7cff022c10bf9c37d29d454a1c937e71a1e7fb2f18037007159b5bcd06bde3e8

Sharing

Copy URL

Twitter E-mail

General

Target

7cff022c10bf9c37d29d454a1c937e71a1e7fb2f18037007159b5bcd06bde3e8
Size

4.1MB
MD5

50ac55ddff692cf5651a887c50dc1fbf
SHA1

890b8e54c8d8364cc27e18392244f2bb4f78e7b5
SHA256

7cff022c10bf9c37d29d454a1c937e71a1e7fb2f18037007159b5bcd06bde3e8
SHA512

56a88f7b1705343b6634bbfc34a3d246642ff1af33d9e55c5bd75d5803fe2295942139875157943190961c2ec7d6d7440afaead6d63065c2c4e1a82bbd2a2e11
SSDEEP

98304:70dNg+qTaA6WLkfrCv2dDwDURyib/6+8M4:w3grTaA6WLkTCv2d8DUMiT6+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7cff022c10bf9c37d29d454a1c937e71a1e7fb2f18037007159b5bcd06bde3e8

Files

7cff022c10bf9c37d29d454a1c937e71a1e7fb2f18037007159b5bcd06bde3e8
.exe windows:4 windows x86 arch:x86

7663700f73bcc9284364f745f25dc525

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExA
CryptGetHashParam
CryptVerifySignatureA
RegEnumValueA
GetUserNameA
CryptImportKey
CryptEncrypt
RegCreateKeyA
RegDeleteValueA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyA
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDecrypt
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA

dinput8

DirectInput8Create

gdi32

CreateFontIndirectA
StretchDIBits
GetObjectA
GetDIBits
SetBkMode
GetDeviceCaps
CreateFontA
ExtTextOutA
CreateDIBSection
SetMapMode
SetTextColor
SetBkColor
SetTextAlign
GetTextExtentPoint32A
DeleteObject
DeleteDC
SelectObject
CreateCompatibleDC

imm32

ImmGetCompositionStringA
ImmGetContext
ImmGetDefaultIMEWnd
ImmGetImeMenuItemsA
ImmGetCandidateListA
ImmReleaseContext
ImmGetProperty
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetDescriptionA
ImmNotifyIME

kernel32

IsDebuggerPresent
UnhandledExceptionFilter
RtlUnwind
RaiseException
TlsFree
GetSystemTimeAsFileTime
HeapSize
GetTimeZoneInformation
GetCPInfo
GetOEMCP
HeapReAlloc
SetEnvironmentVariableA
SetCurrentDirectoryA
GetStartupInfoA
TlsSetValue
HeapDestroy
HeapCreate
TlsAlloc
SetHandleCount
GetFileType
TlsGetValue
SetLastError
IsValidCodePage
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
SetConsoleCtrlHandler
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
GetThreadLocale
MoveFileA
GetExitCodeProcess
PeekNamedPipe
GetStdHandle
CreatePipe
SetStdHandle
DuplicateHandle
GetFileInformationByHandle
LoadLibraryExA
OutputDebugStringA
GetTickCount
DeleteFileA
Sleep
SizeofResource
LoadResource
FindResourceA
InterlockedExchange
MultiByteToWideChar
WideCharToMultiByte
GetLastError
GetVersion
CloseHandle
GetFileSize
GetFileTime
CreateFileA
lstrlenW
CompareStringA
CompareStringW
lstrcmpiA
lstrcmpiW
lstrlenA
GetEnvironmentVariableA
GetEnvironmentVariableW
GetStringTypeExA
GetStringTypeExW
GetLocalTime
GetVersionExA
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
FreeLibrary
CreateSemaphoreA
ReleaseMutex
CreateMutexA
GetPrivateProfileIntA
GetProcAddress
LoadLibraryA
CreateProcessA
GetCommandLineA
InitializeCriticalSection
MulDiv
lstrcmpA
lstrcpyA
lstrcatA
lstrcpynA
GetFullPathNameA
QueryPerformanceCounter
QueryPerformanceFrequency
GetModuleFileNameA
GetFileAttributesA
GetSystemDirectoryA
FindClose
FindNextFileA
FindFirstFileA
GetModuleHandleA
MapViewOfFile
CreateFileMappingA
SetUnhandledExceptionFilter
FormatMessageA
VirtualQuery
IsBadStringPtrA
WriteFile
LocalFree
GetCurrentThread
GetCurrentProcess
SetFilePointer
ReadFile
IsDBCSLeadByte
GetACP
InterlockedIncrement
InterlockedDecrement
GetTempFileNameA
GetTempPathA
GetSystemInfo
IsProcessorFeaturePresent
GetProfileIntA
DebugBreak
FatalAppExitA
CreateFileW
UnmapViewOfFile
LockResource
FindResourceW
VirtualFree
VirtualAlloc
HeapAlloc
GetProcessHeap
HeapFree
TerminateProcess
SetEvent
DeleteCriticalSection
SetEndOfFile
ResumeThread
ResetEvent
SetThreadPriority
GetDriveTypeA
WaitForMultipleObjects
CreateEventA
OpenEventA
CopyFileA
MoveFileExA
CreateDirectoryA
GetCurrentThreadId
GetCurrentProcessId
OpenMutexA
CreateThread
TerminateThread
GetComputerNameA
ExitProcess
IsBadReadPtr
GetModuleFileNameW
VirtualProtect
OpenFileMappingA
GetCurrentDirectoryA

