9c8cd8e2136cbc59d3a9448757e8fd8a8430edd6a9b40a286d704c2bbc1415d9

Sharing

Copy URL Twitter E-mail

General

Target

9c8cd8e2136cbc59d3a9448757e8fd8a8430edd6a9b40a286d704c2bbc1415d9
Size

7.1MB
MD5

533508c23c50ba94ac6df8fff2ce39e6
SHA1

9b07ed544abd7f48a9a3e210dabfd61dee229713
SHA256

9c8cd8e2136cbc59d3a9448757e8fd8a8430edd6a9b40a286d704c2bbc1415d9
SHA512

b1c1704454461c7eb5de2effdab0f8df55147d09e3e4fe71645a9a6c0356965dfbc0e489ce71083ea2d60129d28646fed2202983d7306f97d524f7f199d5a338
SSDEEP

98304:S6IgaOWehGmRrDWwhzzbDiSq+Pi1HM1RVPS00qHmMwJMeROFsda:FIqWeNWw9/D+9HMPTwJda

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9c8cd8e2136cbc59d3a9448757e8fd8a8430edd6a9b40a286d704c2bbc1415d9

Files

9c8cd8e2136cbc59d3a9448757e8fd8a8430edd6a9b40a286d704c2bbc1415d9
.exe windows:6 windows x86 arch:x86

9e6b601882eae3fd894fcabfb51f843a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\_Project Heyra\Sursa Bin 2023\Bin\bin\zenon-starter_Release.pdb

Imports

kernel32

SetFilePointer
ReadFile
OutputDebugStringA
WinExec
GetModuleHandleA
GetCurrentThread
SetUnhandledExceptionFilter
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetFileSize
GlobalAlloc
RemoveDirectoryA
GlobalFree
GetModuleFileNameA
DeleteFileA
GetPrivateProfileStringA
lstrlenA
GetCurrentDirectoryA
MoveFileA
CreateDirectoryA
GetFileAttributesA
GetLocalTime
FindClose
FindNextFileA
FindFirstFileA
SetFileAttributesA
CreateEventA
WriteConsoleW
HeapSize
PeekConsoleInputA
ReadConsoleInputW
GetNumberOfConsoleInputEvents
SetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
HeapReAlloc
WriteFile
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
SetEvent
Sleep
GetLastError
ReadProcessMemory
GetCurrentProcess
Module32Next
Module32First
GetCurrentProcessId
GetTickCount
GetCurrentDirectoryW
MultiByteToWideChar
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
GetProcAddress
ExitProcess
IsProcessorFeaturePresent
GetSystemInfo
GetSystemFirmwareTable
HeapFree
GetProcessHeap
CompareStringW
GetTimeFormatW
GetDateFormatW
ReadConsoleW
GetConsoleMode
GetTimeZoneInformation
UnlockFileEx
LockFileEx
HeapCompact
CreateProcessW
VirtualQuery
VirtualProtect
VirtualAlloc
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SetStdHandle
GetDriveTypeW
FreeLibraryAndExitThread
GetVersionExA
FreeLibrary
GetSystemDirectoryA
LoadLibraryA
GlobalUnlock
GlobalLock
lstrlenW
WideCharToMultiByte
QueryPerformanceCounter
ReleaseSemaphore
GetLocaleInfoA
EnumSystemLocalesW
CompareStringA
ExitThread
GetModuleHandleExW
LoadLibraryExW
InterlockedPushEntrySList
RaiseException
RtlUnwind
GetFileSizeEx
VerifyVersionInfoA
VerSetConditionMask
FormatMessageW
WaitForMultipleObjects
MoveFileExA
SleepEx
SetFilePointerEx
FlushFileBuffers
GetExitCodeThread
CreateThread
SwitchToThread
FlushViewOfFile
GetStdHandle
ExpandEnvironmentStringsW
SetConsoleCtrlHandler
GetACP
GetExitCodeProcess
GenerateConsoleCtrlEvent
GetProcessTimes
MoveFileW
GetSystemTime
GetFileType
CreateProcessA
SystemTimeToFileTime
SetEnvironmentVariableA
SetCurrentDirectoryW
DeleteFileW
GetFileAttributesExW
SetFileAttributesW
SetCurrentDirectoryA
GetVersion
DuplicateHandle
GetFileAttributesW
GetEnvironmentVariableA
CreatePipe
SetEnvironmentVariableW
SetFileTime
RemoveDirectoryW
FindNextFileW
GetFullPathNameW
GetFileAttributesExA
FindFirstFileW
CreateDirectoryW
SetErrorMode
LoadLibraryExA
TlsFree
TlsGetValue
TlsAlloc
SetLastError
TlsSetValue
SetEndOfFile
GetFullPathNameA
HeapAlloc
CloseHandle
IsDBCSLeadByte
OutputDebugStringW
GetConsoleCP
GetConsoleOutputCP
GetFileInformationByHandle
WaitNamedPipeW
PeekNamedPipe
GetModuleFileNameW
InitializeSListHead
GetStartupInfoW
UnhandledExceptionFilter
IsDebuggerPresent
CreateEventW
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
DeviceIoControl
CreateFileA
CreateFileW
HeapValidate
GetCPInfo
GetStringTypeW
GetModuleHandleW
FormatMessageA
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetCurrentThreadId
QueryPerformanceFrequency
EncodePointer
DecodePointer
LocalFree
InitializeCriticalSectionEx
LCMapStringEx
GetTempPathW
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
GetSystemTimeAsFileTime

