a4f70b74fd9d2c9bf6c9ed830216a34b3b4a49ce4db4bec52f0a0f33c05b385a[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

a4f70b74fd9d2c9bf6c9ed830216a34b3b4a49ce4db4bec52f0a0f33c05b385a.exe
Size

29.9MB
MD5

83c1a32f47f5d6caf86e5b580a83d660
SHA1

46f42e0f2009cb1598727155e0528b2b275e0435
SHA256

a4f70b74fd9d2c9bf6c9ed830216a34b3b4a49ce4db4bec52f0a0f33c05b385a
SHA512

6b651e600c62facecb58ddaf74ed63dde960de8ad4f2100461cf532fe5bc8f0ce11e42d03d8ec34cf342c27706470c32a7722ed994d0f8e9dca6b87745f85d9c
SSDEEP

786432:pwGzJEQHI1mwdGRZOv0CfcNkrrMv0PWZWfd0d0l:nI1z4uvdM8uZ1dm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a4f70b74fd9d2c9bf6c9ed830216a34b3b4a49ce4db4bec52f0a0f33c05b385a.exe

Files

a4f70b74fd9d2c9bf6c9ed830216a34b3b4a49ce4db4bec52f0a0f33c05b385a.exe
.exe windows:6 windows x64 arch:x64

6d0d61f86c8fb7f9a39f968616770726

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

gamedriver.pdb

Imports

kernel32

QueryPerformanceFrequency
CheckRemoteDebuggerPresent
SetThreadExecutionState
SetFilePointerEx
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
SwitchToThread
GetSystemInfo
GetStdHandle
GetConsoleMode
MultiByteToWideChar
WriteConsoleW
GetModuleHandleA
GetProcAddress
SetLastError
CreateWaitableTimerExW
SetWaitableTimer
Sleep
GetEnvironmentVariableW
GetModuleFileNameW
CreateFileW
SetFileInformationByHandle
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
CreateDirectoryW
FindFirstFileW
FindClose
IsDebuggerPresent
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetExitCodeProcess
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
GetCurrentProcessId
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
ExitProcess
GetSystemTimePreciseAsFileTime
GetProcessTimes
OpenProcess
GetProcessIoCounters
ReadProcessMemory
GetSystemTimes
VirtualQueryEx
LocalFree
GlobalMemoryStatusEx
K32GetPerformanceInfo
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
WaitForSingleObject
GetCurrentProcess
GetTickCount64
GetComputerNameExW
GetLastError
CloseHandle
HeapAlloc
GetProcessHeap
HeapReAlloc
GetSystemDirectoryW
HeapFree
GetModuleHandleW

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WakeByAddressAll
WaitOnAddress
WakeByAddressSingle

ntdll

NtQueryInformationProcess
NtWriteFile
RtlNtStatusToDosError
RtlGetVersion
NtQuerySystemInformation

advapi32

IsValidSid
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
GetTokenInformation
OpenProcessToken
RegSetValueExW
SystemFunction036
GetLengthSid
CopySid
RegCloseKey

oleaut32

SysStringLen
VariantClear
SysAllocStringLen
SafeArrayDestroy
SafeArrayAccessData
GetErrorInfo
SysFreeString
SafeArrayUnaccessData

propsys

VariantToPropVariant
PropVariantToBSTR

ole32

CoSetProxyBlanket
CoInitializeEx
CoCreateInstance
CoInitializeSecurity
PropVariantClear

pdh

PdhOpenQueryA
PdhCollectQueryData
PdhAddEnglishCounterW
PdhGetFormattedCounterValue
PdhRemoveCounter
PdhCloseQuery

bcrypt

BCryptGenRandom

shell32

ShellExecuteExW
CommandLineToArgvW

psapi

GetModuleFileNameExW

powrprof

CallNtPowerInformation

vcruntime140

memcmp
__current_exception_context
__current_exception
__C_specific_handler
memmove
memset
memcpy

api-ms-win-crt-string-l1-1-0

wcslen

api-ms-win-crt-runtime-l1-1-0

_get_initial_narrow_environment
exit
_initterm_e
_exit
_initterm
_initialize_narrow_environment
_seh_filter_exe
__p___argc
terminate
_crt_atexit
__p___argv
_register_onexit_function
_initialize_onexit_table
_cexit
_set_app_type
_configure_narrow_argv
_register_thread_local_exe_atexit_callback
_c_exit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28.7MB - Virtual size: 28.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d0d61f86c8fb7f9a39f968616770726

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

bcryptprimitives

api-ms-win-core-synch-l1-2-0

ntdll

advapi32

oleaut32

propsys

ole32

pdh

bcrypt

shell32

psapi

powrprof

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 28.7MB - Virtual size: 28.7MB

.data Size: 114KB - Virtual size: 113KB

.pdata Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 292B

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 28.7MB - Virtual size: 28.7MB

.data
Size: 114KB - Virtual size: 113KB

.pdata
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 292B