23c1bbef06069cb4f24a24fbcd33f54e398a5c20434394256daf858a34e93dca

Sharing

Copy URL Twitter E-mail

General

Target

23c1bbef06069cb4f24a24fbcd33f54e398a5c20434394256daf858a34e93dca
Size

12.5MB
MD5

b58d5347afade980a29bbf3af87c1681
SHA1

26537ede56506db00ed6711dafd6ad187fe9d32d
SHA256

23c1bbef06069cb4f24a24fbcd33f54e398a5c20434394256daf858a34e93dca
SHA512

b1df6f017b0f7594fb40c7c3835d4ee2c44f77ce7625d8c9763d5e1e076eb37c6dcb52e9276021f2430e2d6ee79085d79648f7f94bf1c71e04cb9f0b2c6f816a
SSDEEP

196608:VuUabr4cbfe2rOmlMlgcuMTY8+5lVYn0lsF:Vo4cTChMJVq0ls

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23c1bbef06069cb4f24a24fbcd33f54e398a5c20434394256daf858a34e93dca

Files

23c1bbef06069cb4f24a24fbcd33f54e398a5c20434394256daf858a34e93dca
.exe windows:4 windows x86 arch:x86

bb50ffcb5dd78b11f3f14f09b2bcd5c7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\autobuild\clt275\versions\2.75\data\bin\client.pdb

Imports

imm32

ImmSetCompositionStringA
ImmReleaseContext
ImmGetContext
ImmAssociateContext
ImmGetCompositionStringW
ImmSetCompositionWindow

kernel32

GetVersion
VirtualProtect
VirtualAlloc
GetSystemInfo
IsBadStringPtrA
InterlockedExchange
ExitProcess
OutputDebugStringA
GetEnvironmentVariableA
GetSystemDirectoryA
GetWindowsDirectoryA
GetProcessHeap
GetComputerNameA
GetCommandLineA
SetFilePointer
ReadFile
SetConsoleScreenBufferSize
GetStdHandle
SetConsoleTitleA
AllocConsole
SetConsoleTextAttribute
IsProcessorFeaturePresent
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalMemoryStatus
GetDiskFreeSpaceExA
GetDriveTypeA
GetLogicalDriveStringsA
InterlockedIncrement
InterlockedDecrement
CreateEventA
SetEvent
ReleaseSemaphore
OutputDebugStringW
FindResourceW
FindResourceA
SizeofResource
LoadResource
LockResource
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
GetFileSize
GetExitCodeProcess
MoveFileA
GetCurrentThreadId
WaitForSingleObject
CreateSemaphoreA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
CreateProcessA
InitializeCriticalSection
VirtualFree
LoadLibraryExA
FormatMessageA
LocalFree
MultiByteToWideChar
DuplicateHandle
CreateThread
SetThreadPriority
DeleteCriticalSection
LeaveCriticalSection
GetModuleFileNameA
GetLocalTime
EnterCriticalSection
SetUnhandledExceptionFilter
TerminateThread
IsBadReadPtr
GetLastError
CloseHandle
GetCurrentProcess
GetCurrentProcessId
CreateFileA
GetTempPathA
GetVersionExA
ReadProcessMemory
GetCurrentThread
SetLastError
ResumeThread
lstrcpynA
lstrlenA
GetThreadContext
GlobalAlloc
lstrcpyW
GlobalFree
GetConsoleTitleA
MulDiv
lstrcatA
lstrcpyA
GlobalLock
GlobalUnlock
CompareStringW
CompareStringA
SetEndOfFile
CreateFileW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
SetConsoleCtrlHandler
IsBadWritePtr
SwitchToThread
Sleep
WideCharToMultiByte
InterlockedCompareExchange
RaiseException
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetFileAttributesA
SuspendThread
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
DeleteFileA
SetFileAttributesA
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
CreateDirectoryA
GetFullPathNameA
FindNextFileA
RemoveDirectoryA
ExitThread
LCMapStringA
LCMapStringW
GetCPInfo
WriteFile
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
HeapDestroy
HeapCreate
FatalAppExitA
HeapReAlloc
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetConsoleCP
GetConsoleMode
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetTimeZoneInformation
GetStartupInfoA

