cf2fe8e403827f13c7e0d1e143e99b8f689a43103efe64ac0a2e33516936e4e3

Sharing

Copy URL

Twitter E-mail

General

Target

cf2fe8e403827f13c7e0d1e143e99b8f689a43103efe64ac0a2e33516936e4e3
Size

740KB
MD5

a0f8c5a24a5412a4f89f9905dcaf3e90
SHA1

f6d96a1b54b2ba6e5cd639afe6218500b32f137b
SHA256

cf2fe8e403827f13c7e0d1e143e99b8f689a43103efe64ac0a2e33516936e4e3
SHA512

13d0d31776156af621416dcf134e488c960ff2ab36920a6f0dc324d0512520f2e74555c60664a89149be0c573541ba0692845eba5198b7a2aa922150ab4e1044
SSDEEP

12288:HYexiAkrYXLFBRjKwuhv9CkprbIop/a2GZlUxS4T3IFNEGHSjwGicYKETyPaGk:Hiy5O3CKvb/a2IUxS4TcEOSjwGKKXPa/

Score

N/A

Malware Config

Signatures

Files

cf2fe8e403827f13c7e0d1e143e99b8f689a43103efe64ac0a2e33516936e4e3
.exe windows x86

6886c1360c1200707009e4ee06ad73b9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetLocalTime
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
ExitThread
CreateThread
HeapReAlloc
GetStartupInfoA
Sleep
ExitProcess
HeapSize
VirtualFree
HeapCreate
GetStdHandle
GetACP
IsValidCodePage
SetHandleCount
GetFileType
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
RtlUnwind
GetStringTypeW
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
GetFileTime
GetFileSizeEx
GetFileAttributesA
SleepEx
GetDriveTypeA
FileTimeToLocalFileTime
SetErrorMode
FileTimeToSystemTime
GetModuleHandleW
GetOEMCP
GetCPInfo
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
WritePrivateProfileStringA
InterlockedIncrement
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
InterlockedDecrement
GetModuleFileNameW
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
GetCurrentProcessId
SetLastError
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
CompareStringA
lstrcmpA
GetModuleHandleA
FormatMessageA
LocalFree
lstrcpynA
LoadLibraryA
GetModuleFileNameA
CreateDirectoryA
FreeResource
GlobalLock
GlobalUnlock
MulDiv
ResumeThread
CreateEventA
SetEvent
WaitForSingleObject
ResetEvent
FlushInstructionCache
GetSystemTime
GetPrivateProfileIntA
GetPrivateProfileStringA
LoadLibraryExA
GetProcAddress
GetTickCount
lstrcatA
WinExec
lstrcpyA
GetCurrentProcess
TerminateProcess
FreeLibrary
GlobalAlloc
GlobalFree
GetCommandLineA
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
FindResourceA
LoadResource
LockResource
SizeofResource
InterlockedExchange
CreateMutexA
GetLastError
ReleaseMutex
GetStringTypeA
CloseHandle

user32

SetFocus
GetWindowTextLengthA
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
GetDlgCtrlID
GetMenu
IntersectRect
GetWindowPlacement
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
SetWindowsHookExA
CallNextHookEx
GetActiveWindow
GetKeyState
PeekMessageA
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
PostQuitMessage
GetMessageA
TranslateMessage
DispatchMessageA
GetCursorPos
SendNotifyMessageA
RemovePropA
FindWindowExA
ShowOwnedPopups
UpdateWindow
OffsetRect
DrawTextA
TrackMouseEvent
ScreenToClient
GetCapture
SetCursor
LoadImageA
SetRect
CallWindowProcA
DefWindowProcA
CopyRect
GetSysColor
FillRect
ReleaseDC
DestroyWindow
KillTimer
wsprintfA
CreatePopupMenu
AppendMenuA
DestroyMenu
GetWindowTextA
SetWindowTextA
DrawIconEx
ShowWindow
GetWindowLongA
SetWindowLongA
GetDesktopWindow
TrackPopupMenu
ClientToScreen
SetForegroundWindow
SetActiveWindow
SetTimer
GetClientRect
GetWindowRect
CreateDialogIndirectParamA
EndDialog
IsIconic
GetSystemMetrics
RegisterWindowMessageA
MessageBeep
SetWindowRgn
CloseWindow
FindWindowA
GetWindow
MoveWindow
SystemParametersInfoA
IsZoomed
GetDlgItem
IsWindowVisible
SetWindowPos
SendMessageA
PtInRect
ReleaseCapture
IsWindow
GetDCEx
GetSystemMenu
PostThreadMessageA
ShowScrollBar
RegisterClipboardFormatA
BringWindowToTop
GetDC
IsMenu
SetMenuDefaultItem
GetAsyncKeyState
InvalidateRect
EnableWindow
LoadCursorA
PostMessageA
RedrawWindow
SetCapture
GetParent
GetNextDlgTabItem
GetNextDlgGroupItem
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableA
UnregisterClassA
GetSysColorBrush
WindowFromPoint
CharNextA
GetPropA
CharUpperA
IsDialogMessageA
SetWindowContextHelpId
MapDialogRect
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
TabbedTextOutA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetClassLongA
GetClassNameA
MessageBoxA
SetPropA

