fc9dba42c259d4559f7265d89d747a7254e3002bdb28a2631e7395c5c683bffb

Sharing

Copy URL Twitter E-mail

General

Target

fc9dba42c259d4559f7265d89d747a7254e3002bdb28a2631e7395c5c683bffb
Size

7.1MB
MD5

6ef64eb6d489954168697cce40da3504
SHA1

1fd497ef4a6a8d41a700a1067015297155b73891
SHA256

fc9dba42c259d4559f7265d89d747a7254e3002bdb28a2631e7395c5c683bffb
SHA512

f0a9a89b45ca75f763680a720416d1fea7a875fd4880c6cbe828b0d10de3d889c91326aa6e02dcd36832d9e9ea40d1f97675257709bf099f6ff32ed700b9581c
SSDEEP

49152:QzrY1THnUqXEJp0qkON5k0cqud72A4U1ffoTON3sD0a5gKqmPTlPkM:ys1jnvMe2E0cj/n8G3sDYKqm5PH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc9dba42c259d4559f7265d89d747a7254e3002bdb28a2631e7395c5c683bffb

Files

fc9dba42c259d4559f7265d89d747a7254e3002bdb28a2631e7395c5c683bffb
.exe windows:5 windows x86 arch:x86

9ece99fb4fb61e30a018a289c1d3d0fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

soundlib

CreateSoundLib

winmm

timeGetTime

ss3dgfunc

_WriteTGA@24
_COLORtoDWORD@16
_SetRotationYMatrix@8
_SetRotationXMatrix@8
_TransformVector3_VPTR2@16
_VECTOR3Length@4
_CrossProduct@12
_RotatePositionWithPivot@24
_CalcDistance@8
_MatrixMultiply2@12
_TransformV3TOV4@16
_SetInverseMatrix@8
_Normalize@8

wsock32

inet_addr
gethostbyname
WSAStartup
WSACleanup
socket
send
recv
ioctlsocket
htons
connect
closesocket

dinput8

DirectInput8Create

kernel32

SetStdHandle
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetEndOfFile
SetEnvironmentVariableA
GetFileSize
CloseHandle
GetLocalTime
OpenFile
DecodePointer
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
MultiByteToWideChar
IsDBCSLeadByte
CreateDirectoryA
GetTickCount
DeleteFileA
WideCharToMultiByte
LCMapStringA
GetSystemDefaultLangID
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
lstrlenA
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateToolhelp32Snapshot
Process32First
Process32Next
Module32First
Module32Next
lstrcmpA
lstrcpyA
OutputDebugStringA
FreeLibrary
GetProcAddress
LoadLibraryA
ReadFile
CreateFileA
OpenProcess
TerminateProcess
CreateThread
GetThreadContext
ResumeThread
SetEvent
WaitForMultipleObjects
lstrcmpiA
lstrcatA
CreateEventA
GetLogicalDriveStringsA
LocalFree
GetPriorityClass
InterlockedCompareExchange
GetModuleHandleA
MulDiv
WriteFile
GetCurrentProcessId
VirtualQuery
WaitForSingleObject
FindClose
Beep
CreateMutexA
RemoveDirectoryA
FindFirstFileA
FindNextFileA
InterlockedExchange
GetCurrentProcess
SetUnhandledExceptionFilter
GetModuleHandleExW
FormatMessageA
lstrcpynA
GetModuleFileNameA
IsBadReadPtr
GetTempPathA
SetFileAttributesA
CopyFileA
GetVersionExA
GetSystemTime
InterlockedDecrement
DeviceIoControl
CreateDirectoryW
GetFileAttributesExW
HeapQueryInformation
FlushFileBuffers
FindNextFileW
FindFirstFileExW
GetOEMCP
GetACP
IsValidCodePage
WaitForSingleObjectEx
OutputDebugStringW
SetConsoleCtrlHandler
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetCurrentThread
EnumSystemLocalesW
GetUserDefaultLCID
FileTimeToSystemTime
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
CreateSemaphoreW
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
SetLastError
UnhandledExceptionFilter
GetCPInfo
FatalAppExitA
WriteConsoleW
GetFileType
GetStdHandle
GetCommandLineA
LoadLibraryExW
ExitThread
lstrlenW
SystemTimeToTzSpecificLocalTime
WriteProcessMemory
CreateFileW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
RtlUnwind
GetStringTypeW
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleFileNameW
QueryDosDeviceA
GetCurrentThreadId
GetSystemTimeAsFileTime
HeapValidate
AreFileApisANSI
ExitProcess
GetSystemInfo

user32

IsClipboardFormatAvailable
wsprintfA
SetRect
MessageBoxA
UnregisterClassA
CharNextA
CharPrevA
GetClientRect
LoadCursorFromFileA
SetCursor
SystemParametersInfoA
LoadIconA
ShowCursor
UpdateWindow
GetSystemMetrics
EndDialog
ShowWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
UnregisterHotKey
RegisterHotKey
PeekMessageA
DispatchMessageA
TranslateMessage
SendMessageA
ReleaseDC
GetDC
ScreenToClient
GetCursorPos
SetCapture
ReleaseCapture
GetClipboardData
OffsetRect
GetWindowThreadProcessId
EnumWindows
GetWindowTextA
PostMessageA
CopyRect
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard

gdi32

GetTextExtentPoint32A
SelectObject
GetDeviceCaps
AddFontResourceExA
DeleteObject
CreateFontIndirectA
GetStockObject
RemoveFontResourceExA

advapi32

RegQueryInfoKeyA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA

shell32

ShellExecuteA

ole32

CoInitializeEx
CoInitialize
CoCreateInstance
CoFreeUnusedLibraries
CoUninitialize
CoSetProxyBlanket

oleaut32

CreateErrorInfo
VariantChangeType
SetErrorInfo
GetErrorInfo
SysAllocString
SysFreeString
VariantInit
VariantClear

freeimage

_FreeImage_Load@12
_FreeImage_Unload@4
_FreeImage_GetBits@4
_FreeImage_GetInfo@4
_FreeImage_SaveJPEG@12
_FreeImage_ConvertTo16Bits565@4

iphlpapi

GetAdaptersInfo

psapi

GetProcessImageFileNameA

msvcrt

strncpy

Sections

.text
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ece99fb4fb61e30a018a289c1d3d0fb

Headers

DLL Characteristics

File Characteristics

Imports

soundlib

winmm

ss3dgfunc

wsock32

dinput8

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

freeimage

iphlpapi

psapi

msvcrt

Sections

.text Size: 6.1MB - Virtual size: 6.1MB

.sedata Size: 1.1MB - Virtual size: 1.1MB

.idata Size: 6KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 4KB

.sedata Size: 4KB - Virtual size: 4KB

.text
Size: 6.1MB - Virtual size: 6.1MB

.sedata
Size: 1.1MB - Virtual size: 1.1MB

.idata
Size: 6KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 4KB

.sedata
Size: 4KB - Virtual size: 4KB