aa25c08c230e856d97dd78eaf139072554a53906b525e29123621d3f38fb2652

Sharing

Copy URL

Twitter E-mail

General

Target

aa25c08c230e856d97dd78eaf139072554a53906b525e29123621d3f38fb2652
Size

3.0MB
MD5

01cf39f28d9708ffb56b02998d69b0c0
SHA1

dec33570095069e8f1c00aaf77af111907c0bc53
SHA256

aa25c08c230e856d97dd78eaf139072554a53906b525e29123621d3f38fb2652
SHA512

b68265f44020a67f4e130019bf1fcc8e2bd2e4148ed1cf9643940f4e0ff5a5a0704dfc3de74c6407a970c43cb7e46784838795554e816e57a7e5cee8a03564e7
SSDEEP

49152:YjRO5v2JuPTbXijtz+HJKspmkJ0/H3BDuPTHGteDQVT1Pp/b/:+LkTbXRJKw6BaPTHtD2xj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa25c08c230e856d97dd78eaf139072554a53906b525e29123621d3f38fb2652

Files

aa25c08c230e856d97dd78eaf139072554a53906b525e29123621d3f38fb2652
.exe windows:5 windows x86 arch:x86

5f2ed535c0dafa5ccf48c36d05e0e37c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\vmware\share\Tank\tankclient\bin\forever.pdb

Imports

dinput8

DirectInput8Create

comctl32

ord17

ws2_32

closesocket
gethostname
getservbyport
__WSAFDIsSet
select
getservbyname
getpeername
getsockname
WSAIoctl
WSASetLastError
gethostbyname
inet_ntoa
ntohl
ntohs
shutdown
htons
WSAGetLastError
listen
bind
htonl
accept
recvfrom
recv
send
connect
inet_addr
socket
WSAStartup
WSACleanup
setsockopt
getsockopt
sendto
WSACreateEvent
WSACloseEvent
gethostbyaddr
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
ioctlsocket

ddraw

DirectDrawCreateEx

dsound

ord1

winmm

mciSendCommandA
timeGetTime
mciGetErrorStringA

imm32

ImmGetContext
ImmSetStatusWindowPos
ImmReleaseContext
ImmGetCompositionStringA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

abuse

ABuse_InitDic
ABuse_DecodeDic
ABuse_LoadDic
ABuse_CheckAbuse

adv

Adv_DecodeDic
Adv_InitDic
Adv_CheckAbuse
Adv_LoadDic

xexp

?fnXExpSetLogName@@YAXPAD@Z
?fnXExpSetDescription@@YAXPAD@Z
?fnXExpSetFtpConnection@@YAXPADI000@Z
?fnXExpDeleteLogFile@@YAXH@Z

steam_api

SteamAPI_UnregisterCallback
SteamInternal_SteamAPI_Init
SteamAPI_RegisterCallback
SteamInternal_ContextInit
SteamAPI_RestartAppIfNecessary
SteamAPI_GetHSteamUser
SteamInternal_FindOrCreateUserInterface
SteamAPI_RunCallbacks

wldap32

ord27
ord301
ord33
ord79
ord35
ord32
ord200
ord30
ord26
ord50
ord60
ord143
ord211
ord22
ord46
ord41

