e7b13e53fd7a977f33b8e74aa9bda3b73f4cce7ff77c5398077ea187ca99c244

Sharing

Copy URL

Twitter E-mail

General

Target

e7b13e53fd7a977f33b8e74aa9bda3b73f4cce7ff77c5398077ea187ca99c244
Size

2.8MB
MD5

ee2cb0f699f4cb624e5e4e23d8cb61f3
SHA1

9256611b45bd08b7d412a6ed000df6cd6ea0bd61
SHA256

e7b13e53fd7a977f33b8e74aa9bda3b73f4cce7ff77c5398077ea187ca99c244
SHA512

989457a60d59f5e3fd4f1c6c58cb6a9a1bc7a9f347ba18489cb2918825f954f54daa6620413e6e6d0c5fc827710542d1d11afec8c07d8ae1ae7760da5cf40ce4
SSDEEP

49152:o0uAdKDRwl/QC6Ogax1ecGVPglWxfCJBcK5L/HkykU/SFYTWiBPq5F2ZG+:mP1g0x6cyi+PZt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e7b13e53fd7a977f33b8e74aa9bda3b73f4cce7ff77c5398077ea187ca99c244

Files

e7b13e53fd7a977f33b8e74aa9bda3b73f4cce7ff77c5398077ea187ca99c244
.exe windows:5 windows x86 arch:x86

a152f9e7055bae251122c6221ae9c4df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

soundlib

CreateSoundLib

winmm

timeGetTime

ss3dgfunc

_TransformVector3_VPTR2@16
_RotatePositionWithPivot@24
_CalcDistance@8
_MatrixMultiply2@12
_TransformV3TOV4@16
_SetInverseMatrix@8
_SetRotationXMatrix@8
_CrossProduct@12
_VECTOR3Length@4
_COLORtoDWORD@16
_WriteTGA@24
_Normalize@8
_SetRotationYMatrix@8

wsock32

WSAStartup
inet_addr
WSACleanup
send
socket
closesocket
connect
htons
ioctlsocket
recv
gethostbyname

dinput8

DirectInput8Create

wininet

InternetOpenA
HttpSendRequestA
HttpOpenRequestA
InternetQueryDataAvailable
InternetConnectA
InternetReadFile
InternetCloseHandle

kernel32

GetProcessHeap
LoadLibraryExW
QueryPerformanceCounter
IsProcessorFeaturePresent
EncodePointer
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
VirtualQuery
GetModuleFileNameW
OutputDebugStringW
LocalFree
GetFileSize
CloseHandle
GetLocalTime
OpenFile
IsDBCSLeadByte
CreateDirectoryA
GetTickCount
DeleteFileA
GetModuleFileNameA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WaitForSingleObject
ReadFile
CreatePipe
CreateProcessA
GetStartupInfoA
GetCurrentDirectoryA
WideCharToMultiByte
SetCurrentDirectoryA
CreateToolhelp32Snapshot
Process32First
Process32Next
Module32First
Module32Next
lstrcmpA
lstrcpyA
OutputDebugStringA
FreeLibrary
GetProcAddress
LoadLibraryA
CreateFileA
VerSetConditionMask
OpenProcess
GetCurrentProcess
GetCurrentProcessId
ExitProcess
CreateThread
GetCurrentThreadId
GetProcessId
GetThreadContext
ResumeThread
IsDebuggerPresent
SetEvent
WaitForMultipleObjects
DuplicateHandle
lstrcmpiA
lstrcatA
CreateEventA
GetLogicalDriveStringsA
GetModuleHandleA
QueryDosDeviceA
GetPriorityClass
VerifyVersionInfoA
InterlockedCompareExchange
MulDiv
WriteFile
FindClose
RemoveDirectoryA
FindFirstFileA
FindNextFileA
MultiByteToWideChar
InterlockedExchange
GetPrivateProfileStringA
WritePrivateProfileStringA
GetTempPathA
SetFileAttributesA
CopyFileA
GetVersionExA
GetSystemTime
lstrlenA

