Dolwin010[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Dolwin010.zip
Size

830KB
MD5

d19964cf62b69f651c09254505af23a5
SHA1

0ba4a357a04a6ce26bd5f094cb8146976e43663c
SHA256

95a73df08ff23a25623c21433f2bda6bc781def4a2b267bdde50ae5baa307365
SHA512

63f4faca1fc73e364640a5c1170075b88951c8a5c98ccacf71438da0008dd5eb1ada56ed8a843a5ba6b77761905d492dc0ed26b5a556595c128300df089b1262
SSDEEP

24576:IIDLI2+sBu0SRqlrObhAHJtx8Cai9mzjW:LDdBBNS+Cb+HJtndc6

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Dolwin.exe
unpack001/GCMCMPR.exe
unpack001/Plugins/AXDefault.dll
unpack001/Plugins/DVDDefault.dll
unpack001/Plugins/GXDefault.dll
unpack001/Plugins/PADDefault.dll

Files

Dolwin010.zip
.zip
Data/Arial 16.szp
Data/GZLEC8.map
Data/Games.ini
Data/Lucida 16.szp
Data/default.s
Data/fire.patch
Data/makemap.dat
Data/sram.bin
Data/test.s
Dolwin.exe
.exe windows x86

5a6f76051fe9db8d066a1ab00f31c00a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17
ImageList_Create
ImageList_Remove
ImageList_Destroy
ImageList_Draw
ord6
PropertySheetA
ImageList_Add

winmm

PlaySoundA

kernel32

PeekConsoleInputA
WriteConsoleOutputA
SetConsoleCursorPosition
GetModuleHandleA
GetPrivateProfileSectionA
GetPrivateProfileStringA
WritePrivateProfileStringA
FindNextFileA
FindFirstFileA
LoadModule
CreateSemaphoreA
CreateMutexA
CreateDirectoryA
SetCurrentDirectoryA
GetModuleFileNameA
GetProcAddress
FreeLibrary
LoadLibraryA
QueryPerformanceCounter
QueryPerformanceFrequency
FindClose
FileTimeToSystemTime
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
SetEnvironmentVariableA
SetEndOfFile
GetLocaleInfoA
VirtualQuery
GetSystemInfo
VirtualProtect
GetCurrentThreadId
ReadConsoleInputA
GetStringTypeW
GetStringTypeA
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
RaiseException
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
FlushFileBuffers
GetCPInfo
GetOEMCP
GetACP
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
SetFilePointer
GetLastError
GetVersionExA
GetCommandLineA
GetStartupInfoA
GetSystemTimeAsFileTime
RtlUnwind
GetFullPathNameA
GetCurrentDirectoryA
GetDriveTypeA
GetCurrentProcess
TerminateProcess
ExitProcess
CompareStringW
HeapReAlloc
HeapAlloc
HeapFree
FreeConsole
AllocConsole
GetStdHandle
GetConsoleCursorInfo
GetConsoleMode
SetConsoleMode
SetConsoleWindowInfo
SetConsoleScreenBufferSize
SetConsoleTitleA
lstrcmpA
GetCurrentProcessId
GetTickCount
Sleep
CreateFileA
CreateNamedPipeA
WriteFile
ReadFile
DisconnectNamedPipe
CloseHandle
GetTimeZoneInformation
CompareStringA
HeapSize

