CreateObject
GetHandlerProperty
General
-
Target
nestopia_1.49-win32.zip
-
Size
1.2MB
-
MD5
78a77eef732a72b9f20e570bac371665
-
SHA1
e30ae5fb91afbf0051e75f5ee3bf701449920afb
-
SHA256
c8823be9c7f29ee98ce3d9fcfb46febde2fb2b39e4e66d91f9cf5e41717dac00
-
SHA512
fe5c15078796f8d7469dd02a5e6f03ef1b7b0ebc4e026f3cc14c4686368ed5263fd41eb8ced46d71fc02adc3c023b8a79c9ec791240c1a03ce276a869e988b5f
-
SSDEEP
24576:g5Hd5iN2d3dCU9YKJxR2M6gUSywFnZyIRMrARQxMqlD3VSee:gNd5iW1SKJx36ZmFnZjM86xFSee
Score
9/10
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
resource yara_rule static1/unpack001/kailleraclient.dll acprotect -
resource yara_rule static1/unpack001/kailleraclient.dll upx
Files
-
nestopia_1.49-win32.zip.zip
-
7zxa.dll.dll windows x86
dd1fcfec6ca1a2b0bfb46d7f425f87a4
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
user32
CharUpperW
CharUpperA
oleaut32
SysFreeString
SysAllocStringByteLen
VariantClear
SysAllocString
kernel32
GetStringTypeW
GetStringTypeA
LCMapStringW
VirtualAlloc
VirtualFree
GetProcAddress
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
CloseHandle
WriteFile
CreateEventA
LeaveCriticalSection
EnterCriticalSection
ResetEvent
SetEvent
WaitForSingleObject
WaitForMultipleObjects
CreateThread
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
GetSystemInfo
HeapAlloc
HeapFree
RaiseException
RtlUnwind
GetCommandLineA
GetVersion
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
HeapReAlloc
IsBadWritePtr
ExitProcess
SetUnhandledExceptionFilter
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
InterlockedDecrement
InterlockedIncrement
LCMapStringA
Exports
Exports
Sections
.text Size: 120KB - Virtual size: 120KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 37KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
COPYING
-
ChangeLog.txt
-
NstDatabase.xml
-
kailleraclient.dll.dll windows x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Exports
Exports
_kailleraChatSend@4
_kailleraEndGame@0
_kailleraGetVersion@4
_kailleraInit@0
_kailleraModifyPlayValues@8
_kailleraSelectServerDialog@4
_kailleraSetInfos@4
_kailleraShutdown@0
Sections
UPX0 Size: - Virtual size: 56KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 27KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
language/english.nlg.dll windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.rsrc Size: 59KB - Virtual size: 59KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
nestopia.exe.exe windows x86
2d8cd2c42c45b7197c81f22854b920fc
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CompareStringA
GetUserDefaultLangID
HeapFree
HeapAlloc
HeapReAlloc
EncodePointer
DecodePointer
ExitThread
ResumeThread
CreateThread
GetCommandLineA
HeapSetInformation
HeapCreate
ExitProcess
GetStdHandle
RaiseException
IsProcessorFeaturePresent
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
TlsGetValue
TlsSetValue
TlsFree
SetLastError
RtlUnwind
GetModuleFileNameA
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
InterlockedExchange
GetConsoleCP
GetConsoleMode
SetStdHandle
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LoadLibraryA
GetModuleHandleA
CreateFileA
InitializeCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
GetLocalTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SetEvent
GetSystemInfo
LockResource
SizeofResource
LoadResource
GlobalUnlock
GlobalLock
CloseHandle
FlushFileBuffers
ReadFile
WriteFile
SetEndOfFile
SetFilePointer
GetFileSize
WaitForSingleObject
SetThreadPriority
GetCurrentThread
GetTickCount
FindClose
LocalFree
GetCurrentThreadId
