4c7ac290a31fdb9d2a51b46a11cd41015e6bede88bb9f4b3c5bdd62a269dc9f8

Sharing

Copy URL Twitter E-mail

General

Target

4c7ac290a31fdb9d2a51b46a11cd41015e6bede88bb9f4b3c5bdd62a269dc9f8
Size

3.4MB
MD5

556787270cc6313fdf5f40aba91ea960
SHA1

af50bbe543a27d3fa4fcd9ecd5fbfd54f1f06b95
SHA256

4c7ac290a31fdb9d2a51b46a11cd41015e6bede88bb9f4b3c5bdd62a269dc9f8
SHA512

3611fad0bf87ef7ed03f69598e1395e220202563a30b5433f6282484e0d00fc915dc820cdf6f219be5c3637c3ac9f021398512d9f67756f6e0cb774d615a7c3d
SSDEEP

49152:6vonV2r1abvsm+xKfnjqhy9I2h9xjJmHXnrqrJXUVoJ5DZVKZM+naGC/Q1gIbnMp:6vNmdLqhyGRqrInaGC/c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c7ac290a31fdb9d2a51b46a11cd41015e6bede88bb9f4b3c5bdd62a269dc9f8

Files

4c7ac290a31fdb9d2a51b46a11cd41015e6bede88bb9f4b3c5bdd62a269dc9f8
.exe windows:6 windows x86 arch:x86

f6785c6ecf6808bb07e0e8791fb2825f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
OpenProcess
Process32First
Module32Next
Module32First
GetCurrentProcessId
CreateToolhelp32Snapshot
CloseHandle
HeapFree
GetProcessHeap
HeapAlloc
GetLastError
GetCurrentProcess
CreateThread
FindFirstFileA
FindNextFileA
FindClose
SetEndOfFile
WriteConsoleW
HeapSize
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
HeapReAlloc
SetStdHandle
DeleteFileW
CreateProcessW
GetExitCodeProcess
CreateFileA
CreateDirectoryW
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
Process32Next
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetModuleHandleA
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedPushEntrySList
RaiseException
RtlUnwind
GetFileSizeEx
VerifyVersionInfoA
VerSetConditionMask
WaitForMultipleObjects
GetFileType
GetStdHandle
GetEnvironmentVariableA
MoveFileExA
SleepEx
FormatMessageW
SetLastError
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
UnhandledExceptionFilter
CreateEventW
ResetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
ReadProcessMemory
IsValidLocale
Sleep
DeviceIoControl
MultiByteToWideChar
GetCurrentDirectoryW
GetTickCount
GetSystemInfo
SetEvent
WaitForSingleObject
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
SetFileAttributesA
CheckRemoteDebuggerPresent
GetPriorityClass
MoveFileA
GetCurrentDirectoryA
lstrlenA
GetPrivateProfileStringA
DeleteFileA
GetModuleFileNameA
GlobalFree
GetFileAttributesExW
GetModuleHandleW
GetSystemTimeAsFileTime
LCMapStringEx
DecodePointer
EncodePointer
GetStringTypeW
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryEnterCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetExitCodeThread
GetCurrentThreadId
WaitForSingleObjectEx
QueryPerformanceFrequency
IsProcessorFeaturePresent
HeapValidate
QueryPerformanceCounter
ReleaseSemaphore
GetLocaleInfoA
CompareStringA
WideCharToMultiByte
GlobalLock
GlobalUnlock
LoadLibraryA
GetVersionExA
GetSystemDirectoryA
OutputDebugStringA
WinExec
GetCurrentThread
SetUnhandledExceptionFilter
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetFileSize
CreateDirectoryA
WaitNamedPipeW
PeekNamedPipe
WriteFile
ReadFile
CreateFileW
lstrlenW
GetModuleFileNameW
GlobalAlloc
GetProcAddress
FreeLibrary
GetFullPathNameW