gdi32

StretchBlt
ExcludeClipRect
CreateFontA
GetDeviceCaps
GetTextExtentPoint32A
SetTextColor
SetBkMode
CreateBitmap
GetClipBox
SetBkColor
SaveDC
RestoreDC
SetStretchBltMode
SetMapMode
IntersectClipRect
LineTo
MoveToEx
SetTextCharacterExtra
GetViewportExtEx
GetWindowExtEx
PtVisible
GetStockObject
TextOutA
SetPixel
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePen
CreateFontIndirectA
CreateRectRgnIndirect
GetMapMode
DPtoLP
GetBkColor
GetTextColor
GetRgnBox
RectVisible
CreateSolidBrush
GetDIBits
CreateRectRgn
GetPixel
CombineRgn
StrokePath
BitBlt
CreateCompatibleBitmap
CreateDIBSection
DeleteObject
GetObjectA
SetDIBColorTable
SelectObject
DeleteDC
GetCurrentObject
ExtTextOutA
CreateCompatibleDC

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegOpenKeyA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegEnumKeyA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegQueryValueA

shell32

SHAppBarMessage
ShellExecuteA
SHGetSpecialFolderPathA

shlwapi

PathFindExtensionA
PathFileExistsA
PathFindFileNameA
PathRemoveFileSpecW
PathStripToRootA
PathFindExtensionW
PathIsUNCA

oledlg

ord8

ole32

CLSIDFromProgID
CLSIDFromString
CoUninitialize
CoCreateInstance
CoInitializeEx
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CreateStreamOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard

oleaut32

OleCreateFontIndirect
SysAllocStringByteLen
SysFreeString
SysStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
VariantTimeToSystemTime
OleLoadPicture
VariantCopy
SafeArrayDestroy
SystemTimeToVariantTime
SysAllocString

cmnfunc

?ConnectServer@CGameLink@@QAEHPBDPAUHWND__@@@Z
?SendCmd@CGameLink@@QAEHEPBDH@Z
?IsConnectOK@CGameLink@@QAEHXZ
?RecvCmd@CGameLink@@QAEHAAEPADAAH@Z
?CloseConnect@CGameLink@@QAEXXZ
??0CGameLink@@QAE@XZ
??1CGameLink@@UAE@XZ

gdiplus

GdipCreateFromHDC
GdipCreateSolidFill
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipDrawLine
GdipDrawString
GdipDrawImageRectI
GdipCloneBrush
GdipSetInterpolationMode
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdipGetImageGraphicsContext
GdipDrawImageI
GdipCloneImage
GdiplusShutdown
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipDeleteBrush
GdipCreatePen1
GdipDeletePen
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif

winmm

PlaySoundA

ws2_32

ntohl

comctl32

_TrackMouseEvent

Sections

.text
Size: 540KB - Virtual size: 539KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6886c1360c1200707009e4ee06ad73b9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

cmnfunc

gdiplus

winmm

ws2_32

comctl32

Sections

.text Size: 540KB - Virtual size: 539KB

.rdata Size: 130KB - Virtual size: 129KB

.data Size: 18KB - Virtual size: 107KB

.rsrc Size: 51KB - Virtual size: 50KB

.text
Size: 540KB - Virtual size: 539KB

.rdata
Size: 130KB - Virtual size: 129KB

.data
Size: 18KB - Virtual size: 107KB

.rsrc
Size: 51KB - Virtual size: 50KB