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

shell32

ShellExecuteA

user32

wsprintfA
PtInRect
PostQuitMessage
SendMessageA
SetRect
MessageBoxA
PostMessageA
SetTimer
CharLowerA
CharLowerW
CharUpperA
CharUpperW
CopyRect
KillTimer
CallNextHookEx
GetAsyncKeyState
ChangeDisplaySettingsA
MoveWindow
EnumDisplaySettingsA
UpdateWindow
ShowWindow
CreateWindowExA
DestroyWindow
DefWindowProcA
GetFocus
RegisterClassExA
LoadCursorA
LoadIconA
UnhookWindowsHookEx
DispatchMessageA
TranslateMessage
PeekMessageA
LoadAcceleratorsA
SetWindowsHookExA
SystemParametersInfoA
LoadStringA
GetDC
GetClientRect
GetWindowRect
GetWindowLongA
SetWindowPos
GetDlgItem
EnableWindow
IsDlgButtonChecked
CheckRadioButton
EndDialog
DialogBoxParamA
ScreenToClient
GetCursorPos
ReleaseDC
GetIconInfo
IsRectEmpty
HideCaret
GetKeyboardState
GetKeyboardLayout
IntersectRect
ToAscii
MapVirtualKeyA
ToAsciiEx
MapVirtualKeyExA
SetCaretPos
GetKeyboardLayoutNameA
FindWindowA
DrawTextA
DrawTextW

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

winmm

timeKillEvent
timeSetEvent
timeGetTime

ws2_32

htons
sendto
WSASend

wsock32

WSAGetLastError
recv
socket
select
inet_addr
connect
setsockopt
ioctlsocket
closesocket
send
gethostname
gethostbyname
WSACleanup
WSAStartup
__WSAFDIsSet
inet_ntoa

d3d9

Direct3DCreate9

dbghelp

SymInitialize
SymCleanup
SymGetModuleBase
SymFunctionTableAccess
StackWalk
SymFromAddr
SymGetLineFromAddr
SymSetContext
SymEnumSymbols
SymGetTypeInfo
SymSetOptions

