TmForever[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

TmForever.exe
Size

10.2MB
MD5

ff5f02f4b3247ffb5eded19901ee59c5
SHA1

5063ff86138db2976a799a2d2f43084561c7bfc2
SHA256

5e287e79a07cccc9f58989120fda2668d5da1086321033f162492af7c2671672
SHA512

c8d6c775f3f788244496049224ffaadc71314f16246ff502c9ab4875f6693b78edc2b1b2c86fd495f00fffe6b1f1ddb795ad699329ee98d5b92b055ed05af9a8
SSDEEP

196608:eKaqYxwqJLaDfBzTYZguU505/TaZs0A4Wijo:yJxBJLMTYZguye6uIo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
TmForever.exe

Files

TmForever.exe
.exe windows:4 windows x86 arch:x86

74616ad365977bc098004cde6bb0f316

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoW
VirtualAlloc
HeapReAlloc
FreeLibrary
InterlockedExchange
InitializeCriticalSection
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
ReadFile
GetTimeZoneInformation
SetFilePointer
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateFileA
LoadLibraryA
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ExitProcess
HeapSize
Sleep
RaiseException
GetModuleFileNameA
GetStdHandle
WriteFile
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GlobalMemoryStatus
InitializeCriticalSectionAndSpinCount
CreateEventA
ResetEvent
DeleteFileA
SetFileAttributesA
SetEvent
WaitForSingleObject
Process32First
CreateToolhelp32Snapshot
Process32Next
GetCurrentProcess
TerminateProcess
QueryPerformanceFrequency
OutputDebugStringA
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
OpenFileMappingA
SuspendThread
GetLocaleInfoA
GetModuleHandleW
CreateMutexA
AllocConsole
GetVersion
ReadConsoleW
FreeConsole
MoveFileW
MoveFileExW
RemoveDirectoryW
CopyFileW
CreateDirectoryW
GetTempFileNameW
GetModuleFileNameW
GetSystemInfo
GetThreadPriority
GetPriorityClass
SetPriorityClass
SetThreadPriority
SetThreadAffinityMask
LoadLibraryW
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
SetFileTime
GetFileTime
LocalFree
GetFileAttributesW
FindFirstFileW
CreateFileW
CreateFileMappingW
GetShortPathNameW
GlobalAlloc
GlobalMemoryStatusEx
GetDriveTypeW
GetVolumeInformationW
GetPrivateProfileStringA
GetCommandLineW
ReadFileEx
WriteFileEx
GlobalLock
GlobalUnlock
GetCurrentDirectoryW
CompareFileTime
FindNextFileW
FindClose
lstrcmpW
GetCurrentThread
InterlockedDecrement
GetLastError
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetProcessHeap
HeapAlloc
GetVersionExA
HeapFree
GetCommandLineA
RtlUnwind
CreateThread
WaitForSingleObjectEx
TerminateThread
CloseHandle
GetFileSize
SetEndOfFile
CancelIo
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetLocalTime
GetSystemTime
SleepEx
GetSystemDefaultLangID
GetDiskFreeSpaceExW
SetFileAttributesW
GetExitCodeThread
DeleteFileW
UnmapViewOfFile
MapViewOfFile
ResumeThread
MultiByteToWideChar

user32

SendMessageW
SetWindowPos
GetWindowRect
GetSystemMetrics
EndDialog
KillTimer
EnableWindow
GetDlgItem
DialogBoxParamW
MessageBoxW
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
GetMessageA
MsgWaitForMultipleObjects
PeekMessageA
PostThreadMessageA
SetWindowLongW
GetCursor
GetIconInfo
GetDC
ReleaseDC
SetTimer
SetRect
CharUpperW
SetCursorPos
FindWindowExW
BringWindowToTop
SetForegroundWindow
LoadIconW
LoadImageW
LoadCursorW
RegisterClassExW
CreateWindowExW
UpdateWindow
LoadAcceleratorsW
PeekMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
GetAsyncKeyState
IsIconic
ShowCursor
MessageBoxA
CloseClipboard
GetClipboardData
OpenClipboard
GetWindowLongW
SetWindowTextW
SetClipboardData
EmptyClipboard
ShowWindow
UnregisterClassW
PostQuitMessage
GetClientRect
DefWindowProcW
GetFocus
SetFocus
ClientToScreen
IsClipboardFormatAvailable

d3d9

Direct3DCreate9
D3DPERF_SetOptions

d3dx9_30

D3DXGetShaderInputSemantics
D3DXGetShaderConstantTable
D3DXOptimizeFaces
D3DXOptimizeVertices
D3DXCompileShader
D3DXCheckVersion
D3DXGetShaderSamplers
D3DXGetShaderOutputSemantics
D3DXLoadSurfaceFromFileInMemory
D3DXLoadSurfaceFromSurface
D3DXPlaneTransform
D3DXMatrixTranspose
D3DXMatrixInverse
D3DXGetDriverLevel
D3DXGetPixelShaderProfile
D3DXGetVertexShaderProfile
D3DXMatrixTranslation
D3DXSaveSurfaceToFileInMemory
D3DXSaveTextureToFileInMemory
D3DXSaveSurfaceToFileW
D3DXFilterTexture
D3DXCreateTextureFromFileInMemoryEx
D3DXAssembleShader
D3DXCreateTextureFromFileExW
D3DXSaveTextureToFileW
D3DXGetImageInfoFromFileW
D3DXLoadSurfaceFromMemory
D3DXGetImageInfoFromFileInMemory