d3d9

Direct3DCreate9

kernel32

HeapDestroy
GetACP
SetCurrentDirectoryA
SetHandleCount
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapCreate
VirtualAlloc
VirtualFree
FatalAppExitA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
LCMapStringA
GetTimeZoneInformation
GetNumberOfConsoleInputEvents
PeekConsoleInputA
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
SetConsoleCtrlHandler
SetFileAttributesA
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
HeapReAlloc
GetStartupInfoA
GetCommandLineA
ResumeThread
ExitProcess
GetModuleHandleW
GetFullPathNameA
GetDriveTypeA
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
GetTickCount
WritePrivateProfileStringA
GetCurrentDirectoryA
FindClose
DeleteFileA
CopyFileA
FindFirstFileA
FindNextFileA
CreateDirectoryA
GetModuleFileNameA
TerminateThread
Sleep
GetFileTime
GetModuleHandleA
GetLastError
MultiByteToWideChar
GetStringTypeA
ReadFile
GetFileSize
CreateFileA
WriteFile
FormatMessageA
GetExitCodeThread
WaitForSingleObject
GetLocalTime
GlobalUnlock
GlobalLock
ReleaseMutex
CreateMutexA
GetCurrentThreadId
GetVersionExA
SetPriorityClass
GetPriorityClass
GetCurrentProcess
GlobalMemoryStatus
lstrcmpA
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcatA
lstrlenA
lstrcpyA
GetFileAttributesA
GetWindowsDirectoryA
OutputDebugStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetEnvironmentVariableA
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReadProcessMemory
OpenProcess
HeapFree
GetProcessHeap
HeapAlloc
SetFilePointer
InterlockedIncrement
InterlockedDecrement
AllocConsole
FreeConsole
WriteConsoleA
GetStdHandle
CreateEventA
SignalObjectAndWait
SetEvent
SetUnhandledExceptionFilter
GetCurrentProcessId
VirtualQuery
GetCurrentThread
LocalFree
IsBadStringPtrA
CreateThread
ExitThread
lstrlenW
WideCharToMultiByte
TerminateProcess
CreateProcessA
QueryPerformanceFrequency
QueryPerformanceCounter
SetLastError
SleepEx
GetSystemDirectoryA
PeekNamedPipe
WaitForMultipleObjects
GetFileType
ExpandEnvironmentStringsA
GetVersion
FlushConsoleInputBuffer
RaiseException
RtlUnwind
InterlockedExchange
InterlockedCompareExchange
GetStringTypeW
HeapSize
GetConsoleCP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
FlushFileBuffers
SetStdHandle
SetEndOfFile
GetLocaleInfoW
GetConsoleOutputCP
GetFullPathNameW
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateFileW
GetExitCodeProcess
LoadLibraryW
GetSystemDefaultLangID
GetDiskFreeSpaceExW
ConnectNamedPipe
CreateNamedPipeW
GetOverlappedResult
InterlockedExchangeAdd
IsBadReadPtr
GetDriveTypeW
FindFirstFileW
CloseHandle

user32

GetDC
MessageBeep
GetUserObjectInformationW
GetProcessWindowStation
KillTimer
RegisterClassExA
GetSystemMetrics
GetDesktopWindow
ShowWindow
UpdateWindow
SetTimer
PostQuitMessage
DefWindowProcA
CharUpperA
GetKeyState
SetWindowTextA
ReleaseDC
CopyRect
PeekMessageA
CreateWindowExA
DestroyWindow
OpenClipboard
wsprintfA
SendMessageA
GetClipboardData
CloseClipboard
ShowCursor
GetWindowLongA
SetWindowLongA
SetWindowPos
EnumDisplaySettingsA
MessageBoxA
SetCursorPos
GetCursorPos
GetWindowRect
GetClassInfoA
GetWindowTextA
UnregisterClassA
MoveWindow
GetClientRect
SetRectEmpty
FindWindowA
SetFocus
LoadIconA
IsClipboardFormatAvailable
BeginPaint
EndPaint
IsWindowVisible
LoadCursorA
RegisterClassA
SetRect
GetMessageA
TranslateMessage
CallWindowProcA
DispatchMessageA

gdi32

SelectObject
SetBkMode
CreateCompatibleDC
DeleteObject
CreateFontA
TextOutW
DeleteDC
GetBitmapBits
BitBlt
CreateDIBSection
GetStockObject
CreateDCA
TextOutA
GetDeviceCaps
CreateCompatibleBitmap
SetTextColor
GetObjectA

winspool.drv

EnumPrinterDriversA

advapi32

RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegEnumValueA
RegEnumKeyExA
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ole32

CoCreateInstance
CLSIDFromString
OleInitialize
OleUninitialize
CoTaskMemFree
CoUninitialize
CoInitialize

oleaut32

SafeArrayAccessData
VariantClear
SysAllocString
VariantInit
SysAllocStringLen
SafeArrayCreate
SafeArrayDestroy
SysFreeString
SafeArrayUnaccessData

wininet

InternetOpenUrlA
InternetOpenA
InternetErrorDlg
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetCloseHandle
InternetCrackUrlA
InternetReadFile
InternetQueryDataAvailable
InternetConnectA

dbghelp

SymSetContext
MiniDumpWriteDump
SymCleanup
SymInitialize
SymFromAddr
StackWalk
SymFunctionTableAccess
SymGetModuleBase
SymGetTypeInfo
SymSetOptions
SymGetLineFromAddr
SymEnumSymbols

psapi

GetModuleBaseNameA
EnumProcesses
EnumProcessModules

urlmon

URLDownloadToFileW

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 419KB - Virtual size: 418KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 79KB - Virtual size: 337KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f2ed535c0dafa5ccf48c36d05e0e37c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dinput8

comctl32

ws2_32

ddraw

dsound

winmm

imm32

version

abuse

adv

xexp

steam_api

wldap32

d3d9

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

wininet

dbghelp

psapi

urlmon

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 419KB - Virtual size: 418KB

.data Size: 79KB - Virtual size: 337KB

.rsrc Size: 6KB - Virtual size: 6KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 419KB - Virtual size: 418KB

.data
Size: 79KB - Virtual size: 337KB

.rsrc
Size: 6KB - Virtual size: 6KB