2ce5540b99144c551559b4f002bfe66c4c641f14ccf6a105f0f4bd7ee5af0608

Sharing

Copy URL Twitter E-mail

General

Target

2ce5540b99144c551559b4f002bfe66c4c641f14ccf6a105f0f4bd7ee5af0608
Size

760KB
MD5

6cb59a3381aee6237f3b6d1d02a0c860
SHA1

1f280ddf9dfb6fdcf3c885aec076abefd6c97a35
SHA256

2ce5540b99144c551559b4f002bfe66c4c641f14ccf6a105f0f4bd7ee5af0608
SHA512

7c0c91834bbb00abb37c441241a123c92ca4a36b81afcd1fd248835b715288412142521132f4b4854e89353962941a60453dcfcedfa9f463734bbbd0f6a1edd2
SSDEEP

12288:siDpXbM2BLaY4ot71wGsxCI9J7q+0a2/ruBSHqUNU9eGB04pNTsb5M9SsPu:sOFLaHox1wGsxjTW/D8eGB04LTm+Sou

Score

N/A

Malware Config

Signatures

Files

2ce5540b99144c551559b4f002bfe66c4c641f14ccf6a105f0f4bd7ee5af0608
.exe windows x86

ae51ce918cd3893570b983128cf86b69

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
GetFileType
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
IsBadReadPtr
SetHandleCount
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetStdHandle
GetLocaleInfoW
SetEnvironmentVariableA
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
GetCurrentProcessId
QueryPerformanceCounter
HeapSize
TerminateProcess
HeapReAlloc
FindNextFileA
SetCurrentDirectoryA
GetCommandLineA
GetStartupInfoA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapAlloc
GetSystemTimeAsFileTime
HeapFree
RtlUnwind
ExitProcess
GetFileTime
FileTimeToLocalFileTime
SetErrorMode
GetCurrentDirectoryA
FileTimeToSystemTime
GetOEMCP
GetCPInfo
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
GlobalFlags
DeleteCriticalSection
InitializeCriticalSection
RaiseException
InterlockedIncrement
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetTickCount
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LoadLibraryA
FreeLibrary
lstrcatA
lstrcmpW
GetModuleHandleA
GetProcAddress
GetCurrentThreadId
CloseHandle
InterlockedDecrement
SetLastError
MulDiv
GlobalAlloc
FormatMessageA
lstrcpynA
LocalFree
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
MultiByteToWideChar
IsDBCSLeadByte
GetFileAttributesA
Sleep
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetLocalTime
CreateDirectoryA
WideCharToMultiByte
GetModuleFileNameA
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
IsBadCodePtr
InterlockedExchange

user32

LoadBitmapA
ShowWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
SetFocus
IsChild
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
MessageBoxA
TrackPopupMenu
SetScrollPos
GetScrollPos
SetForegroundWindow
GetMenu
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
GetMenuCheckMarkDimensions
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
PtInRect
GetWindow
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
SetWindowsHookExA
CallNextHookEx
GetMessageA
PostMessageA
EnableWindow
UpdateWindow
GetClientRect
SetTimer
KillTimer
SendMessageA
ScreenToClient
GetDC
ReleaseDC
LoadCursorA
LoadImageA
GetCursorPos
LoadIconA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
PeekMessageA
ValidateRect
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
CheckMenuItem
EnableMenuItem
ModifyMenuA
SetMenuItemBitmaps
PostQuitMessage
SetCursor
GetDesktopWindow
GetActiveWindow
SetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatA
SetWindowPos
wsprintfA
InflateRect
RedrawWindow
GetSysColor
GetWindowRect
InvalidateRect
CharUpperA
MoveWindow
EndDialog
TranslateAcceleratorA
FindWindowA
PostThreadMessageA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
SetRect
IsRectEmpty
GetMenuItemInfoA
GetSysColorBrush
CharNextA
DestroyCursor
SetCursorPos
SetCapture
LoadMenuA
DestroyMenu
UnpackDDElParam
ReuseDDElParam
ReleaseCapture
LoadAcceleratorsA
InsertMenuItemA
SetMenu
SetRectEmpty
CopyRect
BringWindowToTop
CreatePopupMenu

