84264c4cd26c9be722b9de2957231a25ed46554525ab276547524350c0a52762

Sharing

Copy URL Twitter E-mail

General

Target

84264c4cd26c9be722b9de2957231a25ed46554525ab276547524350c0a52762
Size

8.1MB
MD5

47df5ba4adb1a0a8af3c21989307f1a2
SHA1

1df873aa32669c1ebf70d0eecdec3eeae3158262
SHA256

84264c4cd26c9be722b9de2957231a25ed46554525ab276547524350c0a52762
SHA512

3edefef189063330a533d77aeb8d01c03d813533e2d6ccede988f27a624e2733f26f2d4f776fd0d7339e9ce02cc44489b644c7d03015e5e91e7c4bfe8de8db79
SSDEEP

196608:9P81nerk7KJu9eyxz4/b0t5qgTb4icCZug:9PMeeK1Az4TO534Z4u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
84264c4cd26c9be722b9de2957231a25ed46554525ab276547524350c0a52762

Files

84264c4cd26c9be722b9de2957231a25ed46554525ab276547524350c0a52762
.exe windows:5 windows x86 arch:x86

ca29f35854cee3f1bffeb0f37089ed76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyA
RegQueryValueExA
RegSetValueExA
RegCreateKeyA
RegOpenKeyExA
RegCreateKeyExA
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
RegEnumValueA
RegCloseKey

avifil32

AVIStreamOpenFromFile
AVIFileRelease
AVIFileRelease
AVIFileExit
AVIFileInit
AVIFileReadData
AVIStreamWrite
AVIStreamRead
AVIFileWriteData
AVIFileCreateStreamA
AVIStreamInfo
AVIStreamLength
AVIStreamStart
AVIFileOpen
AVIMakeCompressedStream

dinput8

DirectInput8Create

dsound

DirectSoundCaptureCreate8

gdi32

EnumFontFamiliesA
SetStretchBltMode
StretchBlt
GetObjectA
SelectPalette
RealizePalette
CreateDCA
GetSystemPaletteEntries
CreatePalette
GetDeviceCaps
SetBkMode
BitBlt
GetPixel
CreateCompatibleBitmap
GetDIBits
TextOutA
CreateDIBSection
SetTextColor
SetBkColor
SetTextAlign
GetTextExtentPoint32A
ExtTextOutA
DeleteDC
SetMapMode
CreateCompatibleDC
CreateFontA
SelectObject
DeleteObject
GetStockObject
AddFontResourceA
SetROP2

imm32

ImmReleaseContext
ImmGetContext
ImmIsIME
ImmAssociateContext
ImmSetStatusWindowPos

kernel32

ExitProcess
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
MoveFileA
GetStdHandle
LockResource
GetFileType
HeapDestroy
HeapCreate
HeapReAlloc
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
GetStartupInfoA
GetCommandLineA
GetFileAttributesA
GetDateFormatA
GetTimeFormatA
HeapSize
GetSystemTimeAsFileTime
FreeEnvironmentStringsW
GetEnvironmentStringsW
lstrcmpi
SetCurrentDirectoryA
lstrlen
lstrcmp
ReadFile
CloseHandle
CreateFileA
MulDiv
Sleep
GetVersionExA
GetUserDefaultLCID
QueryPerformanceFrequency
WriteFile
GetModuleFileNameA
GlobalFree
GlobalAlloc
GetFileSize
SetFilePointer
GetLocalTime
lstrcat
DeleteFileA
GetLastError
FindClose
FindNextFileA
FindFirstFileA
GetCurrentDirectoryA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetSystemInfo
UnmapViewOfFile
MapViewOfFile
TerminateThread
LeaveCriticalSection
EnterCriticalSection
SetThreadPriority
GetCurrentThread
CreateThread
DeleteCriticalSection
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
GetProcAddress
FreeLibrary
LoadLibraryA
GetCurrentThreadId
lstrcpy
MultiByteToWideChar
GlobalUnlock
GlobalLock
GetTickCount
lstrcpyn
CreateDirectoryA
GetSystemDefaultLangID
GetSystemTime
WritePrivateProfileStructA
GetPrivateProfileStructA
CreateFileMappingA
TerminateProcess
OpenProcess
GetModuleHandleA
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceA
RemoveDirectoryA
GlobalReAlloc
GetTempFileNameA
GlobalMemoryStatus
GetDiskFreeSpaceExA
CreateEventA
GetExitCodeThread
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcessId
CopyFileA
GetWindowsDirectoryA
ReleaseMutex
SetThreadAffinityMask
CreateMutexA
OutputDebugStringA
CreateFileW
IsProcessorFeaturePresent
InterlockedExchange
InterlockedCompareExchange
GetFullPathNameA
VirtualFree
VirtualAlloc
ExpandEnvironmentStringsA
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
VirtualProtect
ReadProcessMemory
IsBadReadPtr
CreateProcessA
SetEndOfFile
GetSystemDirectoryA
SetLastError
GetExitCodeProcess
SetEvent
VirtualQueryEx
LocalFree
FormatMessageA
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
VirtualQuery
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
QueryPerformanceCounter
WaitForSingleObject
VirtualProtect
Sleep
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

