94ddf55763c799e00772aed0a61b640d88cd4b353012f82668011c89455949f8

Sharing

Copy URL

Twitter E-mail

General

Target

94ddf55763c799e00772aed0a61b640d88cd4b353012f82668011c89455949f8
Size

2.6MB
MD5

fd9d532426aa6761692cc833ab0dcbad
SHA1

22148b803536b7fdd0e7a413fb5cbd783f38f68b
SHA256

94ddf55763c799e00772aed0a61b640d88cd4b353012f82668011c89455949f8
SHA512

c991a22ab819f7413dd7855a23745112fa09428bfde89629e54aaea54616aa054b70d04733b5ddf017ee5e6cbddfe6982161df93024f8f673550d70d6a14fa63
SSDEEP

49152:o6qtIR0j3jPvVVlnayYhk445Jp3/+yNvg5kkPiVojTIQhMqjFl+lo:Wxp2EvNQb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
94ddf55763c799e00772aed0a61b640d88cd4b353012f82668011c89455949f8

Files

94ddf55763c799e00772aed0a61b640d88cd4b353012f82668011c89455949f8
.exe windows:5 windows x86 arch:x86

a550e3d6b73801a96fadc1fbe81ee93d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

soundlib

CreateSoundLib

winmm

timeGetTime

ss3dgfunc

_MatrixMultiply2@12
_TransformV3TOV4@16
_CalcDistance@8
_RotatePositionWithPivot@24
_TransformVector3_VPTR2@16
_SetRotationXMatrix@8
_SetRotationYMatrix@8
_Normalize@8
_VECTOR3_ADD_VECTOR3@12
_VECTOR3_MULEQU_FLOAT@8
_WriteTGA@24
_COLORtoDWORD@16
_VECTOR3Length@4
_SetInverseMatrix@8
_CrossProduct@12

wsock32

send
ioctlsocket
htons
inet_addr
gethostbyname
WSAStartup
connect
WSACleanup
closesocket
socket
recv

dinput8

DirectInput8Create

wininet

InternetReadFile
InternetCloseHandle
InternetQueryDataAvailable
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetConnectA

kernel32

GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
EncodePointer
LoadLibraryExW
HeapAlloc
HeapFree
GetProcessHeap
GetFileSize
CloseHandle
GetLocalTime
OpenFile
IsDBCSLeadByte
GetModuleFileNameA
DeleteFileA
GetTickCount
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WaitForSingleObject
ReadFile
CreatePipe
CreateProcessA
GetStartupInfoA
GetCurrentDirectoryA
WideCharToMultiByte
lstrlenA
SetCurrentDirectoryA
CreateToolhelp32Snapshot
Process32First
Process32Next
lstrcmpA
lstrcpyA
OutputDebugStringA
FreeLibrary
GetProcAddress
LoadLibraryA
CreateFileA
OpenProcess
VirtualQuery
CreateThread
IsDebuggerPresent
lstrcmpiA
lstrcatA
GetLogicalDriveStringsA
QueryDosDeviceA
InterlockedCompareExchange
GetModuleHandleA
MulDiv
VerSetConditionMask
GetCurrentProcess
GetCurrentProcessId
ExitProcess
GetProcessId
DuplicateHandle
VerifyVersionInfoA
WriteFile
CreateDirectoryA
GetModuleFileNameW
FindClose
RemoveDirectoryA
FindFirstFileA
FindNextFileA
MultiByteToWideChar
InterlockedExchange
GetPrivateProfileStringA
WritePrivateProfileStringA
GetTempPathA
SetFileAttributesA
CopyFileA
GetVersionExA
GetSystemTime
OutputDebugStringW
LocalFree
GetCurrentThreadId

