969c901f064c92ec4f3a08e4fafcbc9238b43462c5fe9134f4471d9941efffc2

Sharing

Copy URL Twitter E-mail

General

Target

969c901f064c92ec4f3a08e4fafcbc9238b43462c5fe9134f4471d9941efffc2
Size

196KB
MD5

673486847179dafc43499c7231c98310
SHA1

bcc3e84de56bce39770b3bc94f505cde0e57ad3c
SHA256

969c901f064c92ec4f3a08e4fafcbc9238b43462c5fe9134f4471d9941efffc2
SHA512

b36f9690e2bcab09c610027b890e269ff1f70dbd020d935b944dfe2a4b105141247a60798665bb2d639eaa995a172a8ecd7159a0cf930e4174f6eaf01e5e2a7c
SSDEEP

3072:z4w7Z7HOpwd9UMRpRMHKv4wMTIkY8lF0gZfeV6IZVT7edVjluzPVn+7j:z4IouyKv4dIC0gZfuZVT7iWjy

Score

N/A

Malware Config

Signatures

Files

969c901f064c92ec4f3a08e4fafcbc9238b43462c5fe9134f4471d9941efffc2
.dll windows x86

d317b33e65855ba389b68c6cbd4ec627

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateThread
InterlockedDecrement
HeapFree
lstrcmpiW
LocalFree
GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetCPInfo
GetOEMCP
IsBadCodePtr
IsBadReadPtr
VirtualQuery
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
MultiByteToWideChar
GetStdHandle
SetHandleCount
UnhandledExceptionFilter
HeapSize
TerminateProcess
GetModuleFileNameA
GetCurrentProcessId
GetModuleHandleW
GetModuleFileNameW
lstrlenA
CreateProcessW
lstrcpynW
LoadLibraryW
CreateDirectoryW
WideCharToMultiByte
lstrcpyW
QueryPerformanceCounter
GetModuleHandleA
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetCommandLineA
CreateThread
GetLastError
GetCurrentThreadId
GetSystemTimeAsFileTime
ExitProcess
RtlUnwind
RaiseException
GetVersionExA
lstrcmpiA
lstrcmpW
lstrcpynA
lstrcatW
Sleep
lstrcmpA
HeapReAlloc
CreateFileW
ReadFile
SetFilePointer
GetFileSize
SetEndOfFile
GetTickCount
GetProcessHeap
HeapAlloc
GetCurrentProcess
FlushInstructionCache
InitializeCriticalSection
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
WriteFile
GetProcAddress
WaitForSingleObject
GetCurrentThread
CloseHandle
ExitThread
lstrlenW
lstrcpyA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetFileType

user32

CopyRect
GetWindow
SystemParametersInfoW
MapWindowPoints
SetWindowPos
IsDialogMessageW
MessageBoxW
GetDlgItem
SendMessageW
EnableWindow
ReleaseDC
GetDC
CallWindowProcW
CreateWindowExW
SetWindowLongW
DestroyWindow
GetWindowLongW
PostMessageW
SetWindowTextW
MoveWindow
GetWindowRect
GetClientRect
ScreenToClient
ShowWindow
GetParent
GetClassInfoExW
RedrawWindow
SetTimer
FillRect
RegisterClassExW
LoadStringW
CreateDialogParamW
GetDesktopWindow
wsprintfA
wsprintfW
BringWindowToTop
SetFocus
EndPaint
BeginPaint
DefWindowProcW
KillTimer

gdi32

CreateDIBitmap
SetViewportOrgEx
CreateCompatibleBitmap
DeleteObject
CreateSolidBrush
DeleteDC
BitBlt
CreateDIBSection
CreateCompatibleDC
SelectObject

comdlg32

GetOpenFileNameW

shell32

ShellExecuteW

oleaut32

SafeArrayUnlock
SysAllocString
VariantInit
VariantClear
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayLock
SafeArrayGetVartype
SafeArrayCopy
SafeArrayDestroy
SafeArrayRedim
SafeArrayCreate
DispCallFunc
SafeArrayUnaccessData
SafeArrayAccessData
SysFreeString

shlwapi

StrRChrW
StrToIntA
PathCreateFromUrlW
StrCmpNA
PathRemoveFileSpecW
PathFileExistsW
PathAppendW
StrCmpNIW
StrCmpNIA
StrCmpNW

atl71

ord47
ord66
ord65
ord43
ord44
ord45
ord42
ord11
ord10

commonlib

??0CMyBuffer@Buffer@Common@@QAE@XZ
?GetDataLength@CMyBuffer@Buffer@Common@@QBEHXZ
?ToArray@CMyBuffer@Buffer@Common@@QBEPBDXZ
??1CMyBuffer@Buffer@Common@@QAE@XZ

pluginkernel

ord1
ord3

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetCrackUrlW

ws2_32

send
closesocket
__WSAFDIsSet
socket
recv
setsockopt
shutdown
inet_addr
htons
WSAGetLastError
select
htonl
connect
gethostbyname
ntohl

garenaskin1

_GetColor@4
_InstallSkin@0
_UninstallSkin@0

garena.exe

ord21
ord9
ord7
ord28
ord15
ord29
ord22
ord11

Sections

.text
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d317b33e65855ba389b68c6cbd4ec627

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

oleaut32

shlwapi

atl71

commonlib

pluginkernel

wininet

ws2_32

garenaskin1

garena.exe

Sections

.text Size: 132KB - Virtual size: 129KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 8KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 304B

.reloc Size: 12KB - Virtual size: 11KB

.rmnet Size: 12KB - Virtual size: 12KB

.text
Size: 132KB - Virtual size: 129KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 304B

.reloc
Size: 12KB - Virtual size: 11KB

.rmnet
Size: 12KB - Virtual size: 12KB