ad27ad1336e7c62561ddb16d32464b5d1d46042605d564d4292de71b2cc49df0

Sharing

Copy URL Twitter E-mail

General

Target

ad27ad1336e7c62561ddb16d32464b5d1d46042605d564d4292de71b2cc49df0
Size

8.2MB
MD5

5d24d6145de5c4670afbc660e8628bcd
SHA1

ce60b3dd2b1c513fe2fa4c9e1ab8726836a2a97a
SHA256

ad27ad1336e7c62561ddb16d32464b5d1d46042605d564d4292de71b2cc49df0
SHA512

7695a2c9b3bc89b137080fde57d06a5cb7aa7e023ad878ae2edd8ba59989ceda86f91dd79663c8d07b96fc8de385c0c2d7927eac1e318e1ee0839724d8539d3d
SSDEEP

98304:LCz3KyJF5U7+6dDAzl3qrbOBU9OJjRplFiAN:E3KyJF5U7+6RAzl3qrhubiA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad27ad1336e7c62561ddb16d32464b5d1d46042605d564d4292de71b2cc49df0

Files

ad27ad1336e7c62561ddb16d32464b5d1d46042605d564d4292de71b2cc49df0
.exe windows:6 windows x86 arch:x86

7f2c6dc46c394fc053b703601e25e296

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\MosiangSRC\2024\DarkStory-TOT\Mx_Code\Obj\MHClient\Debug_Connect\MHClient-Connect.pdb

Imports

comctl32

InitCommonControlsEx

soundlib

CreateSoundLib

winmm

timeGetTime

ss3dgfunc

_CalcDistance@8
_RotatePositionWithPivot@24
_TransformVector3_VPTR2@16
_MatrixMultiply2@12
_TransformV3TOV4@16
_SetInverseMatrix@8
_CrossProduct@12
_SetRotationXMatrix@8
_SetRotationYMatrix@8
_Normalize@8
_WriteTGA@24
_COLORtoDWORD@16
_VECTOR3Length@4

wsock32

WSACleanup
closesocket
connect
socket
gethostbyname
inet_addr
htons
ioctlsocket
recv
send
WSAStartup

dinput8

DirectInput8Create

kernel32

GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
GetFileSize
CloseHandle
GetLocalTime
OpenFile
IsDBCSLeadByte
CreateDirectoryA
CreateThread
GetTickCount
DeleteFileA
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
GetSystemDefaultLangID
Sleep
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
lstrlenA
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateToolhelp32Snapshot
Process32First
Process32Next
Module32First
Module32Next
lstrcmpA
lstrcpyA
OutputDebugStringA
FindClose
FindFirstFileA
FindNextFileA
RemoveDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
CreateFileA
ReadFile
GetLastError
SetEvent
CreateEventA
WaitForMultipleObjects
TerminateProcess
ResumeThread
GetPriorityClass
GetThreadContext
OpenProcess
lstrcmpiA
lstrcatA
GetLogicalDriveStringsA
QueryDosDeviceA
SetFilePointer
WriteFile
GetModuleHandleA
MulDiv
WaitForSingleObject
GetCurrentProcessId
WriteProcessMemory
SetUnhandledExceptionFilter
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetModuleFileNameA
SetFileAttributesA
GetTempPathA
CopyFileA
GetVersionExA
GetSystemTime
EnumSystemLocalesW
GetNativeSystemInfo
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetConsoleCtrlHandler
OutputDebugStringW
FreeLibraryAndExitThread
ExitThread
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindNextFileW
FindFirstFileExW
WriteConsoleW
GetFileType
GetStdHandle
GetSystemInfo
HeapValidate
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
InterlockedFlushSList
InterlockedPushEntrySList
LoadLibraryExW
GetModuleFileNameW
RtlUnwind
InitializeSListHead
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
GetStartupInfoW
RaiseException
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetCPInfo
CompareStringEx
CreateSymbolicLinkW
GetFileInformationByHandleEx
GetModuleHandleW
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
FreeLibraryWhenCallbackReturns
GetTickCount64
GetSystemTimeAsFileTime
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
InitOnceExecuteOnce
ReleaseSRWLockExclusive
GetTempPathW
SetFileInformationByHandle
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapReAlloc
HeapSize
HeapQueryInformation
SetStdHandle
FlushFileBuffers
GetFileAttributesExW
CreateDirectoryW
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetStringTypeW
QueryPerformanceFrequency
QueryPerformanceCounter
LCMapStringEx
GetLocaleInfoEx
LocalFree
DecodePointer
EncodePointer
InitializeCriticalSectionEx
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
CreateFileW
SetEndOfFile
GetExitCodeThread
SwitchToThread
WaitForSingleObjectEx
DeviceIoControl
FormatMessageA