user32

CreateWindowExA
RegisterClassExA
DefWindowProcA
RegisterHotKey
PeekMessageA
DispatchMessageA
TranslateMessage
ReleaseDC
GetDC
ScreenToClient
GetCursorPos
ShowWindow
SetCapture
IsClipboardFormatAvailable
GetClipboardData
OffsetRect
GetWindowThreadProcessId
EnumWindows
FindWindowExA
FindWindowA
GetWindowTextA
CopyRect
PostMessageA
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
CharPrevA
CharNextA
MessageBoxA
SetRect
wsprintfA
GetSystemMetrics
UpdateWindow
ShowCursor
LoadIconA
SetCursor
LoadCursorFromFileA
GetClientRect
ReleaseCapture

gdi32

DeleteObject
GetTextExtentPoint32A
SelectObject
GetDeviceCaps
GetStockObject
CreateFontIndirectA

advapi32

RegQueryInfoKeyA
RegCloseKey
RegQueryValueExA
GetUserNameA
LookupAccountSidA
GetTokenInformation
RegOpenKeyExA
OpenProcessToken

shell32

ShellExecuteA

ole32

CoInitialize
CoFreeUnusedLibraries
CoUninitialize
CoCreateInstance

oleaut32

VariantClear

freeimage

_FreeImage_ConvertTo16Bits565@4
_FreeImage_SaveJPEG@12
_FreeImage_Unload@4
_FreeImage_GetInfo@4
_FreeImage_GetBits@4
_FreeImage_Load@12

msvcp120

?_BADOFF@std@@3_JB
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Winerror_map@std@@YAPBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Syserror_map@std@@YAPBDH@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Orphan_all@_Container_base12@std@@QAEXXZ
??1_Container_base12@std@@QAE@XZ
??0_Container_base12@std@@QAE@XZ
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Swap_all@_Container_base12@std@@QAEXAAU12@@Z
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0id@locale@std@@QAE@I@Z

msvcr120

_vsnprintf
_mbsnbicmp
_beginthreadex
realloc
toupper
_CIatan2
atof
strtok
malloc
free
strcpy_s
strncmp
memchr
fputc
fgetc
feof
_localtime64
_i64toa
_atoi64
fputs
srand
_itoa_s
ftell
_libm_sse2_tan_precise
_pgmptr
memcpy_s
fflush
fgetpos
fgets
fsetpos
_fseeki64
setvbuf
ungetc
_lock_file
_unlock_file
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
isalpha
_strnicmp
exit
sprintf_s
_access
_mkdir
strcpy
_wassert
??1type_info@@UAE@XZ
_lock
_unlock
__dllonexit
_onexit
_except1
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_except_handler4_common
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
_ismbblead
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
_acmdln
_fmode
_commode
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
?terminate@@YAXXZ
_findclose
_findfirst64i32
_findnext64i32
_itoa
_calloc_crt
??3@YAXPAX@Z
_libm_sse2_cos_precise
_libm_sse2_sin_precise
__CxxFrameHandler3
??2@YAPAXI@Z
??_V@YAXPAX@Z
memset
strncpy
fclose
fopen
fprintf
_purecall
rand
sprintf
memcpy
fread
fseek
fwrite
sscanf
memmove
atoi
vsprintf
_CxxThrowException
_libm_sse2_sqrt_precise
_strupr
fscanf
printf
atol
strstr
fopen_s
_time64
strrchr
strncat

psapi

GetProcessImageFileNameA

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 750KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a152f9e7055bae251122c6221ae9c4df

Headers

DLL Characteristics

File Characteristics

Imports

soundlib

winmm

ss3dgfunc

wsock32

dinput8

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

freeimage

msvcp120

msvcr120

psapi

iphlpapi

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 209KB - Virtual size: 209KB

.data Size: 750KB - Virtual size: 1.1MB

.rsrc Size: 102KB - Virtual size: 102KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 209KB - Virtual size: 209KB

.data
Size: 750KB - Virtual size: 1.1MB

.rsrc
Size: 102KB - Virtual size: 102KB