user32

LoadAcceleratorsA
LoadMenuA
DefWindowProcA
PeekMessageA
DispatchMessageA
TranslateAcceleratorA
SendMessageA
LoadCursorA
SetCursor
RegisterClassA
GetDC
ReleaseDC
SetMenuItemInfoA
TranslateMessage
GetMessageA
AdjustWindowRect
GetMenu
DeleteMenu
AppendMenuA
DrawMenuBar
GetMenuItemCount
GetMenuStringA
GetDlgItemTextA
CreateWindowExA
GetClientRect
UpdateWindow
SetFocus
GetSubMenu
EnableMenuItem
GetCursorPos
TrackPopupMenu
FillRect
DrawIcon
DrawTextW
DrawTextA
MoveWindow
GetSysColor
IsWindow
SetWindowTextA
IsDlgButtonChecked
CheckRadioButton
GetDlgItem
EnableWindow
CheckDlgButton
MessageBoxA
DialogBoxParamA
EndDialog
SendDlgItemMessageA
CreateDialogParamA
DestroyWindow
ShowWindow
LoadIconA
GetParent
SetDlgItemTextA
PostMessageA
GetWindowRect
GetSystemMetrics
SetWindowPos
EnumWindows
GetClassNameA
GetWindowThreadProcessId
CheckMenuItem

gdi32

CreateCompatibleBitmap
SetBitmapBits
DeleteObject
CreateDIBSection
BitBlt
StretchBlt
GetDeviceCaps
CreateDCA
SetBkMode
SetTextColor
GetStockObject
SelectObject
DeleteDC
CreateCompatibleDC

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey

shell32

DragFinish
DragAcceptFiles
SHGetMalloc
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
DragQueryFileA

Sections

.text
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 144KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
GCMCMPR.exe
.exe windows x86

df41a00fed9bfdb5ed93a6c188541523

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetCommandLineA
GetVersionExA
HeapAlloc
HeapFree
GetLastError
CloseHandle
ReadFile
ExitProcess
GetProcAddress
TerminateProcess
GetCurrentProcess
WriteFile
FlushFileBuffers
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetStdHandle
CreateFileA
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetEndOfFile
HeapSize
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
RtlUnwind
GetLocaleInfoA
VirtualProtect
GetSystemInfo
VirtualQuery
ReadConsoleInputA
SetConsoleMode
GetConsoleMode

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
History.txt
Plugins/AXDefault.dll
.dll windows x86

722b1de841675a0bcd87e88b2a6a0991

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

kernel32

EnterCriticalSection
GetCurrentThreadId
TlsSetValue
GetCommandLineA
GetVersionExA
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
TlsFree
SetLastError
TlsGetValue
GetLastError
TlsAlloc
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
LeaveCriticalSection
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
LoadLibraryA
HeapSize
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
RtlUnwind
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualProtect
GetSystemInfo
VirtualQuery

Exports

Exports

AXAbout
AXClose
AXConfigure
AXOpen
AXPlayAudio
AXPlayStream
AXSaveLoad
AXSetRate
AXSetVolume
RegisterPlugin

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/DVDDefault.dll
.dll windows x86

ae1169ad428bbff94e6e3bc778530410

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
HeapFree
GetCurrentThreadId
TlsSetValue
GetCommandLineA
GetVersionExA
GetACP
GetOEMCP
GetCPInfo
GetLastError
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
ReadFile
CloseHandle
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
TlsFree
SetLastError
TlsGetValue
TlsAlloc
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
WriteFile
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
CreateFileA
InitializeCriticalSection
GetLocaleInfoA
RtlUnwind
LoadLibraryA
VirtualProtect
GetSystemInfo
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetEndOfFile
HeapSize

user32

MessageBoxA

Exports

Exports

DVDAbout
DVDClose
DVDConfigure
DVDIsCompressed
DVDOpen
DVDOpenFile
DVDRead
DVDSaveLoad
DVDSeek
DVDSetCurrent
RegisterPlugin

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/GXDefault.dll
.dll windows x86