user32

ReleaseCapture
ChangeDisplaySettingsA
GetCapture
GetSystemMetrics
LoadStringA
RegisterClassA
GetMenu
CharPrevA
AdjustWindowRectEx
GetWindowLongA
SetWindowLongA
LoadCursorA
GetMessageA
TranslateMessage
DispatchMessageA
GetKeyboardLayoutNameA
GetKeyboardLayout
OpenClipboard
CloseClipboard
ShowCursor
SetCapture
CharNextExA
CharPrevExA
MonitorFromPoint
GetMonitorInfoA
DestroyCursor
LoadImageA
SetCursorPos
RegisterClassExA
CreateWindowExA
GetClientRect
ShowWindow
UpdateWindow
SetFocus
MoveWindow
IsWindow
DestroyWindow
UnregisterClassA
MessageBoxA
InvalidateRect
GetDC
FillRect
ReleaseDC
SystemParametersInfoA
SetWindowPos
LoadIconA
FindWindowA
ScreenToClient
GetKeyState
CharNextW
SetCursor
GetCursorPos
PostQuitMessage
FlashWindowEx
GetAsyncKeyState
SetRect
OffsetRect
ClientToScreen
PeekMessageA
DefWindowProcA
GetClipboardData

gdi32

StretchBlt
GetStockObject
EnumFontFamiliesExA
CreateCompatibleDC
DeleteDC
SelectObject
SetBkColor
SetBkMode
DeleteObject
SetTextColor
CreateDIBSection
TextOutA
CreateFontIndirectA
GetCharABCWidthsFloatW
GetTextExtentPoint32W
TextOutW
GetDeviceCaps
GetPixel
CreateSolidBrush
GetTextExtentPoint32A

advapi32

RegConnectRegistryA
RegSetValueA
RegDeleteKeyA
RegCreateKeyExA
RegFlushKey
RegQueryValueExA
RegOpenKeyExA
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueA
RegSetValueExA
RegLoadKeyA
RegQueryInfoKeyA
RegEnumValueA
RegDeleteValueA
RegSaveKeyA
RegEnumKeyExA
CryptReleaseContext
RegSetValueExW
RegCreateKeyExW
RegOpenKeyA
CryptAcquireContextA
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
RegCreateKeyA

shell32

ShellExecuteW
SHGetSpecialFolderPathA
SetCurrentProcessExplicitAppUserModelID
ShellExecuteA

ole32

CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantClear
SysFreeString

winmm

timeBeginPeriod
timeGetTime
timeEndPeriod
timeGetDevCaps

d3d8

Direct3DCreate8

iphlpapi

GetAdaptersInfo
GetPerAdapterInfo

imm32

ImmGetOpenStatus
ImmSetConversionStatus
ImmGetConversionStatus
ImmGetCandidateListW
ImmSetCompositionStringW
ImmGetCompositionStringW
ImmAssociateContext
ImmReleaseContext
ImmGetContext
ImmIsIME
ImmGetIMEFileNameA
ImmNotifyIME