user32

GetDlgItemInt
LoadCursorFromFileA
SetCursorPos
LoadIconA
ShowCursor
UpdateWindow
EndDialog
CreateWindowExA
RegisterClassExA
DefWindowProcA
UnregisterHotKey
RegisterHotKey
PeekMessageA
DispatchMessageA
TranslateMessage
ReleaseDC
GetDC
ScreenToClient
GetCursorPos
ReleaseCapture
SetCapture
IsClipboardFormatAvailable
GetClipboardData
IsDialogMessageA
ClientToScreen
GetWindowRect
GetClientRect
SetWindowTextA
GetSystemMetrics
EnableWindow
SetFocus
SendDlgItemMessageA
CheckRadioButton
CheckDlgButton
GetDlgItemTextA
SetDlgItemTextA
SetCursor
SetDlgItemInt
GetDlgItem
CreateDialogParamA
SetWindowPos
AnimateWindow
ShowWindow
DestroyWindow
IsWindow
CallWindowProcA
SendMessageA
OffsetRect
GetWindowThreadProcessId
EnumWindows
GetWindowTextA
PostMessageA
CopyRect
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
CharPrevA
CharNextA
MessageBoxA
SetRect
wsprintfA

gdi32

DeleteObject
GetDeviceCaps
SelectObject
GetTextExtentPoint32A
GetStockObject
CreateFontIndirectA

comdlg32

GetOpenFileNameA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegQueryInfoKeyA
LookupPrivilegeValueA
OpenProcessToken
OpenThreadToken
AdjustTokenPrivileges

shell32

ShellExecuteA

ole32

CoSetProxyBlanket
CoInitializeEx
CoInitialize
CoFreeUnusedLibraries
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
CreateErrorInfo
VariantInit
GetErrorInfo
VariantChangeType
SetErrorInfo
VariantClear
SysFreeString

freeimage

_FreeImage_SaveJPEG@12
_FreeImage_ConvertTo16Bits565@4
_FreeImage_Load@12
_FreeImage_GetInfo@4
_FreeImage_GetBits@4
_FreeImage_Unload@4

iphlpapi

GetAdaptersInfo

psapi

GetProcessImageFileNameA

winhttp

WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpReadData

Sections

.textbss
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 619KB - Virtual size: 619KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 800KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f2c6dc46c394fc053b703601e25e296

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

soundlib

winmm

ss3dgfunc

wsock32

dinput8

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

freeimage

iphlpapi

psapi

winhttp

Sections

.textbss Size: - Virtual size: 3.1MB

.text Size: 6.4MB - Virtual size: 6.4MB

.rdata Size: 619KB - Virtual size: 619KB

.data Size: 800KB - Virtual size: 1.1MB

.idata Size: 11KB - Virtual size: 11KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 270B

.rsrc Size: 127KB - Virtual size: 127KB

.reloc Size: 244KB - Virtual size: 243KB

.textbss
Size: - Virtual size: 3.1MB

.text
Size: 6.4MB - Virtual size: 6.4MB

.rdata
Size: 619KB - Virtual size: 619KB

.data
Size: 800KB - Virtual size: 1.1MB

.idata
Size: 11KB - Virtual size: 11KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 270B

.rsrc
Size: 127KB - Virtual size: 127KB

.reloc
Size: 244KB - Virtual size: 243KB