gdi32

Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateBitmap
CreateCompatibleDC
GetStockObject
RectVisible
CreateRectRgnIndirect
PatBlt
CreateCompatibleBitmap
CreateFontIndirectA
GetMapMode
GetBkColor
GetTextColor
ExtTextOutA
GetRgnBox
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
GetObjectA
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetStretchBltMode
GetTextExtentPoint32A
TextOutA
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreatePen
CreateSolidBrush
SetPixel
StretchBlt
SetDIBits
GetDIBits
GetCurrentObject
SetBrushOrgEx
Rectangle
CreateDIBSection
GetDeviceCaps
BitBlt

comdlg32

GetFileTitleA
GetOpenFileNameA
GetSaveFileNameA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegDeleteKeyA
RegEnumKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueA

shell32

DragFinish
DragQueryFileA
ShellExecuteA

comctl32

ord17
ImageList_Draw
ImageList_GetImageInfo
ImageList_Destroy

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
OleInitialize
CoRevokeClassObject
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CreateILockBytesOnHGlobal
CoTaskMemAlloc
CoTaskMemFree
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard

oleaut32

OleCreateFontIndirect
SysAllocStringByteLen
SysStringLen
VariantChangeType
SysAllocStringLen
VariantClear
VariantInit
SysFreeString
VariantCopy
SafeArrayDestroy
SystemTimeToVariantTime
SysAllocString

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

client_io

??1io_proxy@@UAE@XZ
?connect@io_proxy@@QAEXXZ
?is_connected@io_proxy@@QBE_NXZ
?add_xy_handler@io_proxy@@QAEXPAV?$protocol_handler@Vio_proxy@@@@@Z
?alloc_size@io_proxy@@QBEIPAX@Z
?alloc_packet@io_proxy@@QAEPADPAX@Z
?close@io_proxy@@QAEXXZ
?send_packet@io_proxy@@QAEXPADII@Z
?release_packet@io_proxy@@QAEXPAD@Z
?is_valid@io_proxy@@QBE_NXZ
?choose_allocator@io_proxy@@QAEPAXI@Z
??0io_proxy@@QAE@PBDK@Z

dsound

ord1

player_list

?hwnd@player_list@@QBEPAUHWND__@@XZ
?set_visible@player_list@@QAEXW4player_list_column@@_N@Z
?create@player_list@@QAE_NPAUHWND__@@I@Z
?get_player@player_list@@QAEPAV?$player_t@Vio_proxy@@@@I@Z
??0player_list@@QAE@PAVio_proxy@@PAVchat@@@Z
??1player_list@@UAE@XZ
?remove_player@player_list@@QAEXI@Z
?update_player@player_list@@QAEXI@Z
?add_player@player_list@@QAEXPBV?$player_t@Vio_proxy@@@@@Z
?set_self_id@player_list@@QAEXI@Z
?handle_protocol@player_list@@QAE_NAAVio_proxy@@IAAVbistream@@@Z

chat

?add_msg@chat@@QAEXPBDW4msg_type@1@@Z
?set_self_id@chat@@QAEXI@Z
??1chat@@UAE@XZ
?create@chat@@QAE_NPAUHWND__@@I@Z
??0chat@@QAE@PAVio_proxy@@PAVplayer_list@@@Z
?enable_sound@chat@@QAEX_N@Z
?handle_protocol@chat@@QAE_NAAVio_proxy@@IAAVbistream@@@Z

msimg32

AlphaBlend
TransparentBlt

Sections

.text
Size: 544KB - Virtual size: 543KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae51ce918cd3893570b983128cf86b69

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

version

client_io

dsound

player_list

chat

msimg32

Sections

.text Size: 544KB - Virtual size: 543KB

.rdata Size: 128KB - Virtual size: 125KB

.data Size: 20KB - Virtual size: 32KB

.rsrc Size: 64KB - Virtual size: 61KB

.text
Size: 544KB - Virtual size: 543KB

.rdata
Size: 128KB - Virtual size: 125KB

.data
Size: 20KB - Virtual size: 32KB

.rsrc
Size: 64KB - Virtual size: 61KB