParamA
CreateWindowExA
AdjustWindowRectEx
ClientToScreen

gdi32

GetStockObject

advapi32

SetSecurityDescriptorDacl
RegCloseKey
RegOpenKeyExW
RegOpenKeyA
GetUserNameA
RegQueryValueExW
InitializeSecurityDescriptor

shell32

SHGetSpecialFolderPathA

ole32

StringFromGUID2
CoInitializeEx
CoUninitialize
CoCreateInstance

wsock32

inet_addr
gethostbyname
ioctlsocket
__WSAFDIsSet
accept
send
listen
gethostname
WSAAsyncSelect

Sections

.text
Size: 8.2MB - Virtual size: 8.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 163KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 41B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.version
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 608KB - Virtual size: 643KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ba9e6e4ada314bc1fda9a08f387e020

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

d3d9

d3dx9_42

dsound

x3daudio1_6

xinput1_3

steam_api

binkw32

winmm

wtsapi32

kernel32

user32

gdi32

advapi32

shell32

ole32

wsock32

Sections

.text Size: 8.2MB - Virtual size: 8.2MB

.rdata Size: 2.6MB - Virtual size: 2.6MB

.data Size: 163KB - Virtual size: 1.2MB

.tls Size: 512B - Virtual size: 41B

.version Size: 512B - Virtual size: 4B

.rsrc Size: 223KB - Virtual size: 223KB

.reloc Size: 608KB - Virtual size: 643KB

.text
Size: 8.2MB - Virtual size: 8.2MB

.rdata
Size: 2.6MB - Virtual size: 2.6MB

.data
Size: 163KB - Virtual size: 1.2MB

.tls
Size: 512B - Virtual size: 41B

.version
Size: 512B - Virtual size: 4B

.rsrc
Size: 223KB - Virtual size: 223KB

.reloc
Size: 608KB - Virtual size: 643KB