yureaka[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

yureaka.exe
Size

1.1MB
MD5

7fa87ff9cea8c728813d928968959ef3
SHA1

eca88109fca185f969b4fffe4a9312fb87235653
SHA256

1f6a631b2cacbbda61b6cf13e104cd12b79071d9bd60de76c13bec0d74041e97
SHA512

9f8b6e06e08b6912d7d8531ec6fd3ea0412dd053d6f0960f995c3aa642a08937ae83853928306cac9cd543478db08a02d8ff9db96fa33ae7453a1baff56db130
SSDEEP

24576:dnEzmPQ4CnUIQCCn1qIE02EFRN/hqwriT+A0J1T3VvtS+7G6pSW:Wm47UIQD1qe2sUFT+A81Zvt5i6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
yureaka.exe

Files

yureaka.exe
.exe windows:5 windows x86 arch:x86

4a4558b80dc6dcb3dbf320e9525f7c74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\TamoSys\program\Release\Game.pdb

Imports

kernel32

CreateSemaphoreA
GetPrivateProfileIntA
MoveFileA
FindFirstFileA
OutputDebugStringA
FindNextFileA
SetFilePointer
FindClose
SetCurrentDirectoryA
GetTempPathA
CreateFileA
GetVersionExA
DeleteFileA
GlobalAlloc
GlobalFree
WritePrivateProfileStringA
GlobalLock
GetFileSize
GlobalMemoryStatusEx
GetDiskFreeSpaceExA
GlobalUnlock
Sleep
SetFileTime
CopyFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
GetLocalTime
lstrcpyA
SizeofResource
FindResourceA
LockResource
LoadResource
VirtualProtect
GetSystemInfo
FreeLibrary
GetProcAddress
LoadLibraryA
GetLastError
DecodePointer
WriteConsoleW
ReadConsoleW
SetEndOfFile
HeapReAlloc
HeapSize
GetConsoleMode
GetConsoleCP
FlushFileBuffers
CreateFileW
CreateThread
WaitForSingleObjectEx
OutputDebugStringW
SetConsoleCtrlHandler
GetProcessHeap
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindFirstFileExA
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
LoadLibraryExA
GetModuleFileNameA
GetPrivateProfileStringA
GetEnvironmentVariableA
GetDateFormatW
HeapAlloc
SetFilePointerEx
lstrlenA
GetDriveTypeA
CloseHandle
WriteFile
ReadFile
SetStdHandle
GetStringTypeW
GetFileType
HeapFree
GetCurrentThread
GetACP
GetStdHandle
WideCharToMultiByte
VirtualQuery
MultiByteToWideChar
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
GetLogicalDrives
GetVolumeInformationA
CreateDirectoryA
GetCurrentProcess
GetModuleHandleA
IsWow64Process
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue

user32

GetWindowTextA
SetRect
DispatchMessageA
LoadCursorA
IsDialogMessageA
GetWindowLongA
RegisterClassA
SetFocus
TranslateMessage
LoadIconA
PeekMessageA
UnregisterClassA
PostQuitMessage
DefDlgProcA
GetAsyncKeyState
WINNLSEnableIME
MonitorFromPoint
GetWindowRect
wsprintfA
SetWindowPos
EndDialog
GetSystemMetrics
MessageBeep
DialogBoxParamA
ShowWindow
GetDlgItemTextA
DestroyWindow
GetMonitorInfoA
MoveWindow
CreateWindowExA
SetDlgItemTextA
SendMessageA
GetDlgItem
UpdateWindow
EnableWindow
FindWindowA
ReleaseDC
CreateIconIndirect
EnumDisplayMonitors
GetDC
SetWindowTextA
GetActiveWindow
MessageBoxA

gdi32

CreateFontIndirectA
CreateDIBSection
CreateBitmap
DeleteObject
GetStockObject

shell32

SHGetSpecialFolderPathA
SHGetFileInfoA
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA

imm32

ImmSetConversionStatus
ImmSetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

timeGetTime

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

shlwapi

PathFileExistsA
PathAddExtensionA
PathIsDirectoryA
PathUnquoteSpacesA
PathRenameExtensionA
PathRemoveFileSpecA

sensapi

IsNetworkAlive

comdlg32

GetSaveFileNameA

ole32

CoTaskMemFree

Sections

.text
Size: 649KB - Virtual size: 649KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 275KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a4558b80dc6dcb3dbf320e9525f7c74

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

imm32

winmm

version

shlwapi

sensapi

comdlg32

ole32

Sections

.text Size: 649KB - Virtual size: 649KB

.rdata Size: 114KB - Virtual size: 113KB

.data Size: 7KB - Virtual size: 1.9MB

.rsrc Size: 275KB - Virtual size: 275KB

.reloc Size: 33KB - Virtual size: 33KB

.text
Size: 649KB - Virtual size: 649KB

.rdata
Size: 114KB - Virtual size: 113KB

.data
Size: 7KB - Virtual size: 1.9MB

.rsrc
Size: 275KB - Virtual size: 275KB

.reloc
Size: 33KB - Virtual size: 33KB