user32

DefWindowProcA
PeekMessageA
DispatchMessageA
TranslateMessage
ReleaseDC
GetDC
ScreenToClient
GetCursorPos
ReleaseCapture
SetCapture
IsClipboardFormatAvailable
GetClipboardData
OffsetRect
CopyRect
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
PostMessageA
RegisterClassExA
CharNextA
MessageBoxA
SetRect
wsprintfA
GetClientRect
LoadCursorFromFileA
SetCursor
LoadIconA
ShowCursor
UpdateWindow
GetSystemMetrics
CharPrevA
ShowWindow
CreateWindowExA

gdi32

CreateFontIndirectA
GetTextExtentPoint32A
SelectObject
GetDeviceCaps
GetStockObject
DeleteObject

advapi32

GetTokenInformation
RegCloseKey
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
GetUserNameA
LookupAccountSidA
OpenProcessToken

shell32

ShellExecuteA

ole32

CoUninitialize
CoFreeUnusedLibraries
CoCreateInstance
CoInitialize

oleaut32

VariantClear

freeimage

_FreeImage_ConvertTo16Bits565@4
_FreeImage_GetInfo@4
_FreeImage_GetBits@4
_FreeImage_Load@12
_FreeImage_Unload@4
_FreeImage_SaveJPEG@12

msvcp120

?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Future_error_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_BADOFF@std@@3_JB
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Swap_all@_Container_base12@std@@QAEXAAU12@@Z
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QBE_NXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?flags@ios_base@std@@QBEHXZ
?_Orphan_all@_Container_base12@std@@QAEXXZ
??1_Container_base12@std@@QAE@XZ
??0_Container_base12@std@@QAE@XZ
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Orphan_all@_Container_base0@std@@QAEXXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0id@locale@std@@QAE@I@Z
?_Winerror_map@std@@YAPBDH@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z

msvcr120

memchr
_time64
fputc
fopen_s
fgetc
strncmp
strcpy_s
free
malloc
_findclose
_findfirst64i32
_findnext64i32
strncat
strtok
atof
_CIatan2
_beginthreadex
_vsnprintf
_localtime64
_i64toa
_atoi64
realloc
fputs
?terminate@@YAXXZ
srand
_itoa_s
ftell
_libm_sse2_tan_precise
_pgmptr
memcpy_s
fflush
fgetpos
fgets
fsetpos
_fseeki64
setvbuf
ungetc
_lock_file
_unlock_file
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABV01@@Z
isalpha
_strnicmp
exit
sprintf_s
_access
_mkdir
strcpy
_wassert
??1type_info@@UAE@XZ
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_except1
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_except_handler4_common
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
_ismbblead
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
_acmdln
_fmode
_commode
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
_itoa
??1bad_cast@std@@UAE@XZ
??3@YAXPAX@Z
_libm_sse2_cos_precise
_libm_sse2_sin_precise
__CxxFrameHandler3
??2@YAPAXI@Z
??_V@YAXPAX@Z
memset
strncpy
fclose
fopen
fprintf
_purecall
rand
sprintf
memcpy
fread
fseek
fwrite
sscanf
toupper
memmove
atoi
vsprintf
_CxxThrowException
_libm_sse2_sqrt_precise
_strupr
fscanf
printf
atol
strstr
strrchr
feof

psapi

GetProcessImageFileNameA

iphlpapi

GetAdaptersInfo

pdh

PdhCloseQuery
PdhGetFormattedCounterValue
PdhOpenQueryA
PdhAddEnglishCounterA
PdhCollectQueryData

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 692KB - Virtual size: 981KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a550e3d6b73801a96fadc1fbe81ee93d

Headers

DLL Characteristics

File Characteristics

Imports

soundlib

winmm

ss3dgfunc

wsock32

dinput8

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

freeimage

msvcp120

msvcr120

psapi

iphlpapi

pdh

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 202KB - Virtual size: 202KB

.data Size: 692KB - Virtual size: 981KB

.rsrc Size: 102KB - Virtual size: 101KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 202KB - Virtual size: 202KB

.data
Size: 692KB - Virtual size: 981KB

.rsrc
Size: 102KB - Virtual size: 101KB