user32

CharNextExA
CharPrevExA
SetWindowPos
SystemParametersInfoA
CharNextW
LoadStringA
GetSystemMetrics
DestroyWindow
CloseClipboard
OpenClipboard
GetKeyboardLayout
GetKeyboardLayoutNameA
DispatchMessageA
TranslateMessage
GetMessageA
LoadCursorA
AdjustWindowRectEx
GetMenu
RegisterClassA
SetWindowLongA
GetWindowLongA
UpdateWindow
SetFocus
MoveWindow
IsWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
DefWindowProcA
LoadIconA
ScreenToClient
GetCursorPos
PostQuitMessage
GetCapture
ShowWindow
ChangeDisplaySettingsA
ReleaseCapture
SetCapture
SetCursorPos
SetCursor
ShowCursor
DestroyCursor
GetAsyncKeyState
SetRect
OffsetRect
GetClientRect
ClientToScreen
PeekMessageA
ReleaseDC
FillRect
GetDC
InvalidateRect
FindWindowA
LoadImageA
GetKeyState
GetClipboardData
MessageBoxA
FlashWindowEx

gdi32

GetTextExtentPoint32A
CreateFontIndirectA
StretchBlt
DeleteObject
CreateSolidBrush
GetTextExtentPoint32W
SelectObject
SetBkColor
SetTextColor
TextOutW
CreateCompatibleDC
DeleteDC
SetBkMode
GetStockObject
EnumFontFamiliesExA
TextOutA
CreateDIBSection
GetCharABCWidthsFloatW

advapi32

CryptAcquireContextW
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyA
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData

shell32

SHGetSpecialFolderPathA

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoInitializeEx
OleSetContainedObject
OleUninitialize
CoGetClassObject
OleInitialize

winmm

timeEndPeriod
timeGetDevCaps
timeBeginPeriod
timeGetTime

d3d8

Direct3DCreate8

python27

Py_InitModule4
Py_BuildValue
PyExc_RuntimeError
PyTuple_GetItem
PyInt_AsLong
PyList_New
PyString_FromString
PyList_Append
PyModule_AddIntConstant
PyTuple_Size
PyDict_GetItemString
PyLong_AsLong
PyLong_FromLongLong
PyTuple_New
PyDict_New
PyDict_SetItemString
PyTuple_SetItem
PyArg_ParseTuple
PyInt_FromLong
PyDict_Size
PyDict_Next
PyString_InternFromString
PyObject_GetAttrString
PyObject_GetAttr
PyCallable_Check
PyLong_AsLongLong
PyFloat_AsDouble
PyString_AsString
PyErr_SetString
PyErr_BadArgument
PyErr_Print
PyObject_CallObject
PyNumber_Check
_Py_NoneStruct
PyModule_GetDict
PyErr_Fetch
Py_SetProgramName
Py_Initialize
Py_Finalize
PyRun_StringFlags
PyImport_AddModule
PyImport_ImportModule
PyErr_Clear

iphlpapi

GetAdaptersInfo
GetPerAdapterInfo

imm32

ImmIsIME
ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmGetIMEFileNameA
ImmSetCompositionStringW
ImmGetCandidateListW
ImmGetConversionStatus
ImmSetConversionStatus
ImmGetOpenStatus
ImmGetCompositionStringW
ImmNotifyIME

devil

ilInit
ilSetPixels
ilTexImage
ilSave
ilShutDown
ilDeleteImages
ilCopyPixels
ilConvertImage
ilGetInteger
ilLoad
ilOriginFunc
ilEnable
ilBindImage
ilGenImages

