NDS[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NDS.rar
Size

1.5MB
MD5

d28db3b76831779df2b19137151f41ea
SHA1

8295b2815147014f470aa41c5602509388b97eb0
SHA256

6a6d5db4cc963eec8fce15a2c7c0291209a1139a4740c3ca0792edeb8152ef18
SHA512

1c7a826934c1e0f7547f38666e2e412e57288ede96ee110fa8ad3c5a2b15b08f49de777a2ec1ec87f941820cddd1eb966b19c8d3a6718b28a678219761122781
SSDEEP

24576:YtqjNqNWztjZpIiehI6j4/xps0l4Q0huFXFYXVMlZ9F7NhWTcs2w6EhS69WI:xqN6ZdwIM0CjuFXFYXGHLLk2wZJ9WI

Score

1^/10

Malware Config

Signatures

Files

NDS.rar
.rar
NDS/Battery/Mario Party.dsv
NDS/desmume.exe
.exe windows x64

7d1e6d92ad40c8b2361e169ec5a54b16

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

avifil32

AVIStreamWrite
AVIStreamSetFormat
AVISaveOptions
AVIStreamRelease
AVIFileCreateStreamA
AVIFileOpenA
AVIFileRelease
AVIFileInit
AVIMakeCompressedStream

winmm

waveInPrepareHeader
waveInClose
waveInOpen
waveInAddBuffer
waveInStart
timeEndPeriod
timeBeginPeriod
timeGetDevCaps
timeKillEvent
timeGetTime
joyGetDevCapsA
waveInReset
timeSetEvent
joyGetPosEx

opengl32

glClearColor
glClearDepth
glClearStencil
glColorMask
glColorPointer
glCopyTexSubImage2D
glCullFace
glDeleteTextures
glDepthFunc
glDepthMask
glDisable
glDisableClientState
glDrawArrays
glDrawBuffer
glDrawElements
glEnable
glEnableClientState
glFinish
glGenTextures
glGetFloatv
glGetIntegerv
glGetString
glLoadIdentity
glMatrixMode
glReadBuffer
glReadPixels
glScalef
glStencilFunc
glStencilMask
glStencilOp
glTexCoordPointer
glTexEnvi
glTexImage2D
glTexParameterf
glTexParameteri
glTexSubImage2D
glVertexPointer
glViewport
wglGetProcAddress
glBegin
glEnd
glOrtho
glScissor
glTexCoord2f
glVertex2i
wglCreateContext
wglDeleteContext
wglGetCurrentContext
wglMakeCurrent
glBlendFunc
glBindTexture
glAlphaFunc
glClear

ws2_32

WSAStartup
send
recv
listen
inet_addr
WSAGetLastError
accept
gethostname
WSACleanup
bind
closesocket
__WSAFDIsSet
connect
socket
htonl
htons
gethostbyname
setsockopt
sendto
ntohs
recvfrom
select

user32

ShowWindow
DestroyWindow
CallWindowProcA
CreateDialogParamW
DialogBoxParamW
CheckDlgButton
CheckRadioButton
IsDlgButtonChecked
SetFocus
SetCapture
ReleaseCapture
IsWindowEnabled
GetWindowRect
wsprintfA
SetWindowLongPtrA
FillRect
GetActiveWindow
DefWindowProcA
RegisterClassExA
SendMessageA
InvalidateRect
EndPaint
BeginPaint
KillTimer
SetTimer
SetDlgItemTextA
GetSysColorBrush
EndDialog
ScreenToClient
GetCursorPos
MessageBoxA
GetWindowTextA
SetWindowTextA
SetMenuItemInfoA
GetMenuItemInfoA
InsertMenuItemA
DeleteMenu
GetMenuItemCount
DestroyMenu
CreatePopupMenu
DrawMenuBar
EnableWindow
GetKeyboardState
GetAsyncKeyState
GetKeyState
GetWindowLongA
SetWindowLongA
MessageBoxW
LoadCursorA
GetWindowLongPtrA
SetWindowTextW
GetForegroundWindow
GetDlgItemTextW
SetDlgItemTextW
ShowCursor
LoadStringW
GetDlgCtrlID
SetMenuDefaultItem
TrackPopupMenu
GetSubMenu
LoadMenuA
PostQuitMessage
GetMessagePos
SendDlgItemMessageA
SetRectEmpty
ClientToScreen
IsZoomed
IsIconic
CreateWindowExA
SetWindowPos
GetDesktopWindow
GetMessageA
TranslateMessage
DispatchMessageA
UnregisterClassA
CreateDialogParamA
GetSystemMetrics
SetMenu
CheckMenuItem
GetPropA
RemoveMenu
CreateMenu
LoadAcceleratorsA
FrameRect
GetScrollInfo
GetParent
GetScrollPos
SetScrollRange
SetScrollPos
GetDlgItemInt
SendInput
CreateWindowExW
DialogBoxParamA
GetMonitorInfoA
MonitorFromWindow
IsDialogMessageA
OffsetRect
SetPropA
SetMenuItemInfoW
GetMenuItemInfoW
ModifyMenuA
InsertMenuA
GetMenuStringW
GetMenu
TranslateAcceleratorA
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
GetDlgItemTextA
SetDlgItemInt
MoveWindow
PeekMessageA
PostMessageA
TrackMouseEvent
GetWindowTextLengthA
RedrawWindow
SetActiveWindow
GetDlgItem
GetFocus
GetMenuBarInfo
SystemParametersInfoA
LoadIconA
LoadBitmapA
SetRect
GetSysColor
AdjustWindowRectEx
EnableMenuItem
AdjustWindowRect
ReleaseDC
GetDC
SetForegroundWindow
UpdateWindow
DrawTextA
GetClientRect

