4e32bec63d6c3bd84610060a50c7bffb89a7e19c2d41953b613d20f3d74dba2d

Sharing

Copy URL

Twitter E-mail

General

Target

4e32bec63d6c3bd84610060a50c7bffb89a7e19c2d41953b613d20f3d74dba2d
Size

3.2MB
MD5

07812bb2c19bbeb96f25aa87b0c08c89
SHA1

d2f120d2f3f784c61495f2fca3e8b3708b7bb00d
SHA256

4e32bec63d6c3bd84610060a50c7bffb89a7e19c2d41953b613d20f3d74dba2d
SHA512

a2b4cdc46ffe163b2e9f75c7dc3c9cd4e334f5473c61aec796b72169c3e14f482e6a95302c4e1b3a16069849d500c690f9e0c90711f31027aee8c6876639eb2a
SSDEEP

98304:iPccVoXKlwgxG7IAJ40zSiRNMKBMLaVae9F8w:2toXKlylLO2jBMLSa9w

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/ /pawno/pawno.exe	upx

Files

4e32bec63d6c3bd84610060a50c7bffb89a7e19c2d41953b613d20f3d74dba2d
.zip
announce.exe
.exe windows x86

5df40cb9994dcacb42f25de3fe7d92db

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostbyname
htons
socket
bind
connect
recv
send
closesocket
WSACleanup
WSAStartup

kernel32

GetFileType
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualProtect
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapFree
HeapAlloc
GetLastError
CloseHandle
GetProcAddress
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetFilePointer
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
GetACP
GetOEMCP
GetCPInfo
SetStdHandle
FlushFileBuffers
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
QueryPerformanceCounter
GetTickCount

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
gamemodes/123.amx
gamemodes/123.pwn
plugins/regex.so
.elf linux x86
plugins/sscanf.dll
.dll windows x86

303f44b5567e256b75461f4196f84ea3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr100

_onexit
_lock
_crt_debugger_hook
__dllonexit
_unlock
__clean_type_info_names_internal
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
tolower
??2@YAPAXI@Z
strtod
strstr
_except_handler4_common
sprintf
memset

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
IsDebuggerPresent

Exports

Exports

AmxLoad
AmxUnload
Load
Supports
Unload

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/sscanf.so
.elf linux x86
plugins/sscanf/SDK/amx/amx.h
plugins/sscanf/SDK/amx/getch.c
plugins/sscanf/SDK/amx/getch.h
plugins/sscanf/SDK/amx/sclinux.h
plugins/sscanf/SDK/amxplugin.cpp
plugins/sscanf/SDK/plugin.h
plugins/sscanf/SDK/plugincommon.h
plugins/sscanf/array.cpp
plugins/sscanf/array.h
plugins/sscanf/data.cpp
plugins/sscanf/data.h
plugins/sscanf/enum.cpp
plugins/sscanf/enum.h
plugins/sscanf/makefile
plugins/sscanf/specifiers.cpp
plugins/sscanf/specifiers.h
plugins/sscanf/sscanf.cpp
plugins/sscanf/sscanf.def
plugins/sscanf/sscanf.h
plugins/sscanf/sscanf.sln
plugins/sscanf/sscanf.suo
plugins/sscanf/sscanf.vcxproj
plugins/sscanf/sscanf.vcxproj.filters
plugins/sscanf/sscanf.vcxproj.user
plugins/sscanf/utils.cpp
plugins/sscanf/utils.h
plugins/streamer.dll
.dll windows x86

0d0a5f555a2103ec41c903522026d24a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FormatMessageA
LocalFree
VirtualQuery
VirtualProtect
GetTickCount
QueryPerformanceFrequency
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
IsProcessorFeaturePresent

msvcp100

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
_FInf
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?_BADOFF@std@@3_JB
?uncaught_exception@std@@YA_NXZ

msvcr100

??0exception@std@@QAE@XZ
malloc
memchr
_unlock
__dllonexit
_lock
_onexit
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_except_handler4_common
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_crt_debugger_hook
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
ceil
??0exception@std@@QAE@ABQBDH@Z
free
??2@YAPAXI@Z
??3@YAXPAX@Z
_purecall
strerror
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
__CxxFrameHandler3
_CxxThrowException
floor
memcpy
memmove

Exports

Exports

AmxLoad
AmxUnload
Load
ProcessTick
Supports
Unload

Sections

.text
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/streamer.so
.elf linux x86
samp-npc.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 42KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
samp-server.exe
.exe windows x86