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

imagehlp

StackWalk
GetTimestampForLoadedLibrary
EnumerateLoadedModules

granny2

_GrannySetControlEaseInCurve@28
_GrannySetControlEaseOut@8
_GrannyGetControlLocalDuration@4
_GrannyGetControlRawLocalClock@4
_GrannySetControlRawLocalClock@8
_GrannyPlayControlledAnimation@12
_GrannyGetMeshTriangleGroupCount@4
_GrannyGetMeshTriangleGroups@4
_GrannyGetMeshVertexType@4
_GrannyCopyMeshVertices@12
_GrannyGetMeshVertices@4
_GrannyCopyMeshIndices@12
_GrannySetControlSpeed@8
_GrannyGetControlSpeed@4
_GrannySetControlLoopCount@8
_GrannyGetControlLoopCount@4
_GrannyFreeControlIfComplete@4
_GrannyControlIsComplete@4
_GrannyCompleteControlAt@8
_GrannyFreeControlOnceUnused@4
_GrannyGetMaterialTextureByType@8
_GrannyFindMatchingMember@16
GrannyPNT332VertexType
_GrannyGetMeshIndexCount@4
_GrannyDeformVertices@24
_GrannyFreeMeshDeformer@4
_GrannyNewMeshDeformer@16
_GrannyConvertSingleObject@20
_GrannyReadEntireFileFromMemory@8
_GrannyFreeFileSection@8
_GrannyFreeFile@4
_GrannyGetFileInfo@4
_GrannyGetSourceSkeleton@4
_GrannySetModelClock@8
_GrannyFreeCompletedModelControls@4
_GrannySampleModelAnimationsAccelerated@20
_GrannyUpdateModelMatrix@20
_GrannyNewLocalPose@4
_GrannyFreeLocalPose@4
_GrannyGetWorldPoseComposite4x4Array@4
_GrannyInstantiateModel@4
_GrannyFreeModelInstance@4
_GrannyNewMeshBinding@12
_GrannyFreeMeshBinding@4
_GrannyGetMeshBindingToBoneIndices@4
_GrannyFindBoneByName@12
_GrannyNewWorldPose@4
_GrannySetControlEaseIn@8
_GrannyFreeWorldPose@4
_GrannyGetWorldPose4x4@8
_GrannyGetWorldPoseComposite4x4@8
_GrannyGetTotalTypeSize@4
_GrannyGetMeshVertexCount@4
_GrannyMeshIsRigid@4
_GrannySetControlEaseOutCurve@28
_GrannyFreeControl@4

mss32

_AIL_shutdown@0
_AIL_set_3D_orientation@28
_AIL_set_redist_directory@4
_AIL_set_3D_velocity@20
_AIL_set_3D_position@16
_AIL_stream_volume_levels@12
_AIL_set_stream_loop_count@8
_AIL_close_3D_listener@4
_AIL_open_3D_listener@4
_AIL_close_stream@4
_AIL_open_3D_provider@4
_AIL_enumerate_3D_providers@12
_AIL_close_digital_driver@4
_AIL_open_stream@12
_AIL_open_digital_driver@16
_AIL_file_type@8
_AIL_decompress_ADPCM@12
_AIL_release_sample_handle@4
_AIL_decompress_ASI@24
_AIL_WAV_info@8
_AIL_set_file_callbacks@16
_AIL_start_stream@4
_AIL_pause_stream@8
_AIL_close_3D_provider@4
_AIL_set_stream_volume_levels@12
_AIL_file_read@8
_AIL_stream_status@4
_AIL_last_error@0
_AIL_allocate_sample_handle@4
_AIL_auto_update_3D_position@8
_AIL_3D_sample_volume@4
_AIL_3D_sample_status@4
_AIL_set_3D_sample_loop_count@8
_AIL_set_3D_sample_volume@8
_AIL_set_3D_sample_file@8
_AIL_startup@0
_AIL_end_3D_sample@4
_AIL_resume_3D_sample@4
_AIL_stop_3D_sample@4
_AIL_start_3D_sample@4
_AIL_release_3D_sample_handle@4
_AIL_allocate_3D_sample_handle@4
_AIL_sample_volume_pan@12
_AIL_sample_status@4
_AIL_set_sample_loop_count@8
_AIL_set_sample_volume_pan@12
_AIL_end_sample@4
_AIL_resume_sample@4
_AIL_stop_sample@4
_AIL_start_sample@4
_AIL_set_sample_file@12
_AIL_init_sample@4
_AIL_mem_free_lock@4

