d1c0eedf4d823b6f21abacf83ee77df0ffcd6dab936f93c51b71dfcdc3d895a9

Sharing

Copy URL Twitter E-mail

General

Target

d1c0eedf4d823b6f21abacf83ee77df0ffcd6dab936f93c51b71dfcdc3d895a9
Size

4.0MB
MD5

1125b5f41e381ad22757ab909bbbf8fd
SHA1

38ef3126f7b4ad9eb8d7c7ef2af96a37b18204d6
SHA256

d1c0eedf4d823b6f21abacf83ee77df0ffcd6dab936f93c51b71dfcdc3d895a9
SHA512

f480272629ab019557f4a6407fca8dd832f46c44f6ffda007935414fe5add1335f8502fb1bcf000254e61ccb4852de00192f96fe39c848dc7224f4e59ecff6ea
SSDEEP

98304:80dNg+qTaA6WLkfrCv2dDwDURyib/6+8M4:n3grTaA6WLkTCv2d8DUMiT6+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d1c0eedf4d823b6f21abacf83ee77df0ffcd6dab936f93c51b71dfcdc3d895a9

Files

d1c0eedf4d823b6f21abacf83ee77df0ffcd6dab936f93c51b71dfcdc3d895a9
.exe windows:4 windows x86 arch:x86

7663700f73bcc9284364f745f25dc525

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExA
CryptGetHashParam
CryptVerifySignatureA
RegEnumValueA
GetUserNameA
CryptImportKey
CryptEncrypt
RegCreateKeyA
RegDeleteValueA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyA
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDecrypt
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA

dinput8

DirectInput8Create

gdi32

CreateFontIndirectA
StretchDIBits
GetObjectA
GetDIBits
SetBkMode
GetDeviceCaps
CreateFontA
ExtTextOutA
CreateDIBSection
SetMapMode
SetTextColor
SetBkColor
SetTextAlign
GetTextExtentPoint32A
DeleteObject
DeleteDC
SelectObject
CreateCompatibleDC

imm32

ImmGetCompositionStringA
ImmGetContext
ImmGetDefaultIMEWnd
ImmGetImeMenuItemsA
ImmGetCandidateListA
ImmReleaseContext
ImmGetProperty
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetDescriptionA
ImmNotifyIME

kernel32

IsDebuggerPresent
UnhandledExceptionFilter
RtlUnwind
RaiseException
TlsFree
GetSystemTimeAsFileTime
HeapSize
GetTimeZoneInformation
GetCPInfo
GetOEMCP
HeapReAlloc
SetEnvironmentVariableA
SetCurrentDirectoryA
GetStartupInfoA
TlsSetValue
HeapDestroy
HeapCreate
TlsAlloc
SetHandleCount
GetFileType
TlsGetValue
SetLastError
IsValidCodePage
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
SetConsoleCtrlHandler
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
GetThreadLocale
MoveFileA
GetExitCodeProcess
PeekNamedPipe
GetStdHandle
CreatePipe
SetStdHandle
DuplicateHandle
GetFileInformationByHandle
LoadLibraryExA
OutputDebugStringA
GetTickCount
DeleteFileA
Sleep
SizeofResource
LoadResource
FindResourceA
InterlockedExchange
MultiByteToWideChar
WideCharToMultiByte
GetLastError
GetVersion
CloseHandle
GetFileSize
GetFileTime
CreateFileA
lstrlenW
CompareStringA
CompareStringW
lstrcmpiA
lstrcmpiW
lstrlenA
GetEnvironmentVariableA
GetEnvironmentVariableW
GetStringTypeExA
GetStringTypeExW
GetLocalTime
GetVersionExA
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
FreeLibrary
CreateSemaphoreA
ReleaseMutex
CreateMutexA
GetPrivateProfileIntA
GetProcAddress
LoadLibraryA
CreateProcessA
GetCommandLineA
InitializeCriticalSection
MulDiv
lstrcmpA
lstrcpyA
lstrcatA
lstrcpynA
GetFullPathNameA
QueryPerformanceCounter
QueryPerformanceFrequency
GetModuleFileNameA
GetFileAttributesA
GetSystemDirectoryA
FindClose
FindNextFileA
FindFirstFileA
GetModuleHandleA
MapViewOfFile
CreateFileMappingA
SetUnhandledExceptionFilter
FormatMessageA
VirtualQuery
IsBadStringPtrA
WriteFile
LocalFree
GetCurrentThread
GetCurrentProcess
SetFilePointer
ReadFile
IsDBCSLeadByte
GetACP
InterlockedIncrement
InterlockedDecrement
GetTempFileNameA
GetTempPathA
GetSystemInfo
IsProcessorFeaturePresent
GetProfileIntA
DebugBreak
FatalAppExitA
CreateFileW
UnmapViewOfFile
LockResource
FindResourceW
VirtualFree
VirtualAlloc
HeapAlloc
GetProcessHeap
HeapFree
TerminateProcess
SetEvent
DeleteCriticalSection
SetEndOfFile
ResumeThread
ResetEvent
SetThreadPriority
GetDriveTypeA
WaitForMultipleObjects
CreateEventA
OpenEventA
CopyFileA
MoveFileExA
CreateDirectoryA
GetCurrentThreadId
GetCurrentProcessId
OpenMutexA
CreateThread
TerminateThread
GetComputerNameA
ExitProcess
IsBadReadPtr
GetModuleFileNameW
VirtualProtect
OpenFileMappingA
GetCurrentDirectoryA