0eed331a13471baad6960f2d6a40f2de

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteA

kernel32

GetTimeZoneInformation
SetConsoleMode
GetStdHandle
SetConsoleCursorPosition
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetConsoleWindowInfo
SetConsoleScreenBufferSize
AllocConsole
GetEnvironmentVariableA
SetLocalTime
GetLocalTime
Sleep
InitializeCriticalSection
InterlockedCompareExchange
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
AreFileApisANSI
CloseHandle
ReadFile
GetLastError
SetFilePointer
WriteFile
SetEndOfFile
FlushFileBuffers
GetFileSize
UnlockFile
LockFile
LockFileEx
UnlockFileEx
GetFileAttributesA
DeleteFileA
GetFileAttributesW
DeleteFileW
GetFileAttributesExW
LoadLibraryA
LoadLibraryW
GetProcAddress
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTime
GetSystemTimeAsFileTime
UnmapViewOfFile
GetTempPathA
GetTempPathW
LocalFree
FormatMessageA
FormatMessageW
GetFullPathNameA
GetFullPathNameW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
CreateFileA
CreateFileW
MapViewOfFile
CreateFileMappingA
QueryPerformanceFrequency
Module32Next
Module32First
CreateToolhelp32Snapshot
CreateThread
SetEvent
ReadConsoleA
WaitForSingleObject
TerminateThread
SetUnhandledExceptionFilter
CreateEventA
SetConsoleCtrlHandler
SetEnvironmentVariableA
GetCurrentDirectoryA
GetConsoleMode
ReadConsoleInputA
CompareStringW
CompareStringA
IsBadCodePtr
IsBadReadPtr
TlsGetValue
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetLocaleInfoA
GetCPInfo
GetStringTypeW
GetStringTypeA
InterlockedExchange
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
VirtualQuery
GetSystemInfo
VirtualProtect
UnhandledExceptionFilter
HeapAlloc
HeapFree
HeapReAlloc
RtlUnwind
ExitThread
GetCurrentThreadId
RaiseException
ExitProcess
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetTimeFormatA
GetDateFormatA
MoveFileA
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
TlsAlloc
SetLastError
TlsFree
TlsSetValue
HeapSize

user32

CharToOemA
CharUpperA
CharLowerA

wsock32

recv
getsockname
gethostname
WSAGetLastError
inet_ntoa
connect
bind
ntohs
inet_addr
htons
htonl
sendto
closesocket
WSAStartup
socket
setsockopt
ioctlsocket
gethostbyname
send
recvfrom
WSACleanup

