f1d097cc9d0496a1bc6b583e41f7058ff0222597e8d0be91e7b6ba20578bbba7

Sharing

Copy URL Twitter E-mail

General

Target

f1d097cc9d0496a1bc6b583e41f7058ff0222597e8d0be91e7b6ba20578bbba7
Size

5.1MB
MD5

8f60d93d4ac72f89c97857d361036ee5
SHA1

3bc84df59e4bc32d74f46c585937125b163bf694
SHA256

f1d097cc9d0496a1bc6b583e41f7058ff0222597e8d0be91e7b6ba20578bbba7
SHA512

df274a242f20147796522f9cc6ad48354e91a176a3b167b3bc7080e4cbc3cb5147edb55f2e22b9a352687480332a359c366c911df6a21c76d4997258241dd5cb
SSDEEP

98304:ID1gRUy7uCH/+N2kWcQqacMO+AWuUuXdR9:pRUy7Lc/MxAR/d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f1d097cc9d0496a1bc6b583e41f7058ff0222597e8d0be91e7b6ba20578bbba7

Files

f1d097cc9d0496a1bc6b583e41f7058ff0222597e8d0be91e7b6ba20578bbba7
.exe windows:5 windows x86 arch:x86

c7f5f40f1af383fffbfa38d4ff2704fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\SOURCESVN\winclient\winclient_core\engine\Compiled\Release\casino.pdb

Imports

ws2_32

listen
connect
getnameinfo
freeaddrinfo
getaddrinfo
accept
setsockopt
WSAIoctl
WSAStartup
getsockname
ioctlsocket
WSASetLastError
send
shutdown
__WSAFDIsSet
bind
gethostbyname
select
ntohl
getpeername
inet_addr
socket
ntohs
recv
getsockopt
htonl
htons
WSAGetLastError
WSARecv
WSASend
WSASocketW
WSACloseEvent
WSACreateEvent
closesocket
WSACleanup

wininet

InternetOpenA
InternetAttemptConnect
InternetReadFile
HttpSendRequestA
InternetConnectA
InternetSetOptionA
HttpQueryInfoA
HttpOpenRequestA
InternetCloseHandle
InternetCrackUrlA
InternetQueryOptionA

shlwapi

SHDeleteKeyW

crypt32

CertDuplicateCertificateContext
CertFreeCertificateContext
CertEnumCertificatesInStore
CertOpenStore
CertOpenSystemStoreW
CertGetCertificateContextProperty
CertFindCertificateInStore
CertOpenSystemStoreA
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertCloseStore

winhttp

WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpOpen

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

SignalObjectAndWait
SwitchToThread
CreateTimerQueue
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
InterlockedIncrement
InterlockedDecrement
Sleep
GetTempPathW
GetCurrentProcessId
DeleteFileW
GetCurrentThreadId
CreateDirectoryW
GetProcAddress
GetModuleHandleA
GetVersionExW
WaitForSingleObject
CloseHandle
GetTickCount
GetSystemInfo
CreateMutexW
GetLastError
LoadLibraryW
FreeLibrary
GetFullPathNameW
GetLocaleInfoW
MultiByteToWideChar
WideCharToMultiByte
SetLastError
CreateThread
SetThreadPriority
GetFileAttributesW
FindFirstFileW
FindClose
GetModuleFileNameW
GetTempFileNameW
CreateFileW
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetCurrentProcess
OutputDebugStringW
FindNextFileW
LocalFree
OpenProcess
TerminateProcess
CreateProcessW
GetCommandLineW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Thread32First
Thread32Next
FindResourceW
SizeofResource
DeleteTimerQueueTimer
LockResource
GetModuleHandleExW
InterlockedExchange
InterlockedExchangeAdd
PostQueuedCompletionStatus
FormatMessageA
FormatMessageW
TlsAlloc
TlsFree
SetEvent
ResetEvent
CreateEventW
InitializeCriticalSectionAndSpinCount
TlsGetValue
TlsSetValue
SwitchToFiber
DeleteFiber
CreateFiber
GetStdHandle
GetEnvironmentVariableW
GetFileType
WriteFile
GetSystemTime
SystemTimeToFileTime
QueryPerformanceCounter
GetSystemTimeAsFileTime
ReleaseMutex
RemoveDirectoryW
GetCurrentDirectoryW
MoveFileW
CompareFileTime
MapViewOfFile
UnmapViewOfFile
OpenEventW
CreateFileMappingW
OpenFileMappingW
GlobalHandle
ConvertFiberToThread
ConvertThreadToFiber
ReadFile
SetFilePointer
SetEndOfFile
GetFileSize
InterlockedCompareExchange
LoadLibraryA
VirtualFree
VirtualAlloc
VerSetConditionMask
TerminateThread
CreateIoCompletionPort
GetQueuedCompletionStatus
QueueUserAPC
WaitForMultipleObjects
SleepEx
CreateWaitableTimerW
SetWaitableTimer
VerifyVersionInfoW
GetConsoleMode
ReadConsoleA
ReadConsoleW
SetConsoleMode
GetSystemDirectoryA
QueryPerformanceFrequency
ReleaseSemaphore
CreateSemaphoreW
MoveFileExA
GetEnvironmentVariableA
GetExitCodeThread
WaitForSingleObjectEx
DuplicateHandle
GetThreadPriority
GetCurrentThread
DecodePointer
RaiseException
CompareStringW
GetNumaHighestNodeNumber
GetProcessAffinityMask
LCMapStringW
GetStringTypeW
GetCPInfo
InitializeSListHead
UnhandledExceptionFilter
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
VirtualProtect
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind
GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
HeapSize
SetFilePointerEx
GetConsoleCP
TryEnterCriticalSection
ExitThread
ExitProcess
SetConsoleCtrlHandler
HeapAlloc
HeapFree
HeapReAlloc
GetACP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
GetProcessHeap
WriteConsoleW
FlushFileBuffers
GetTimeZoneInformation
GetFileAttributesExW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
LoadResource
EncodePointer