oleaut32

SysAllocString
SysFreeString
VariantClear
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
VariantInit
GetErrorInfo

openal32

alSourceStop
alSourcef
alDeleteSources
alSource3f
alListener3f
alListenerfv
alcCloseDevice
alcDestroyContext
alcMakeContextCurrent
alGenSources
alcGetIntegerv
alcCreateContext
alcOpenDevice
alGetBufferi
alDeleteBuffers
alGenBuffers
alGetEnumValue
alGetListener3f
alGetSourcei
alSourceUnqueueBuffers
alSourcePlay
alSourcei
alGetError
alBufferData
alSourceQueueBuffers
alSourceRewind

shell32

ShellExecuteA

user32

GetPropA
RegisterClassA
LoadCursorA
SetCursor
IsRectEmpty
GetDoubleClickTime
ScreenToClient
FlashWindow
EnumDisplayDevicesA
MsgWaitForMultipleObjects
RegisterClassExA
LoadIconA
CharUpperBuffA
LoadStringA
GetClientRect
BeginPaint
GetActiveWindow
MessageBoxA
wsprintfA
CharLowerA
CreateWindowExA
SetWindowLongA
GetDC
ReleaseDC
MoveWindow
CallWindowProcA
GetWindowTextA
GetKeyboardLayout
SendMessageA
SetWindowTextA
SetPropA
PtInRect
SetRect
EndPaint
GetClassInfoA
UnregisterClassA
GetSystemMetrics
CopyRect
GetCursor
ClipCursor
DestroyWindow
EnumWindows
CharUpperA
IsWindowVisible
GetParent
GetClassNameA
GetWindowThreadProcessId
DispatchMessageA
ShowCursor
SetRectEmpty
EqualRect
GetWindowLongA
EnumDisplaySettingsA
AdjustWindowRect
SetWindowPos
ChangeDisplaySettingsA
SetActiveWindow
GetCursorPos
GetWindowRect
GetAsyncKeyState
SetFocus
RemovePropA
UpdateWindow
ShowWindow
SetForegroundWindow
InvalidateRect
ClientToScreen
SetCursorPos
PostQuitMessage
PeekMessageA
TranslateMessage
DefWindowProcA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wininet

InternetOpenA
InternetConnectA
FtpSetCurrentDirectoryA
InternetCloseHandle
HttpSendRequestA
InternetSetStatusCallback
HttpOpenRequestA
FtpPutFileA

winmm

mmioRead
mmioAscend
mmioGetInfo
mmioCreateChunk
mmioSeek
mixerGetNumDevs
mixerOpen
mixerGetLineInfoA
mixerClose
mixerGetLineControlsA
mixerGetControlDetailsA
mixerSetControlDetails
ord2
mmioDescend
timeGetTime
mmioWrite
mmioOpenA
mmioAdvance
mmioSetInfo
mmioClose

wsock32

WSACleanup
WSAStartup
gethostname
inet_ntoa
inet_addr
gethostbyname
socket
WSAGetLastError
setsockopt
WSAAsyncSelect
connect
htons
send
closesocket
recv
ioctlsocket
htonl
htonl
htons

d3d9

Direct3DCreate9

iphlpapi

GetAdaptersInfo

libvorbisfile

ov_info
ov_open_callbacks
ov_pcm_total
ov_pcm_seek
ov_read
ov_clear

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CLSIDFromString
OleDraw

Sections

Size: - Virtual size: 9.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.1&a
Size: - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 8.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PE_ADS
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.;`'
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.5Wc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

."@&
Size: 8.0MB - Virtual size: 8.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca29f35854cee3f1bffeb0f37089ed76

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

avifil32

dinput8

dsound

gdi32

imm32

kernel32

oleaut32

openal32

shell32

user32

version

wininet

winmm

wsock32

d3d9

iphlpapi

libvorbisfile

ole32

Sections

Size: - Virtual size: 9.5MB

.1&a Size: - Virtual size: 180KB

Size: - Virtual size: 8.5MB

PE_ADS Size: - Virtual size: 48KB

.;`' Size: - Virtual size: 3.2MB

.5Wc Size: 4KB - Virtual size: 3KB

."@& Size: 8.0MB - Virtual size: 8.0MB

.rsrc Size: 8KB - Virtual size: 4KB

.1&a
Size: - Virtual size: 180KB

PE_ADS
Size: - Virtual size: 48KB

.;`'
Size: - Virtual size: 3.2MB

.5Wc
Size: 4KB - Virtual size: 3KB

."@&
Size: 8.0MB - Virtual size: 8.0MB

.rsrc
Size: 8KB - Virtual size: 4KB