4104f1d467a898662764640ba63f41d5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
SetEndOfFile
LCMapStringW
LCMapStringA
GetStringTypeW
CreateDirectoryA
FindResourceA
LoadResource
RaiseException
LockResource
GetStringTypeA
MultiByteToWideChar
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
CreateFileA
FlushFileBuffers
SetStdHandle
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcess
TerminateProcess
ExitProcess
WriteFile
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
CloseHandle
GetLastError
GetModuleHandleA
RtlUnwind
GetProcAddress
GetVersion
GetCommandLineA
HeapFree
HeapAlloc

user32

EndPaint
BeginPaint
GetDC
ReleaseDC
MessageBoxA

gdi32

ChoosePixelFormat
SetPixelFormat
DescribePixelFormat
SwapBuffers

opengl32

glHint
glTexEnvf
glGenTextures
glTexParameteri
glTexImage2D
glBlendFunc
glDisable
glLogicOp
glDepthFunc
glDepthMask
glReadPixels
glColor3ub
glVertex3f
glBindTexture
glBegin
glColor4ub
glTexCoord2fv
glVertex3fv
glEnd
glMatrixMode
glLoadMatrixf
glFinish
glDrawBuffer
glClearColor
glClearDepth
glClear
wglDeleteContext
wglCreateContext
wglMakeCurrent
glScissor
glViewport
glFrontFace
glEnable

Exports

Exports

GXAbout
GXClose
GXConfigure
GXOpen
GXSaveLoad
GXSetTokens
GXWriteFifo
RegisterPlugin

Sections

.text
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 6.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/PADDefault.dll
.dll windows x86

d3ab645247bd0181a8f94d44817dffae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushFileBuffers
HeapSize
LCMapStringW
CloseHandle
VirtualQuery
GetSystemInfo
VirtualProtect
GetSystemTimeAsFileTime
LCMapStringA
GetCurrentThreadId
TlsSetValue
GetCommandLineA
GetVersionExA
TlsFree
SetLastError
TlsGetValue
GetLastError
TlsAlloc
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
GetCPInfo
GetLocaleInfoA
RtlUnwind
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
LoadLibraryA
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId

user32

SetTimer
KillTimer
FlashWindow
DialogBoxParamA
IsDlgButtonChecked
SetWindowTextA
EndDialog
GetAsyncKeyState
EnableWindow
GetDlgItem
SetDlgItemTextA
CheckDlgButton

advapi32

RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA

Exports

Exports

PADAbout
PADClose
PADConfigure
PADOpen
PADReadButtons
PADSaveLoad
PADSetRumble
RegisterPlugin

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/Readme.txt
Readme.txt
pong.dol

Sharing

General

Malware Config

Signatures

Files

5a6f76051fe9db8d066a1ab00f31c00a

Headers

File Characteristics

Imports

comctl32

winmm

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 252KB - Virtual size: 251KB

.rdata Size: 68KB - Virtual size: 65KB

.data Size: 144KB - Virtual size: 1.4MB

.rsrc Size: 44KB - Virtual size: 42KB

df41a00fed9bfdb5ed93a6c188541523

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 68KB - Virtual size: 65KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 8KB - Virtual size: 12KB

722b1de841675a0bcd87e88b2a6a0991

Headers

File Characteristics

Imports

user32

kernel32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 18KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 3KB

ae1169ad428bbff94e6e3bc778530410

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 46KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 4KB

4104f1d467a898662764640ba63f41d5

Headers

File Characteristics

Imports

kernel32

user32

gdi32

opengl32

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 82KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 16KB - Virtual size: 6.0MB

.rsrc Size: 196KB - Virtual size: 192KB

.reloc Size: 24KB - Virtual size: 22KB

d3ab645247bd0181a8f94d44817dffae

Headers

File Characteristics

Imports

kernel32

user32

.text
Size: 252KB - Virtual size: 251KB

.rdata
Size: 68KB - Virtual size: 65KB

.data
Size: 144KB - Virtual size: 1.4MB

.rsrc
Size: 44KB - Virtual size: 42KB

.text
Size: 68KB - Virtual size: 65KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 8KB - Virtual size: 12KB

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 48KB - Virtual size: 46KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 84KB - Virtual size: 82KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 6.0MB

.rsrc
Size: 196KB - Virtual size: 192KB

.reloc
Size: 24KB - Virtual size: 22KB

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 96KB - Virtual size: 95KB

.reloc
Size: 8KB - Virtual size: 5KB