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

shell32

ShellExecuteA

user32

wsprintfA
PtInRect
PostQuitMessage
SendMessageA
SetRect
MessageBoxA
PostMessageA
SetTimer
CharLowerA
CharLowerW
CharUpperA
CharUpperW
CopyRect
KillTimer
CallNextHookEx
GetAsyncKeyState
ChangeDisplaySettingsA
MoveWindow
EnumDisplaySettingsA
UpdateWindow
ShowWindow
CreateWindowExA
DestroyWindow
DefWindowProcA
GetFocus
RegisterClassExA
LoadCursorA
LoadIconA
UnhookWindowsHookEx
DispatchMessageA
TranslateMessage
PeekMessageA
LoadAcceleratorsA
SetWindowsHookExA
SystemParametersInfoA
LoadStringA
GetDC
GetClientRect
GetWindowRect
GetWindowLongA
SetWindowPos
GetDlgItem
EnableWindow
IsDlgButtonChecked
CheckRadioButton
EndDialog
DialogBoxParamA
ScreenToClient
GetCursorPos
ReleaseDC
GetIconInfo
IsRectEmpty
HideCaret
GetKeyboardState
GetKeyboardLayout
IntersectRect
ToAscii
MapVirtualKeyA
ToAsciiEx
MapVirtualKeyExA
SetCaretPos
GetKeyboardLayoutNameA
FindWindowA
DrawTextA
DrawTextW

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

winmm

timeKillEvent
timeSetEvent
timeGetTime

ws2_32

htons
sendto
WSASend

wsock32

WSAGetLastError
recv
socket
select
inet_addr
connect
setsockopt
ioctlsocket
closesocket
send
gethostname
gethostbyname
WSACleanup
WSAStartup
__WSAFDIsSet
inet_ntoa

d3d9

Direct3DCreate9

dbghelp

SymInitialize
SymCleanup
SymGetModuleBase
SymFunctionTableAccess
StackWalk
SymFromAddr
SymGetLineFromAddr
SymSetContext
SymEnumSymbols
SymGetTypeInfo
SymSetOptions