user32

CloseClipboard
GetClipboardData
GetProcessWindowStation
GetUserObjectInformationW
CharLowerW
CharUpperW
GetWindowTextLengthW
GetKeyState
CallWindowProcW
SendMessageW
UpdateLayeredWindow
SetWindowPos
PeekMessageW
BringWindowToTop
SetWindowRgn
EndPaint
BeginPaint
KillTimer
ShowWindowAsync
SetCapture
ReleaseCapture
PostQuitMessage
ChangeDisplaySettingsW
SetTimer
ExitWindowsEx
ShowCursor
DispatchMessageW
TranslateMessage
GetMessageW
FindWindowW
MessageBoxW
EnumDisplaySettingsW
RegisterClassExW
DefWindowProcW
EnableWindow
IsWindowEnabled
SetClipboardData
ClientToScreen
GetClientRect
CreateWindowExW
DestroyWindow
ShowWindow
SetWindowLongW
SetForegroundWindow
GetSystemMetrics
IsWindow
GetMonitorInfoW
MonitorFromWindow
GetKeyboardLayout
WindowFromPoint
GetCursorPos
SetCursorPos
InvalidateRect
GetParent
GetClassNameW
GetWindowThreadProcessId
SetFocus
SetActiveWindow
GetWindowRect
GetActiveWindow
GetWindowLongW
GetWindow
GetTopWindow
EmptyClipboard
OpenClipboard
SetLayeredWindowAttributes
FlashWindow
AttachThreadInput
SystemParametersInfoW
GetUpdateRect
RedrawWindow
SetWindowPlacement
AdjustWindowRectEx
GetWindowPlacement
PostMessageW
GetForegroundWindow
DialogBoxIndirectParamA
EndDialog
SendMessageA
GetDlgItem
SetWindowTextW
IsWindowVisible
SetCursor
SetClassLongW
SetParent
GetMonitorInfoA
LoadImageW
DestroyCursor
DrawTextExW
ReleaseDC
GetDC
MonitorFromRect
ScreenToClient
GetWindowTextW

gdi32

ExtCreateRegion
CreateSolidBrush
SetBkColor
SetViewportOrgEx
CreateCompatibleBitmap
CreatePalette
GetDIBColorTable
BitBlt
CombineRgn
GetPixel
GetObjectW
RealizePalette
SelectPalette
EnumFontFamiliesExA
CreateFontIndirectW
SetBkMode
GetClipRgn
CreateRectRgn
GetStockObject
SetTextColor
ExtSelectClipRgn
CreateRectRgnIndirect
SelectObject
CreateDIBSection
DeleteDC
DeleteObject
CreateCompatibleDC

advapi32

RegEnumKeyExW
RegisterEventSourceW
DeregisterEventSource
RegSetValueExW
RegEnumValueW
RegQueryValueExW
CryptAcquireContextA
CryptEnumProvidersW
RegCloseKey
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW
GetUserNameW
CryptAcquireContextW
ReportEventW
CryptReleaseContext
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptGenRandom

shell32

Shell_NotifyIconW
ShellExecuteW
SHFileOperationW

oleaut32

VariantClear
SysFreeString
SysAllocString
VariantCopy

winmm

timeGetTime
timeBeginPeriod
timeGetDevCaps
timeEndPeriod

comctl32

_TrackMouseEvent

wsock32

ord1142
ord1141

msimg32

AlphaBlend

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 847KB - Virtual size: 846KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c7f5f40f1af383fffbfa38d4ff2704fe

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

wininet

shlwapi

crypt32

winhttp

version

kernel32

user32

gdi32

advapi32

shell32

oleaut32

winmm

comctl32

wsock32

msimg32

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.rdata Size: 847KB - Virtual size: 846KB

.data Size: 60KB - Virtual size: 203KB

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 2KB - Virtual size: 1KB

.rsrc Size: 244KB - Virtual size: 243KB

.reloc Size: 173KB - Virtual size: 173KB

.text
Size: 3.8MB - Virtual size: 3.8MB

.rdata
Size: 847KB - Virtual size: 846KB

.data
Size: 60KB - Virtual size: 203KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 244KB - Virtual size: 243KB

.reloc
Size: 173KB - Virtual size: 173KB