COTM[.]original[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

COTM.original.exe
Size

4.9MB
MD5

951389c953020fc7b5def32e7bed129a
SHA1

cd82cca228fe837e365719825d95682ebca14163
SHA256

6f73a7fbaaa0838441b2b54dccdbcffbbd74989d367facfd71ebb5c757684997
SHA512

c93d97d53798d2c912c1b3f1b013cd9ab5c3386dbaf78e91f1c14ef499fc82cabd0daa5fd796de7a07fc105d2b3a31511e727cb91c233373dd8a8c988ec1b2a1
SSDEEP

98304:pj4/WGmji6EHfywx4Un3U/Ff4xVJrOxzDIIoj32Cai:tAmW68fywx4U3U/Fyj6xzDIx2Cai

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
COTM.original.exe

Files

COTM.original.exe
.exe windows:5 windows x86 arch:x86

c2da736f1c0ebb6dadf37e603e854024

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\RON8\prog\project\OutDir\Win32\ReleaseSteam\RON8.pdb

Imports

kernel32

LocalFree
ExitProcess
CreateEventA
SetEvent
CloseHandle
ResetEvent
QueryPerformanceFrequency
QueryPerformanceCounter
HeapSize
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
HeapReAlloc
FlushFileBuffers
GetStringTypeW
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
GetLastError
SetFilePointerEx
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetTimeZoneInformation
EnumSystemLocalesW
FormatMessageA
GetModuleHandleA
GetModuleFileNameA
GlobalUnlock
GlobalLock
Sleep
WaitForSingleObject
SetThreadPriority
LeaveCriticalSection
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
DecodePointer
HeapAlloc
HeapFree
GetACP
WriteFile
GetStdHandle
WideCharToMultiByte
SetConsoleCtrlHandler
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetDriveTypeW
CreateFileW
ReadFile
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
MultiByteToWideChar
RtlUnwind
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetCurrentDirectoryA
GetUserDefaultLCID
SetLastError
GetCurrentDirectoryA
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
RaiseException
SetEndOfFile

user32

MessageBoxA
LoadCursorA
GetClassInfoA
RegisterClassA
CreateWindowExA
ShowWindow
SetCursor
GetWindowPlacement
GetClientRect
GetAsyncKeyState
SetCapture
ReleaseCapture
ScreenToClient
PostQuitMessage
DefWindowProcA
SetWindowPos
GetWindowRect
SystemParametersInfoA
GetWindowLongA
AdjustWindowRect
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
LoadIconA

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA

shell32

DragQueryFileA
SHGetSpecialFolderPathA

ole32

OleUninitialize
OleInitialize
RevokeDragDrop
RegisterDragDrop
ReleaseStgMedium
CoCreateInstance
CoUninitialize
CoInitializeEx

d3d9

Direct3DCreate9

d3dx9_43

D3DXCompileShader
D3DXMatrixInverse
D3DXCreateTexture
D3DXMatrixScaling
D3DXMatrixTranslation
D3DXMatrixMultiply
D3DXMatrixRotationZ
D3DXMatrixTranspose
D3DXVec3TransformCoord
D3DXVec3Normalize
D3DXMatrixPerspectiveFovLH
D3DXMatrixRotationY
D3DXMatrixRotationX

imm32

ImmReleaseContext
ImmGetCompositionStringW
ImmGetContext

winmm

timeGetTime

dinput8

DirectInput8Create

steam_api

SteamAPI_Init
SteamAPI_Shutdown
SteamInternal_CreateInterface
SteamAPI_GetHSteamPipe
SteamAPI_GetHSteamUser
SteamAPI_RunCallbacks
SteamInternal_ContextInit

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 958KB - Virtual size: 958KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 259KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 286KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bind
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c2da736f1c0ebb6dadf37e603e854024

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

d3d9

d3dx9_43

imm32

winmm

dinput8

steam_api

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 958KB - Virtual size: 958KB

.data Size: 259KB - Virtual size: 318KB

.gfids Size: 512B - Virtual size: 352B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 286KB - Virtual size: 286KB

.bind Size: 138KB - Virtual size: 138KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 958KB - Virtual size: 958KB

.data
Size: 259KB - Virtual size: 318KB

.gfids
Size: 512B - Virtual size: 352B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 286KB - Virtual size: 286KB

.bind
Size: 138KB - Virtual size: 138KB