speedtreert

?SetTextureFlip@CSpeedTreeRT@@SAX_N@Z
?GetCollisionObjectCount@CSpeedTreeRT@@QAEIXZ
?GetCurrentError@CSpeedTreeRT@@SAPBDXZ
?GetBoundingBox@CSpeedTreeRT@@QBEXPAM@Z
?GetTextures@CSpeedTreeRT@@QBEXAAUSTextures@1@@Z
?GetGeometry@CSpeedTreeRT@@QAEXAAUSGeometry@1@KFFF@Z
?GetNumFrondLodLevels@CSpeedTreeRT@@QBEGXZ
?GetNumLeafLodLevels@CSpeedTreeRT@@QBEGXZ
?GetNumBranchLodLevels@CSpeedTreeRT@@QBEGXZ
?GetCollisionObject@CSpeedTreeRT@@QAEXIAAW4ECollisionObjectType@1@PAM1@Z
?SetTime@CSpeedTreeRT@@SAXM@Z
?SetWindStrength@CSpeedTreeRT@@QAEMMMM@Z
?SetNumWindMatrices@CSpeedTreeRT@@SAXI@Z
?SetLightState@CSpeedTreeRT@@SAXI_N@Z
?SetLightAttributes@CSpeedTreeRT@@SAXIPBM@Z
?SetCamera@CSpeedTreeRT@@SAXPBM0@Z
??0SGeometry@CSpeedTreeRT@@QAE@XZ
??1SGeometry@CSpeedTreeRT@@QAE@XZ
??0STextures@CSpeedTreeRT@@QAE@XZ
??1STextures@CSpeedTreeRT@@QAE@XZ
??0CSpeedTreeRT@@QAE@XZ
??1CSpeedTreeRT@@QAE@XZ
??2CSpeedTreeRT@@SAPAXI@Z
??3CSpeedTreeRT@@SAXPAX@Z
?Compute@CSpeedTreeRT@@QAE_NPBMI_N@Z
?MakeInstance@CSpeedTreeRT@@QAEPAV1@XZ
?SetLodLimits@CSpeedTreeRT@@QAEXMM@Z
?LoadTree@CSpeedTreeRT@@QAE_NPBD@Z
?LoadTree@CSpeedTreeRT@@QAE_NPBEI@Z
?SetTreeSize@CSpeedTreeRT@@QAEXMM@Z
?GetTreePosition@CSpeedTreeRT@@QBEPBMXZ
?SetTreePosition@CSpeedTreeRT@@QAEXMMM@Z
?SetBranchLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetLeafLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetFrondLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?GetBranchMaterial@CSpeedTreeRT@@QBEPBMXZ
?GetLeafMaterial@CSpeedTreeRT@@QBEPBMXZ
?GetFrondMaterial@CSpeedTreeRT@@QBEPBMXZ
?SetLeafRockingState@CSpeedTreeRT@@QAEX_N@Z
?SetNumLeafRockingGroups@CSpeedTreeRT@@QAEXI@Z
?SetLeafWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetBranchWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetFrondWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetLocalMatrices@CSpeedTreeRT@@QAEXII@Z
?ComputeLodLevel@CSpeedTreeRT@@QAEXXZ
?SetLodLevel@CSpeedTreeRT@@QAEXM@Z
?SetDropToBillboard@CSpeedTreeRT@@SAX_N@Z

dinput8

DirectInput8Create

ws2_32

WSACleanup
htonl
ntohl
__WSAFDIsSet
recvfrom
WSAGetLastError
socket
send
bind
getpeername
getsockname
getsockopt
setsockopt
WSASetLastError
WSAIoctl
accept
listen
getaddrinfo
freeaddrinfo
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAStartup
sendto
select
recv
inet_addr
ntohs
closesocket
connect
ioctlsocket
htons
gethostbyname
gethostname

ddraw

DirectDrawCreate

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine

wldap32

ord60
ord45
ord50
ord41
ord211
ord26
ord46
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord217
ord143
ord27
ord22

normaliz

IdnToAscii

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 468KB - Virtual size: 468KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 188KB - Virtual size: 676KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f6785c6ecf6808bb07e0e8791fb2825f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

winmm

d3d8

python27

iphlpapi

imm32

devil

version

imagehlp

granny2

mss32

speedtreert

dinput8

ws2_32

ddraw

oleaut32

crypt32

wldap32

normaliz

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 468KB - Virtual size: 468KB

.data Size: 188KB - Virtual size: 676KB

.data1 Size: 2KB - Virtual size: 2KB

.rsrc Size: 135KB - Virtual size: 134KB

.reloc Size: 129KB - Virtual size: 129KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 468KB - Virtual size: 468KB

.data
Size: 188KB - Virtual size: 676KB

.data1
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 135KB - Virtual size: 134KB

.reloc
Size: 129KB - Virtual size: 129KB