OneLife[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

OneLife.exe
Size

4.8MB
MD5

5398287dcfd88ca1aca92fa7d1e38c0b
SHA1

60a936ca053e62bc486649250fa54d05a85eb1e6
SHA256

f861ad2b2d9942baa51903b7e429c4848434745b1c69b0265b398f12e0e30285
SHA512

fedba2783b5d2a150e3142a0d14b17f07e79fe9e080b9386b92842a9d3475f4b49c8f88d76cb6a5f8f2738dea6e5de59d1946b2e4ff57672d7b52797c48797f2
SSDEEP

49152:BApo1a4LgBaSDEafgzA5bxyyJq/cf3j2sjDDZe9XdfaznWPAkp7gA:BA9REuyE7SsPI96WPAm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
OneLife.exe

Files

OneLife.exe
.exe windows:4 windows x86 arch:x86

73981957d5f6748cfd1315bb6edadace

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext

glu32

gluBuild2DMipmaps
gluLookAt
gluPerspective
gluProject

kernel32

CloseHandle
CreateMutexA
CreateSemaphoreA
CreateThread
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FreeLibrary
GetCommandLineA
GetCurrentThreadId
GetFileAttributesA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GlobalAlloc
GlobalLock
GlobalUnlock
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
ReleaseMutex
ReleaseSemaphore
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

_chmod
_mkdir
_stat
_utime
_write
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_errno
_filelengthi64
_findclose
_findfirst
_findnext
_fullpath
_iob
_isctype
_onexit
_pctype
_rmdir
_setmode
_spawnvp
_stat
abort
atan
atan2
atexit
atoi
calloc
ceil
cos
ctime
difftime
exit
exp
fclose
fflush
fgetc
fgetpos
floor
fmod
fopen
fprintf
fputc
fputs
fread
free
freopen
fscanf
fseek
fsetpos
ftell
fwrite
getenv
gmtime
ldexp
localeconv
localtime
log
malloc
memcmp
memcpy
memmove
memset
mktime
perror
pow
printf
putchar
puts
qsort
realloc
remove
rename
rewind
setbuf
setlocale
setvbuf
signal
sin
sprintf
sqrt
sscanf
strchr
strcmp
strcpy
strlen
strncmp
strrchr
strstr
strtol
system
tan
time
tolower
toupper
vfprintf
vprintf
vsprintf
wcslen

opengl32

glAlphaFunc
glBegin
glBindTexture
glBlendFunc
glClear
glClearColor
glColor4f
glColorMask
glColorPointer
glCullFace
glDeleteTextures
glDisable
glDisableClientState
glDrawArrays
glEnable
glEnableClientState
glEnd
glFrontFace
glGenTextures
glGetDoublev
glGetError
glGetIntegerv
glGetString
glIsEnabled
glLoadIdentity
glMatrixMode
glOrtho
glPixelStorei
glPopMatrix
glPushMatrix
glReadPixels
glScissor
glStencilFunc
glStencilOp
glTexCoord2f
glTexCoordPointer
glTexEnvf
glTexEnvi
glTexImage2D
glTexParameteri
glTexSubImage2D
glVertex2d
glVertex3d
glVertexPointer
glViewport

sdl

SDL_CloseAudio
SDL_CreateCursor
SDL_EnableKeyRepeat
SDL_EnableUNICODE
SDL_FreeCursor
SDL_GL_GetAttribute
SDL_GL_SetAttribute
SDL_GL_SwapBuffers
SDL_GetAppState
SDL_GetError
SDL_GetModState
SDL_GetMouseState
SDL_GetVideoInfo
SDL_Init
SDL_ListModes
SDL_LockAudio
SDL_OpenAudio
SDL_PauseAudio
SDL_PollEvent
SDL_Quit
SDL_SetCursor
SDL_SetModuleHandle
SDL_SetVideoMode
SDL_ShowCursor
SDL_UnlockAudio
SDL_WM_GrabInput
SDL_WM_IconifyWindow
SDL_WM_SetCaption
SDL_WarpMouse
SDL_putenv
SDL_strlcat
SDL_strlcpy

user32

CloseClipboard
EmptyClipboard
GetClipboardData
OpenClipboard
SetClipboardData

wsock32

WSAGetLastError
WSAStartup
accept
bind
closesocket
connect
gethostbyname
gethostname
getpeername
getsockname
getsockopt
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohs
recv
select
send
setsockopt
shutdown
socket

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stab
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stabstr
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 333KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/78
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/89
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

73981957d5f6748cfd1315bb6edadace

Headers

File Characteristics

Imports

advapi32

glu32

kernel32

msvcrt

opengl32

sdl

user32

wsock32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.data Size: 22KB - Virtual size: 22KB

.rdata Size: 69KB - Virtual size: 69KB

/4 Size: 138KB - Virtual size: 138KB

.bss Size: - Virtual size: 104KB

.idata Size: 7KB - Virtual size: 6KB

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 3KB - Virtual size: 3KB

.stab Size: 30KB - Virtual size: 30KB

.stabstr Size: 168KB - Virtual size: 168KB

/14 Size: 38KB - Virtual size: 37KB

/29 Size: 1.8MB - Virtual size: 1.8MB

/41 Size: 121KB - Virtual size: 120KB

/55 Size: 333KB - Virtual size: 332KB

/67 Size: 55KB - Virtual size: 55KB

/78 Size: 349KB - Virtual size: 349KB

/89 Size: 43KB - Virtual size: 43KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 22KB - Virtual size: 22KB

.rdata
Size: 69KB - Virtual size: 69KB

/4
Size: 138KB - Virtual size: 138KB

.bss
Size: - Virtual size: 104KB

.idata
Size: 7KB - Virtual size: 6KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 3KB - Virtual size: 3KB

.stab
Size: 30KB - Virtual size: 30KB

.stabstr
Size: 168KB - Virtual size: 168KB

/14
Size: 38KB - Virtual size: 37KB

/29
Size: 1.8MB - Virtual size: 1.8MB

/41
Size: 121KB - Virtual size: 120KB

/55
Size: 333KB - Virtual size: 332KB

/67
Size: 55KB - Virtual size: 55KB

/78
Size: 349KB - Virtual size: 349KB

/89
Size: 43KB - Virtual size: 43KB