GetLastError
Sleep
GetProcessHeap
FreeLibrary
TlsAlloc
GetCommandLineW
user32
GetDlgCtrlID
ShowScrollBar
GetForegroundWindow
GetSysColorBrush
GetKeyState
GetCursorPos
EnumThreadWindows
OpenClipboard
CloseClipboard
DestroyCursor
DestroyMenu
SendInput
TranslateMessage
SetWindowPlacement
ScreenToClient
IsZoomed
SetForegroundWindow
GetFocus
GetParent
GetDlgItem
GetWindowTextLengthA
GetWindowPlacement
GetWindowTextA
GetDC
ReleaseDC
GetTopWindow
GetClientRect
AdjustWindowRectEx
GetWindow
UnhookWindowsHookEx
GetActiveWindow
ShowWindow
DestroyAcceleratorTable
GetSubMenu
InvalidateRect
SetWindowPos
GetSystemMetrics
IsWindowVisible
SetWindowTextA
ValidateRect
GetWindowThreadProcessId
GetMenuBarInfo
ClientToScreen
DestroyWindow
GetWindowRect
EndDialog
SetTimer
DeleteMenu
KillTimer
PostQuitMessage
SetCursor
GetMenu
CheckMenuRadioItem
EnableMenuItem
GetMenuState
SetMenu
DrawMenuBar
SetMenuInfo
GetMenuItemCount
CheckMenuItem
SetFocus
IsChild
GetAsyncKeyState
LockWindowUpdate
IsWindowEnabled
CallNextHookEx
IsIconic
gdi32
GetDeviceCaps
SetDIBitsToDevice
DeleteObject
SelectObject
Rectangle
CreatePen
GetStockObject
CreateSolidBrush
advapi32
RegCloseKey
shell32
DragQueryPoint
SHGetMalloc
CommandLineToArgvW
DragFinish
SHGetFolderPathW
ole32
CoUninitialize
CoInitializeEx
oleaut32
VariantClear
comctl32
ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControlsEx
avifil32
AVIStreamSetFormat
AVIFileInit
AVIFileOpenW
AVIFileExit
AVIStreamWrite
AVIFileCreateStreamW
AVIMakeCompressedStream
AVIFileRelease
AVIStreamRelease
msvfw32
ICCompressorChoose
ICCompressorFree
shlwapi
StrStrW
StrStrIW
StrCmpW
StrIsIntlEqualW
SHDeleteKeyW
PathCompactPathExW
StrTrimW
winmm
mmioAscend
mmioSetInfo
mmioDescend
mmioSeek
mmioGetInfo
timeEndPeriod
timeGetTime
timeBeginPeriod
timeGetDevCaps
mmioRead
mmioWrite
mmioAdvance
mmioCreateChunk
mmioClose
d3d9
Direct3DCreate9
d3dx9_43
D3DXVec2Hermite
D3DXSaveSurfaceToFileW
D3DXCreateTexture
D3DXCreateFontW
dinput8
DirectInput8Create
dsound
ord3
ord11
Sections
.text Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 167KB - Virtual size: 166KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 383KB - Virtual size: 383KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
unrar.dll.dll windows x86
244d2f9772f4886a651db44514a2a29b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetFileSecurityA
SetFileSecurityW
kernel32
CloseHandle
CompareStringA
CompareStringW
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
DeviceIoControl
ExitProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCPInfo
GetCurrentProcess
GetCurrentThreadId
GetEnvironmentStrings
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
IsDBCSLeadByte
LCMapStringA
LoadLibraryA
LocalFileTimeToFileTime
MoveFileA
MultiByteToWideChar
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleCount
Sleep
SystemTimeToFileTime
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WideCharToMultiByte
WriteFile
user32
CharLowerA
CharLowerW
CharToOemA
CharToOemBuffA
CharUpperA
CharUpperW
EnumThreadWindows
MessageBoxA
OemToCharA
OemToCharBuffA
wsprintfA
Exports
Exports
RARCloseArchive
RARGetDllVersion
RAROpenArchive
RAROpenArchiveEx
RARProcessFile
RARProcessFileW
RARReadHeader
RARReadHeaderEx
RARSetCallback
RARSetChangeVolProc
RARSetPassword
RARSetProcessDataProc
___CPPdebugHook
Sections
.text Size: 133KB - Virtual size: 136KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 15KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.edata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