gdi32

DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
TextOutA
ChoosePixelFormat
SetDIBitsToDevice
GetPixelFormat
SetPixelFormat
SwapBuffers
CreatePen
LineTo
MoveToEx
StretchBlt
SetDCPenColor
CreateFontA
SetBkColor
GetStockObject
GetObjectA
SetDIBits
GetTextExtentPoint32A
GetDIBits
CreateSolidBrush
ExtTextOutA
SetTextAlign
SetTextColor
DescribePixelFormat
SetBkMode
BitBlt

shell32

SHBrowseForFolderA
DragQueryFileA
DragFinish
SHGetFolderPathA
SHGetMalloc
ShellExecuteA
DragAcceptFiles
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
GetOpenFileNameW

shlwapi

PathCompactPathA
SHDeleteKeyA

comctl32

ImageList_Create
ImageList_ReplaceIcon

ddraw

DirectDrawCreateEx

dinput8

DirectInput8Create

dsound

ord11

kernel32

GetFileSize
CreateFileW
CreateFileA
MultiByteToWideChar
CopyFileA
SetFileAttributesA
GetFileAttributesA
SignalObjectAndWait
ResetEvent
GetConsoleWindow
SetConsoleTitleW
SetConsoleOutputCP
SetConsoleCP
FlushConsoleInputBuffer
SetConsoleCtrlHandler
PeekConsoleInputA
SetConsoleMode
GetConsoleMode
FreeConsole
AllocConsole
GetACP
SetFilePointer
GetProcAddress
FreeLibrary
GetFileType
GetCommandLineW
GetStdHandle
GetModuleHandleA
GetSystemTimeAsFileTime
VirtualFreeEx
VirtualAllocEx
GetCurrentProcess
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrlenA
GetModuleFileNameA
lstrcmpA
GetLastError
GetCurrentThreadId
CreateThread
Sleep
CreateEventA
WaitForSingleObject
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CloseHandle
GetFileAttributesExA
FindNextFileA
FindFirstFileA
FindClose
SystemTimeToFileTime
GetSystemTime
GetSystemInfo
QueryPerformanceFrequency
QueryPerformanceCounter
WriteFile
VirtualAlloc
VirtualFree
ReleaseSemaphore
CreateSemaphoreA
WritePrivateProfileStringA
FindCloseChangeNotification
FindFirstChangeNotificationA
TerminateThread
ResumeThread
GetCurrentProcessId
ExitProcess
SetProcessAffinityMask
ReadFile
GlobalAddAtomA
WideCharToMultiByte
GetTempPathA
GetFullPathNameA
SwitchToThread
GetTickCount
SetCurrentDirectoryA
GetTempPathW
GetModuleFileNameW
OutputDebugStringW
OutputDebugStringA
RaiseException
VirtualProtect
VirtualQuery
GetModuleHandleW
LoadLibraryExA
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
LoadLibraryA

advapi32

RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegSetValueExA

ole32

CoCreateInstance
CoInitializeEx

msvcp140

??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_Xbad_alloc@std@@YAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ

vcruntime140

strrchr
__std_terminate
strchr
memcmp
memmove
memcpy
_CxxThrowException
__std_exception_destroy
__std_exception_copy
_purecall
memset
__C_specific_handler
memchr
longjmp
__current_exception
__std_type_info_destroy_list
__intrinsic_setjmp
__CxxFrameHandler3
__current_exception_context
strstr