user32

DrawTextA
GetKeyState
EnumDisplaySettingsA
MessageBoxA
SetClassLongA
LoadIconA
SetCursor
LoadCursorA
GetCursorPos
SetWindowTextW
SetWindowTextA
GetFocus
GetSystemMetrics
SetCursorPos
GetClassNameA
DrawTextW
GetWindowTextA
EnumChildWindows
EnumWindows
PeekMessageA
GetLastActivePopup
GetActiveWindow
GetWindowLongA
ChangeDisplaySettingsA
MoveWindow
GetParent
AdjustWindowRect
SetWindowLongA
SetWindowPos
ClientToScreen
GetClientRect
DestroyWindow
SetWindowLongW
GetWindowLongW
DefWindowProcW
CloseClipboard
MessageBoxW
OpenClipboard
IsClipboardFormatAvailable
GetWindowRect
ScreenToClient
ReleaseCapture
GetCapture
SetCapture
IsIconic
EndPaint
BeginPaint
CreateWindowExW
SetRect
RegisterClassExW
DispatchMessageW
TranslateMessage
PeekMessageW
ShowWindow
SendMessageA
MapVirtualKeyExA
GetKeyboardLayout
ClipCursor
GetClassLongA
GetMenu
SetMenu
EnableWindow
wsprintfA
EndDialog
GetDlgItem
DispatchMessageA
TranslateAcceleratorA
LoadAcceleratorsA
ReleaseDC
GetDC
GetIconInfo
FindWindowA
SetClipboardData
EmptyClipboard
FillRect
PostQuitMessage
GetClipboardData

gdi32

TextOutW
GetTextExtentPoint32W
RemoveFontMemResourceEx
GetObjectA
GetDIBits
CreateCompatibleDC
CreateDIBSection
GetTextMetricsA
GetDeviceCaps
CreateFontA
SelectObject
SetTextColor
SetBkColor
SetTextAlign
GetTextExtentPoint32A
ExtTextOutA
DeleteObject
DeleteDC
GetStockObject
GetTextFaceA
CreateFontIndirectA
AddFontMemResourceEx
AddFontResourceExA
SetBkMode
CreateCompatibleBitmap
SetMapMode
SetDIBits

advapi32

RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
GetUserNameA
RegSetValueExA
RegCloseKey

shell32

ShellExecuteA
ExtractIconA

winmm

mmioOpenA
mmioAdvance
mmioGetInfo
mmioRead
mmioDescend
mmioInstallIOProcA
mmioClose
timeGetTime

d3d8

Direct3DCreate8

dsound

ord11

dbghelp

StackWalk
SymFunctionTableAccess
SymGetModuleBase
SymGetLineFromAddr
SymCleanup
SymLoadModule
SymInitialize
SymSetOptions
SymGetOptions
SymGetSymFromAddr

ddraw

DirectDrawCreateEx

ws2_32

bind
closesocket
recv
htons
listen
send
connect
htonl
ntohl
inet_addr
WSACleanup
WSAStartup
__WSAFDIsSet
select
WSAGetLastError
gethostbyname
accept
ioctlsocket
socket
getpeername
inet_ntoa
sendto
recvfrom
setsockopt
getsockopt
ntohs
getsockname

dinput8

DirectInput8Create

Sections

.text
Size: 10.5MB - Virtual size: 10.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 240KB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb50ffcb5dd78b11f3f14f09b2bcd5c7

Headers

File Characteristics

PDB Paths

Imports

imm32

kernel32

user32

gdi32

advapi32

shell32

winmm

d3d8

dsound

dbghelp

ddraw

ws2_32

dinput8

Sections

.text Size: 10.5MB - Virtual size: 10.5MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 240KB - Virtual size: 2.8MB

.data1 Size: 4KB - Virtual size: 2KB

.rsrc Size: 160KB - Virtual size: 159KB

.text
Size: 10.5MB - Virtual size: 10.5MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 240KB - Virtual size: 2.8MB

.data1
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 160KB - Virtual size: 159KB