9d30b256d93e35f7758382e5bc581174930f8f1b0a4a87708a13404b087fa28f

Sharing

Copy URL Twitter E-mail

General

Target

9d30b256d93e35f7758382e5bc581174930f8f1b0a4a87708a13404b087fa28f
Size

15.6MB
MD5

fe89bcc77263800adc027dd047c15ff7
SHA1

57526b2279ed87baf843952629a89416f309a0e9
SHA256

9d30b256d93e35f7758382e5bc581174930f8f1b0a4a87708a13404b087fa28f
SHA512

fd462460cf9d13f2c6efb8c9defada9578c8b98d0ea32efe688fb4bb90a374312e3822574f00ccd3ac2f05ffae708db575be56ce1eaa804b885a6c2d27119717
SSDEEP

393216:OxVwkPKPAFMh0lZA2kD33ZtlbKq5/QyQ0bTEVV/:OziIU0lxkDHZtblQ0bTEz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/5SPOTS2.EXE

Files

9d30b256d93e35f7758382e5bc581174930f8f1b0a4a87708a13404b087fa28f
.zip
5SPOTS2.EXE
.exe windows:4 windows x86 arch:x86

450961b2618f44b8617e48df035e5c9c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCPInfo
CreateFileA
SetStdHandle
IsBadCodePtr
IsBadReadPtr
CompareStringW
SetEndOfFile
GetStringTypeW
GetStringTypeA
FlushFileBuffers
RaiseException
SetFilePointer
GetFileType
GetStdHandle
SetHandleCount
GetACP
GetOEMCP
LoadLibraryA
CompareStringA
Sleep
SetUnhandledExceptionFilter
DeleteFileA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
WideCharToMultiByte
IsBadWritePtr
VirtualAlloc
GetUserDefaultLangID
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
MultiByteToWideChar
GetLastError
CreateThread
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateEventA
GetModuleHandleA
SetEvent
ResetEvent
WaitForSingleObject
CloseHandle
RtlUnwind
HeapAlloc
HeapFree
GetTimeZoneInformation
GetSystemTime
GetLocalTime
ExitProcess
TerminateProcess
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
GetStartupInfoA
GetCommandLineA
GetVersion
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
ResumeThread
TlsSetValue
ExitThread
HeapReAlloc
GetProcAddress
GetCurrentThreadId
TlsAlloc
SetLastError
TlsGetValue
HeapSize
ReadFile
WriteFile
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree

user32

LoadIconA
ShowWindow
SetCursor
DefWindowProcA
PostQuitMessage
DestroyWindow
WaitMessage
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
UpdateWindow
SetFocus
CreateWindowExA
GetSystemMetrics
RegisterClassA
LoadCursorA
MsgWaitForMultipleObjects

gdi32

GetStockObject

advapi32

RegQueryValueExA
RegCreateKeyExA
RegCloseKey

winmm

mmioOpenA
mmioRead
mmioClose
mmioAscend
mmioDescend
mmioSeek
timeGetTime

dinput

DirectInputCreateEx

dsound

ord1

ddraw

DirectDrawCreateEx
DirectDrawEnumerateExA

wininet

InternetSetFilePointer
HttpAddRequestHeadersA
InternetDial
InternetConnectA
InternetCloseHandle
InternetSetOptionA
InternetOpenA
HttpOpenRequestA
InternetReadFile
HttpSendRequestA

Sections

.text
Size: 288KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DATA/AD.DAT
DATA/GFX.DAT
DATA/SOUND.DAT
DATA/installation.dat
DATA/more_pics.dat
README.TXT
SAVE/AD.DAT
SAVE/classic_photo.dat
SAVE/hi_scores_classic.data
SAVE/hi_scores_leisure.data
SAVE/hi_scores_monkey.data
SAVE/hi_scores_puzzle.data
SAVE/leisure_photo.dat
SAVE/monkey_photo.dat
SAVE/puzzle_photo.dat
SAVE/setup.ini

Sharing

General

Malware Config

Signatures

Files

450961b2618f44b8617e48df035e5c9c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

winmm

dinput

dsound

ddraw

wininet

Sections

.text Size: 288KB - Virtual size: 286KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 72KB - Virtual size: 5.1MB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 288KB - Virtual size: 286KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 72KB - Virtual size: 5.1MB

.rsrc
Size: 4KB - Virtual size: 2KB