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-stdio-l1-1-0

puts
_chsize
setvbuf
__stdio_common_vfprintf
_lseeki64
_wopen
__acrt_iob_func
_ftelli64
_fseeki64
_wfopen_s
fseek
freopen
ftell
__stdio_common_vfprintf_p
__stdio_common_vfprintf_s
__stdio_common_vswscanf
__stdio_common_vsprintf_p
fopen_s
fflush
fgetc
fputc
feof
fopen
fputs
__stdio_common_vsprintf
__stdio_common_vsscanf
__stdio_common_vfwprintf
__stdio_common_vsnprintf_s
_wfopen
_set_fmode
__stdio_common_vswprintf_p
ferror
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf_s
__p__commode
__stdio_common_vfscanf
_close
_lseek
_open
_read
_write
fwrite
_fileno
__stdio_common_vsprintf_s
__stdio_common_vswprintf
fgets
__stdio_common_vfwscanf
__stdio_common_vfwprintf_s
fclose
fread
__stdio_common_vfwprintf_p

api-ms-win-crt-runtime-l1-1-0

_cexit
_crt_at_quick_exit
abort
terminate
_seh_filter_exe
_register_onexit_function
_initialize_onexit_table
exit
_set_app_type
_get_narrow_winmain_command_line
_initterm
_errno
_initterm_e
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_exit
_beginthreadex
strerror
_c_exit
_execute_onexit_table
_register_thread_local_exe_atexit_callback
_crt_atexit
__p___argc
_invalid_parameter_noinfo_noreturn
__p___argv

api-ms-win-crt-time-l1-1-0

strftime
_localtime64
_localtime64_s
clock
_mktime64
_time64

api-ms-win-crt-utility-l1-1-0

rand
srand
qsort

api-ms-win-crt-heap-l1-1-0

_callnewh
realloc
calloc
free
malloc
_set_new_mode

api-ms-win-crt-string-l1-1-0

_strnicmp
strncmp
strncat
_strdup
_wcsnicmp
strcat_s
strcpy_s
strncpy
_wcsdup
isalnum
isspace
towlower
towupper
strpbrk
strnlen
strcmp
isdigit
toupper
isalpha
_stricmp
tolower

api-ms-win-crt-convert-l1-1-0

mbsrtowcs
wcrtomb
wctob
atol
_ltoa
mbrtowc
_itow
atof
wcstombs
_itoa
strtoul
atoi

api-ms-win-crt-filesystem-l1-1-0

_unlink
_mkdir
_chdir
_access
_stat64i32
_fullpath

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

___mb_cur_max_func
_configthreadlocale

api-ms-win-crt-math-l1-1-0

logf
sqrt
acos
ceil
tan
atan2
expf
pow
__setusermatherr
sin
cos
fmod

Sections

.text
Size: 30.0MB - Virtual size: 30.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1017KB - Virtual size: 1016KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 489KB - Virtual size: 206.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
NDS/desmume.ini

Sharing

General

Malware Config

Signatures

Files

7d1e6d92ad40c8b2361e169ec5a54b16

Headers

DLL Characteristics

File Characteristics

Imports

avifil32

winmm

opengl32

ws2_32

user32

gdi32

shell32

comdlg32

shlwapi

comctl32

ddraw

dinput8

dsound

kernel32

advapi32

ole32

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 30.0MB - Virtual size: 30.0MB

.rdata Size: 1017KB - Virtual size: 1016KB

.data Size: 489KB - Virtual size: 206.3MB

.pdata Size: 151KB - Virtual size: 151KB

.idata Size: 29KB - Virtual size: 29KB

.didat Size: 3KB - Virtual size: 3KB

.text Size: 5KB - Virtual size: 4KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 283B

_RDATA Size: 163KB - Virtual size: 163KB

.rsrc Size: 109KB - Virtual size: 108KB

.text
Size: 30.0MB - Virtual size: 30.0MB

.rdata
Size: 1017KB - Virtual size: 1016KB

.data
Size: 489KB - Virtual size: 206.3MB

.pdata
Size: 151KB - Virtual size: 151KB

.idata
Size: 29KB - Virtual size: 29KB

.didat
Size: 3KB - Virtual size: 3KB

.text
Size: 5KB - Virtual size: 4KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 283B

_RDATA
Size: 163KB - Virtual size: 163KB

.rsrc
Size: 109KB - Virtual size: 108KB