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

imagehlp

StackWalk
EnumerateLoadedModules
GetTimestampForLoadedLibrary

mss32

_AIL_shutdown@0
_AIL_startup@0
_AIL_set_3D_orientation@28
_AIL_set_3D_velocity@20
_AIL_set_3D_position@16
_AIL_close_3D_listener@4
_AIL_open_3D_listener@4
_AIL_close_3D_provider@4
_AIL_open_3D_provider@4
_AIL_enumerate_3D_providers@12
_AIL_close_digital_driver@4
_AIL_open_stream@12
_AIL_open_digital_driver@16
_AIL_file_type@8
_AIL_decompress_ADPCM@12
_AIL_decompress_ASI@24
_AIL_WAV_info@8
_AIL_set_file_callbacks@16
_AIL_set_redist_directory@4
_AIL_close_stream@4
_AIL_start_stream@4
_AIL_pause_stream@8
_AIL_set_stream_volume_levels@12
_AIL_stream_volume_levels@12
_AIL_set_stream_loop_count@8
_AIL_stream_status@4
_AIL_last_error@0
_AIL_allocate_sample_handle@4
_AIL_release_sample_handle@4
_AIL_init_sample@4
_AIL_set_sample_file@12
_AIL_start_sample@4
_AIL_stop_sample@4
_AIL_resume_sample@4
_AIL_end_sample@4
_AIL_set_sample_volume_pan@12
_AIL_set_sample_loop_count@8
_AIL_sample_status@4
_AIL_sample_volume_pan@12
_AIL_allocate_3D_sample_handle@4
_AIL_release_3D_sample_handle@4
_AIL_start_3D_sample@4
_AIL_stop_3D_sample@4
_AIL_resume_3D_sample@4
_AIL_end_3D_sample@4
_AIL_set_3D_sample_file@8
_AIL_set_3D_sample_volume@8
_AIL_set_3D_sample_loop_count@8
_AIL_3D_sample_status@4
_AIL_3D_sample_volume@4
_AIL_auto_update_3D_position@8
_AIL_mem_free_lock@4
_AIL_file_read@8

dinput8

DirectInput8Create

ws2_32

recvfrom
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
freeaddrinfo
getaddrinfo
listen
__WSAFDIsSet
closesocket
connect
ioctlsocket
recv
select
send
socket
WSAGetLastError
WSAStartup
WSACleanup
htonl
htons
inet_addr
ntohl
ntohs
gethostbyname
gethostname
sendto
accept
WSASetLastError
getsockopt
getsockname
getpeername
bind
setsockopt
WSAIoctl

ddraw

DirectDrawCreate

winhttp

WinHttpSendRequest
WinHttpReceiveResponse
WinHttpCloseHandle
WinHttpConnect
WinHttpOpenRequest
WinHttpOpen

shlwapi

PathIsRelativeA

libcef

cef_string_utf8_clear
cef_string_utf16_cmp
cef_string_utf16_to_utf8
cef_string_utf16_clear
cef_string_utf8_to_utf16
cef_command_line_get_global
cef_string_utf16_set
cef_string_userfree_utf16_free
cef_string_list_alloc
cef_string_list_free
cef_register_extension
cef_execute_process
cef_initialize
cef_shutdown
cef_run_message_loop
cef_api_hash
cef_log
cef_v8context_get_current_context
cef_string_map_alloc
cef_string_map_free
cef_string_multimap_alloc
cef_browser_host_create_browser
cef_string_list_size
cef_string_list_value
cef_string_list_append
cef_string_map_size
cef_string_map_key
cef_string_map_value
cef_string_map_append
cef_string_multimap_size
cef_string_multimap_key
cef_string_multimap_value
cef_string_multimap_append
cef_string_multimap_free

crypt32

CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CertCloseStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertGetCertificateChain
CertOpenStore

wldap32

ord200
ord30
ord79
ord301
ord33
ord32
ord27
ord26
ord143
ord217
ord46
ord35
ord211
ord60
ord45
ord50
ord41
ord22

normaliz

IdnToAscii

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 484KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 269KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e6b601882eae3fd894fcabfb51f843a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

winmm

d3d8

iphlpapi

imm32

version

imagehlp

mss32

dinput8

ws2_32

ddraw

winhttp

shlwapi

libcef

crypt32

wldap32

normaliz

Exports

Exports

Sections

.text Size: 4.8MB - Virtual size: 4.8MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 484KB - Virtual size: 1.7MB

.data1 Size: 2KB - Virtual size: 2KB

.rsrc Size: 159KB - Virtual size: 158KB

.reloc Size: 269KB - Virtual size: 268KB

.text
Size: 4.8MB - Virtual size: 4.8MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 484KB - Virtual size: 1.7MB

.data1
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 159KB - Virtual size: 158KB

.reloc
Size: 269KB - Virtual size: 268KB