mss32

_AIL_file_size@4
_AIL_file_read@8
_AIL_stop_timer@4
_AIL_start_timer@4
_AIL_set_timer_period@8
_AIL_set_timer_user@8
_AIL_start_sample@4
_AIL_shutdown@0
_AIL_waveOutClose@4
_AIL_close_3D_provider@4
_AIL_close_digital_driver@4
_AIL_service_stream@8
_AIL_close_3D_listener@4
_AIL_set_named_sample_file@20
_AIL_init_sample@4
_AIL_allocate_sample_handle@4
_AIL_release_sample_handle@4
_AIL_stop_sample@4
_AIL_close_stream@4
_AIL_pause_stream@8
_AIL_set_stream_volume_levels@12
_AIL_stream_volume_levels@12
_AIL_set_redist_directory@4
_AIL_set_stream_playback_rate@8
_AIL_release_timer_handle@4
_AIL_release_all_timers@0
_AIL_open_digital_driver@16
_AIL_file_type@8
_AIL_decompress_ASI@24
_AIL_WAV_info@8
_AIL_decompress_ADPCM@12
_AIL_release_3D_sample_handle@4
_AIL_mem_free_lock@4
_AIL_stop_3D_sample@4
_AIL_set_3D_position@16
_AIL_set_3D_orientation@28
_AIL_set_3D_velocity@20
_AIL_set_3D_sample_distances@12
_AIL_set_3D_sample_cone@16
_AIL_set_3D_sample_effects_level@8
_AIL_start_3D_sample@4
_AIL_set_sample_volume_levels@12
_AIL_set_3D_sample_volume@8
_AIL_open_3D_provider@4
_AIL_last_error@0
_AIL_set_3D_rolloff_factor@8
_AIL_set_3D_doppler_factor@8
_AIL_set_3D_speaker_type@8
_AIL_set_3D_room_type@8
_AIL_enumerate_3D_providers@12
_AIL_start_stream@4
_AIL_set_stream_loop_count@8
_AIL_open_stream@12
_AIL_register_timer@4
_AIL_register_3D_EOS_callback@8
_AIL_set_3D_sample_file@8
_AIL_allocate_3D_sample_handle@4
_AIL_set_3D_sample_loop_count@8
_AIL_set_3D_distance_factor@8
_AIL_open_3D_listener@4
_AIL_quick_handles@12
_AIL_quick_startup@20
_AIL_startup@0
_AIL_stream_playback_rate@4

ole32

CoInitialize
CoCreateInstance
CoUninitialize

zlib1

get_crc_table
inflateInit2_
inflate
crc32
inflateEnd

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 439KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 188KB - Virtual size: 10.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zero
Size: - Virtual size: 6.1MB

.as_0001
Size: 114KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zero
Size: - Virtual size: 1.4MB

.as_0002
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.h4_0001
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.h4_0002
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7663700f73bcc9284364f745f25dc525

Headers

File Characteristics

Imports

advapi32

dinput8

gdi32

imm32

kernel32

oleaut32

shell32

user32

version

winmm

ws2_32

wsock32

d3d9

dbghelp

mss32

ole32

zlib1

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.data Size: 439KB - Virtual size: 440KB

Size: 188KB - Virtual size: 10.2MB

.rsrc Size: 9KB - Virtual size: 12KB

Size: - Virtual size: 192KB

.idata Size: 10KB - Virtual size: 12KB

.zero Size: - Virtual size: 6.1MB

.as_0001 Size: 114KB - Virtual size: 120KB

.zero Size: - Virtual size: 1.4MB

.as_0002 Size: 48KB - Virtual size: 48KB

.h4_0001 Size: 4KB - Virtual size: 4KB

.h4_0002 Size: 4KB - Virtual size: 4KB

.text
Size: 3.2MB - Virtual size: 3.2MB

.data
Size: 439KB - Virtual size: 440KB

.rsrc
Size: 9KB - Virtual size: 12KB

.idata
Size: 10KB - Virtual size: 12KB

.zero
Size: - Virtual size: 6.1MB

.as_0001
Size: 114KB - Virtual size: 120KB

.zero
Size: - Virtual size: 1.4MB

.as_0002
Size: 48KB - Virtual size: 48KB

.h4_0001
Size: 4KB - Virtual size: 4KB

.h4_0002
Size: 4KB - Virtual size: 4KB