dinput8

DirectInput8Create

wininet

InternetConnectA
InternetSetStatusCallback
InternetOpenA
InternetCloseHandle
HttpQueryInfoA
InternetSetOptionA
InternetQueryOptionA
HttpOpenRequestA
InternetReadFile
InternetAttemptConnect
HttpSendRequestA
InternetCheckConnectionA

shfolder

SHGetFolderPathW

rpcrt4

UuidCreate
RpcStringFreeA
UuidToStringA

winmm

timeGetTime
timeEndPeriod
timeGetDevCaps
timeBeginPeriod
mmioSeek
mmioOpenW
mmioDescend
mmioRead
mmioAscend
mmioClose

ws2_32

recvfrom
accept
connect
getsockopt
__WSAFDIsSet
WSARecv
inet_addr
send
recv
select
WSACancelBlockingCall
WSAGetLastError
WSACleanup
closesocket
setsockopt
ioctlsocket
getsockname
bind
socket
listen
shutdown
WSAStartup
gethostbyname
gethostname
sendto
htons

avifil32

AVIStreamGetFrameClose
AVIStreamEndStreaming
AVIStreamGetFrame
AVIFileRelease
AVIFileExit
AVIStreamStart
AVIStreamGetFrameOpen
AVIStreamBeginStreaming
AVIStreamSampleToTime
AVIStreamLength
AVIStreamInfoW
AVIFileGetStream
AVIFileInfoW
AVIFileOpenW
AVIFileInit
AVIStreamWrite
AVIStreamSetFormat
AVIMakeCompressedStream
AVISaveOptions
AVIFileCreateStreamW
AVIStreamRelease

binkw32

_BinkCopyToBufferRect@44
_BinkClose@4
_BinkNextFrame@4
_BinkWait@4
_BinkGetRects@8
_BinkOpen@8
_BinkGoto@12
_BinkSetPan@12
_BinkSetVolume@12
_BinkPause@8
_BinkSetSoundOnOff@8
_BinkOpenDirectSound@4
_BinkSetSoundSystem@8
_BinkDoFrame@4
_BinkService@4
_BinkSetSoundTrack@8

openal32

alDeleteBuffers
alSourcei
alGenSources
alBufferData
alGenBuffers
alcGetIntegerv
alDeleteSources
alcProcessContext
alcCaptureSamples
alcCaptureCloseDevice
alcCaptureOpenDevice
alGetInteger
alGetString
alcGetString
alcCreateContext
alcOpenDevice
alDopplerFactor
alGetError
alcIsExtensionPresent
alcCaptureStart
alcCaptureStop
alGetSourcei
alSourceQueueBuffers
alSourceUnqueueBuffers
alSourcef
alSource3f
alSourceStop
alSource3i
alSourcePlay
alGetEnumValue
alGetProcAddress
alIsExtensionPresent
alcDestroyContext
alcCloseDevice
alcMakeContextCurrent
alDistanceModel
alcGetError

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

gdi32

GetDIBits

advapi32

RegQueryValueExA
SetSecurityInfo
FreeSid
GetUserNameW
RegOpenKeyExA
RegQueryValueExW
RegOpenKeyExW
RegSetValueExA
RegCreateKeyExA
AllocateAndInitializeSid
DeregisterEventSource
ReportEventA
RegisterEventSourceA
GetSecurityInfo
RegCloseKey
SetEntriesInAclW

shell32

CommandLineToArgvW
ShellExecuteW
SHFileOperationW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
SysAllocString

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

Sections

.text
Size: 7.2MB - Virtual size: 7.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 552KB - Virtual size: 708KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 540KB - Virtual size: 574KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 254KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

74616ad365977bc098004cde6bb0f316

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

d3d9

d3dx9_30

dinput8

wininet

shfolder

rpcrt4

winmm

ws2_32

avifil32

binkw32

openal32

iphlpapi

version

gdi32

advapi32

shell32

ole32

oleaut32

comdlg32

Sections

.text Size: 7.2MB - Virtual size: 7.2MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 552KB - Virtual size: 708KB

.rsrc Size: 88KB - Virtual size: 86KB

.reloc Size: 540KB - Virtual size: 574KB

.edata Size: 254KB - Virtual size: 256KB

.text
Size: 7.2MB - Virtual size: 7.2MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 552KB - Virtual size: 708KB

.rsrc
Size: 88KB - Virtual size: 86KB

.reloc
Size: 540KB - Virtual size: 574KB

.edata
Size: 254KB - Virtual size: 256KB