mss32

_AIL_file_size@4
_AIL_file_read@8
_AIL_stop_timer@4
_AIL_start_timer@4
_AIL_set_timer_period@8
_AIL_set_timer_user@8
_AIL_start_sample@4
_AIL_shutdown@0
_AIL_waveOutClose@4
_AIL_close_3D_provider@4
_AIL_close_digital_driver@4
_AIL_service_stream@8
_AIL_close_3D_listener@4
_AIL_set_named_sample_file@20
_AIL_init_sample@4
_AIL_allocate_sample_handle@4
_AIL_release_sample_handle@4
_AIL_stop_sample@4
_AIL_close_stream@4
_AIL_pause_stream@8
_AIL_set_stream_volume_levels@12
_AIL_stream_volume_levels@12
_AIL_set_redist_directory@4
_AIL_set_stream_playback_rate@8
_AIL_release_timer_handle@4
_AIL_release_all_timers@0
_AIL_open_digital_driver@16
_AIL_file_type@8
_AIL_decompress_ASI@24
_AIL_WAV_info@8
_AIL_decompress_ADPCM@12
_AIL_release_3D_sample_handle@4
_AIL_mem_free_lock@4
_AIL_stop_3D_sample@4
_AIL_set_3D_position@16
_AIL_set_3D_orientation@28
_AIL_set_3D_velocity@20
_AIL_set_3D_sample_distances@12
_AIL_set_3D_sample_cone@16
_AIL_set_3D_sample_effects_level@8
_AIL_start_3D_sample@4
_AIL_set_sample_volume_levels@12
_AIL_set_3D_sample_volume@8
_AIL_open_3D_provider@4
_AIL_last_error@0
_AIL_set_3D_rolloff_factor@8
_AIL_set_3D_doppler_factor@8
_AIL_set_3D_speaker_type@8
_AIL_set_3D_room_type@8
_AIL_enumerate_3D_providers@12
_AIL_start_stream@4
_AIL_set_stream_loop_count@8
_AIL_open_stream@12
_AIL_register_timer@4
_AIL_register_3D_EOS_callback@8
_AIL_set_3D_sample_file@8
_AIL_allocate_3D_sample_handle@4
_AIL_set_3D_sample_loop_count@8
_AIL_set_3D_distance_factor@8
_AIL_open_3D_listener@4
_AIL_quick_handles@12
_AIL_quick_startup@20
_AIL_startup@0
_AIL_stream_playback_rate@4

ole32

CoInitialize
CoCreateInstance
CoUninitialize

zlib1

get_crc_table
inflateInit2_
inflate
crc32
inflateEnd

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 439KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 188KB - Virtual size: 10.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zero
Size: - Virtual size: 6.1MB

.as_0001
Size: 114KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zero
Size: - Virtual size: 1.4MB

.as_0002
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.h4_0001
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.h4_0002
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7663700f73bcc9284364f745f25dc525

Headers

File Characteristics

Imports

advapi32

dinput8

gdi32

imm32

kernel32

oleaut32

shell32

user32

version

winmm

ws2_32

wsock32

d3d9

dbghelp

mss32

ole32

zlib1

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.data Size: 439KB - Virtual size: 440KB

Size: 188KB - Virtual size: 10.2MB

.rsrc Size: 9KB - Virtual size: 12KB

Size: - Virtual size: 192KB

.idata Size: 10KB - Virtual size: 12KB

.zero Size: - Virtual size: 6.1MB

.as_0001 Size: 114KB - Virtual size: 120KB

.zero Size: - Virtual size: 1.4MB

.as_0002 Size: 48KB - Virtual size: 48KB

.h4_0001 Size: 4KB - Virtual size: 4KB

.h4_0002 Size: 4KB - Virtual size: 4KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 3.2MB - Virtual size: 3.2MB

.data
Size: 439KB - Virtual size: 440KB

.rsrc
Size: 9KB - Virtual size: 12KB

.idata
Size: 10KB - Virtual size: 12KB

.zero
Size: - Virtual size: 6.1MB

.as_0001
Size: 114KB - Virtual size: 120KB

.zero
Size: - Virtual size: 1.4MB

.as_0002
Size: 48KB - Virtual size: 48KB

.h4_0001
Size: 4KB - Virtual size: 4KB

.h4_0002
Size: 4KB - Virtual size: 4KB

.rmnet
Size: 56KB - Virtual size: 60KB