winmm

timeGetTime
timeBeginPeriod

Sections

.text
Size: 656KB - Virtual size: 653KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 136KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
samp.ban
scriptfiles/BuyAll/Aviacia.ini
scriptfiles/BuyAll/Bikes.ini
scriptfiles/BuyAll/Bizz.ini
scriptfiles/BuyAll/Broneteh.ini
scriptfiles/BuyAll/Cars.ini
scriptfiles/BuyAll/Dacha.ini
scriptfiles/BuyAll/Houses.ini
scriptfiles/BuyAll/Jeep.ini
scriptfiles/BuyAll/Klasscarsx.ini
scriptfiles/BuyAll/Lodka.ini
scriptfiles/BuyAll/Samolet.ini
scriptfiles/BuyAll/Skuter.ini
scriptfiles/BuyAll/Sportbike.ini
scriptfiles/BuyAll/Sportcar.ini
scriptfiles/BuyAll/Sportjeep.ini
scriptfiles/BuyAll/Truck.ini
scriptfiles/BuyAll/Vell.ini
scriptfiles/BuyAll/Vertolet.ini
scriptfiles/Jobs/Players/volna.ini
scriptfiles/Races/Check0.txt
scriptfiles/Races/Check1.txt
scriptfiles/Races/Check10.txt
scriptfiles/Races/Check11.txt
scriptfiles/Races/Check12.txt
scriptfiles/Races/Check13.txt
scriptfiles/Races/Check14.txt
scriptfiles/Races/Check15.txt
scriptfiles/Races/Check2.txt
scriptfiles/Races/Check3.txt
scriptfiles/Races/Check4.txt
scriptfiles/Races/Check5.txt
scriptfiles/Races/Check6.txt
scriptfiles/Races/Check7.txt
scriptfiles/Races/Check8.txt
scriptfiles/Races/Check9.txt
scriptfiles/Races/Race0.txt
scriptfiles/Races/Race1.txt
scriptfiles/Races/Race10.txt
scriptfiles/Races/Race11.txt
scriptfiles/Races/Race12.txt
scriptfiles/Races/Race13.txt
scriptfiles/Races/Race14.txt
scriptfiles/Races/Race15.txt
scriptfiles/Races/Race2.txt
scriptfiles/Races/Race3.txt
scriptfiles/Races/Race4.txt
scriptfiles/Races/Race5.txt
scriptfiles/Races/Race6.txt
scriptfiles/Races/Race7.txt
scriptfiles/Races/Race8.txt
scriptfiles/Races/Race9.txt
scriptfiles/SQlite/Users.db
scriptfiles/ladmin/config/Config.ini
scriptfiles/ladmin/config/ForbiddenNames.cfg
scriptfiles/ladmin/config/aka.txt
scriptfiles/ladmin/logs/AdminLog.txt
scriptfiles/ladmin/logs/BanLog.txt
scriptfiles/ladmin/logs/CarSpawns.txt
scriptfiles/ladmin/logs/KickLog.txt
scriptfiles/ladmin/logs/Objects.txt
.vbs
scriptfiles/ladmin/logs/ReportLog.txt
scriptfiles/ladmin/logs/TempAdminLog.txt
scriptfiles/ladmin/users/.sav
scriptfiles/ladmin/users/Lexa_00Ivanov.sav
scriptfiles/ladmin/users/Shustov_08Vlad.sav
scriptfiles/ladmin/users/ZlaYa_18BeLo_054_06Ka_18_08JoD.sav
scriptfiles/ladmin/users/_00_18Belo_054_06ka_18_00.sav
scriptfiles/ladmin/users/lololosha.sav
scriptfiles/ladmin/users/melon.sav
scriptfiles/ladmin/users/volna.sav
scriptfiles/wedding/volna.ini
server.cfg
 /pawno/Thumbs.db
 /pawno/include.rar
.rar
 /pawno/include/AntiMoneyCheat.inc
 /pawno/include/Dini.inc
 /pawno/include/FCNPC.inc
 /pawno/include/GetVehicleColor.inc
 /pawno/include/JunkBuster.inc
 /pawno/include/JunkBusterFS.inc
 /pawno/include/KryptoMoneyHack.inc
 /pawno/include/LSR.inc
 /pawno/include/Life-Guard/Life-Guard_v4.1.inc
 /pawno/include/Life-Guard/foreach.inc
 /pawno/include/Life-Guard/reader.inc
 /pawno/include/Life-Guard/stock.inc
 /pawno/include/Life-Guard_v2.0.inc
 /pawno/include/Life-Guard_v3.0.inc
 /pawno/include/Life-Guard_v4.1.inc
 /pawno/include/SQlite.inc
 /pawno/include/SerialBan.inc
 /pawno/include/SpikeStrip.inc
 /pawno/include/a_deamx.inc
 /pawno/include/a_http.inc
 /pawno/include/a_mail.inc
 /pawno/include/a_npc.inc
 /pawno/include/a_objects.inc
.vbs
 /pawno/include/a_players.inc
 /pawno/include/a_samp.inc
 /pawno/include/a_sampdb.inc
 /pawno/include/a_vehicles.inc
 /pawno/include/aa_dakotainclud1.inc
 /pawno/include/antiattack.inc
.vbs
 /pawno/include/cnpc.inc
 /pawno/include/cnpc_controller.inc
 /pawno/include/cnpc_paths.inc
 /pawno/include/core.inc
 /pawno/include/d_antiairbrk.inc
 /pawno/include/datagram.inc
 /pawno/include/dopincadm.inc
 /pawno/include/dopinclud.inc
 /pawno/include/dudb.inc
 /pawno/include/dutils.inc
 /pawno/include/file.inc
 /pawno/include/fixes2.inc
 /pawno/include/float.inc
 /pawno/include/foreach.inc
 /pawno/include/gang.inc
 /pawno/include/gl_common.inc
 /pawno/include/lethaldudb2.inc
 /pawno/include/mSelection.inc
 /pawno/include/md5.inc
 /pawno/include/modelsizes.inc
 /pawno/include/morphinc.inc
 /pawno/include/mxINI.inc
 /pawno/include/mxINI05.inc
 /pawno/include/mxdate.inc
 /pawno/include/physics.inc
 /pawno/include/progressbar.inc
 /pawno/include/reader.inc
 /pawno/include/socket.inc
 /pawno/include/sscanf2.inc
 /pawno/include/stock.inc
 /pawno/include/streamer.inc
 /pawno/include/string.inc
 /pawno/include/time.inc
 /pawno/include/utils.inc
 /pawno/include/xadmin/DFiles.inc
 /pawno/include/xadmin/XRegistration.inc
 /pawno/include/xadmin/XtremeAdmin.inc
 /pawno/include/zcmd.inc
 /pawno/include//a_samp.inc
 /pawno/libpawnc.dll
.dll windows x86

5d97e0c7cc1b418f5235da489d10a039

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharUpperA
IsWindow
MessageBoxA
PostMessageA
RegisterWindowMessageA

kernel32

CloseHandle
CreateEventA
CreateFileA
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
ExitProcess
ExitThread
FlushFileBuffers
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetCurrentDirectoryA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentThread
GetEnvironmentStrings
GetFileAttributesA
GetFileType
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetOEMCP
GetProcAddress
GetStdHandle
GetVersion
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
OutputDebugStringA
ReadConsoleInputA
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetConsoleMode
SetCurrentDirectoryA
SetEnvironmentVariableA
SetEnvironmentVariableW
SetEvent
SetFilePointer
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteFile

Exports

Exports

Compile
_Compile@16
pc_addconstant
pc_addtag
pc_compile
pc_enablewarning

Sections

AUTO
Size: 212KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DGROUP
Size: 36KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 10KB - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
 /pawno/new.pwn
 /pawno/pawn.ico
 /pawno/pawncc.exe
.exe windows x86

f9d74702f53af8e6e0298f886652b43b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

pawnc

pc_compile

msvcr80

__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_adjust_fdiv
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
exit
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_lock

kernel32

IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
InterlockedExchange
SetUnhandledExceptionFilter

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
 /pawno/pawno.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 540KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 287KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
 /pawno/settings.ini
 /pawno/streamer.inc

Sharing

General

Malware Config

Signatures

Files

5df40cb9994dcacb42f25de3fe7d92db

Headers

File Characteristics

Imports

wsock32

kernel32

Sections

.text Size: 24KB - Virtual size: 22KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 80KB - Virtual size: 80KB

303f44b5567e256b75461f4196f84ea3

Headers

DLL Characteristics

File Characteristics

Imports

msvcr100

kernel32

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 27KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 976B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 2KB - Virtual size: 2KB

0d0a5f555a2103ec41c903522026d24a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp100

msvcr100

Exports

Exports

Sections

.text Size: 188KB - Virtual size: 188KB

.rdata Size: 25KB - Virtual size: 24KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 16KB - Virtual size: 16KB

Headers

File Characteristics

Sections

CODE Size: 29KB - Virtual size: 28KB

DATA Size: 1024B - Virtual size: 536B

BSS Size: - Virtual size: 42KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 5KB - Virtual size: 5KB

0eed331a13471baad6960f2d6a40f2de

Headers

File Characteristics

Imports

shell32

kernel32

user32

wsock32

winmm

Sections

.text Size: 656KB - Virtual size: 653KB

.rdata Size: 88KB - Virtual size: 84KB

.data Size: 136KB - Virtual size: 199KB

.rsrc Size: 76KB - Virtual size: 76KB

5d97e0c7cc1b418f5235da489d10a039

Headers

File Characteristics

Imports

user32

kernel32

Exports

Exports

Sections

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 80KB - Virtual size: 80KB

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 976B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 188KB - Virtual size: 188KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 16KB

CODE
Size: 29KB - Virtual size: 28KB

DATA
Size: 1024B - Virtual size: 536B

BSS
Size: - Virtual size: 42KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 5KB - Virtual size: 5KB

.text
Size: 656KB - Virtual size: 653KB

.rdata
Size: 88KB - Virtual size: 84KB

.data
Size: 136KB - Virtual size: 199KB

.rsrc
Size: 76KB - Virtual size: 76KB

AUTO
Size: 212KB - Virtual size:

.idata
Size: 2KB - Virtual size:

DGROUP
Size: 36KB - Virtual size:

.bss
Size: 10KB - Virtual size:

.edata
Size: 512B - Virtual size:

.reloc
Size: 13KB - Virtual size:

.rsrc
Size: 9KB - Virtual size:

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 900B

.rsrc
Size: 10KB - Virtual size: 9KB

UPX0
Size: - Virtual size: 540KB

UPX1
Size: 287KB - Virtual size: 288KB

.rsrc
Size: 9KB - Virtual size: 12KB