3f3825d44063c7db6af4178fa41767d6ab4c93655d08a08e46368092fda2a16e

Sharing

Copy URL Twitter E-mail

General

Target

3f3825d44063c7db6af4178fa41767d6ab4c93655d08a08e46368092fda2a16e
Size

709KB
MD5

9000724244043b17748220ed17c337bb
SHA1

c9f23bb20c00649c9a9e4001403932d7b11ed388
SHA256

3f3825d44063c7db6af4178fa41767d6ab4c93655d08a08e46368092fda2a16e
SHA512

640167609af1a23f493bb992f82e9d577c27e6620c92f71a9d49f1ab7a1cda9255e2934c6b2b0ef0b5a7d5bdb04ed753a7f09a5dfe78df9733c7b15f429d7cf1
SSDEEP

12288:VhDjQxCksIHlIRJm4OCciFqDgP3avw/dUbH+kAB2zxR082BU5If7JiwT:/ACk1IR84OChcEP3avw1E4DU5INiwT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f3825d44063c7db6af4178fa41767d6ab4c93655d08a08e46368092fda2a16e

Files

3f3825d44063c7db6af4178fa41767d6ab4c93655d08a08e46368092fda2a16e
.exe windows x86

f65904697fe00e452233f086a2718b30

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

sendto
socket
recvfrom
freeaddrinfo
getaddrinfo
ioctlsocket
setsockopt
ntohs
getsockopt
getsockname
getpeername
connect
WSASetLastError
send
recv
select
__WSAFDIsSet
WSAGetLastError
WSACleanup
WSAStartup
gethostname
listen
htons
closesocket
bind
inet_addr
accept
ntohl
WSAIoctl

servicecore

?ReadInt@CWHIniData@@QAEIPB_W0H@Z
?InsertData@CWHDataQueue@@QAE_NGPAXG@Z
??1CWHDataQueue@@UAE@XZ
??0CWHDataQueue@@QAE@XZ
?SearchCommandItem@CWHCommandLine@@QAE_NPB_W0QA_WG@Z
??1CWHCommandLine@@UAE@XZ
??0CWHCommandLine@@QAE@XZ
?ReadString@CWHIniData@@QAEPB_WPB_W00PA_WG@Z
?SetIniFilePath@CWHIniData@@QAEXPB_W@Z
??1CWHIniData@@UAE@XZ
?DistillData@CWHDataQueue@@QAE_NAAUtagDataHead@@PAXG@Z
??0CWHIniData@@QAE@XZ
?GetWorkDirectory@CWHService@@SA_NQA_WG@Z
??0CWHDataLocker@@QAE@AAVCCriticalSection@@_N@Z
??1CWHDataLocker@@UAE@XZ

modulemanager

??0CDlgServerMatch@@QAE@XZ
??1CDlgServerMatch@@UAE@XZ
?OpenGameMatch@CDlgServerMatch@@QAE_NG@Z
??0CDlgServerWizard@@QAE@XZ
??1CDlgServerWizard@@UAE@XZ
?CreateGameServer@CDlgServerWizard@@QAE_NXZ
?SetWizardParameter@CDlgServerWizard@@QAEXPAUIGameServiceManager@@PAUtagGameServiceOption@@@Z
??0CModuleDBParameter@@QAE@XZ
?SetPlatformDBParameter@CModuleDBParameter@@QAEXAAUtagDataBaseParameter@@@Z
?OpenGameServer@CDlgServerItem@@QAE_NXZ
??1CDlgServerItem@@UAE@XZ
??0CDlgServerItem@@QAE@XZ
?OpenGameServer@CDlgServerItem@@QAE_NG@Z
??1CModuleDBParameter@@UAE@XZ

gameservice

?SearchPropertyItem@CGamePropertyManager@@QAEPAUtagPropertyInfo@@G@Z
?SetGamePropertyInfo@CGamePropertyManager@@QAE_NQAUtagPropertyInfo@@G@Z
??1CGamePropertyManager@@UAE@XZ
??0CGamePropertyManager@@QAE@XZ
??1CAndroidUserManager@@UAE@XZ
??0CAndroidUserManager@@QAE@XZ
??1CServerUserManager@@UAE@XZ
??0CServerUserManager@@QAE@XZ
?setHistoryScore@CServerUserItem@@QAEX_J@Z
?ResetTaskManager@CUserTaskManager@@QAEXXZ
??1CUserTaskManager@@UAE@XZ
??0CUserTaskManager@@QAE@XZ

mfc140u

ord14588
ord11936
ord3838
ord12089
ord9139
ord11726
ord11725
ord5652
ord10288
ord10284
ord10286
ord10287
ord10285
ord14785
ord8210
ord10255
ord3302
ord3305
ord6531
ord8965
ord3404
ord3403
ord458
ord10472
ord11396
ord9040
ord1111
ord12172
ord9210
ord2760
ord13752
ord6218
ord12131
ord7493
ord2304
ord280
ord1525
ord12763
ord6865
ord1002
ord12220
ord6978
ord3164
ord1476
ord2761
ord13756
ord6220
ord7654
ord2256
ord11002
ord9256
ord3266
ord13878
ord12262
ord12258
ord1722
ord1744
ord1770
ord1756
ord1777
ord4936
ord5003
ord4948
ord4966
ord4960
ord4954
ord5013
ord4997
ord4942
ord5019
ord4974
ord4912
ord4927
ord4988
ord4502
ord5790
ord9693
ord4494
ord3055
ord14590
ord7923
ord14596
ord6877
ord13473
ord13471
ord4477
ord11717
ord13703
ord5935
ord14137
ord5422
ord2682
ord12124
ord3941
ord3371
ord3372
ord3265
ord12168
ord3697
ord2246
ord2205
ord8470
ord7653
ord1472
ord8386
ord12247
ord10433
ord12928
ord12865
ord4589
ord7997
ord8324
ord5357
ord2486
ord12542
ord12541
ord14589
ord7922
ord14595
ord9398
ord4152
ord4090
ord12947
ord7941
ord2034
ord11983
ord11982
ord14466
ord12531
ord8000
ord14667
ord6348
ord14669
ord6350
ord14668
ord6349
ord13911
ord995
ord6860
ord3852
ord5918
ord12239
ord8217
ord12251
ord12219
ord4092
ord2272
ord5249
ord5549
ord5760
ord9350
ord5525
ord5763
ord5252
ord5411
ord5228
ord7722
ord7723
ord7712
ord5409
ord8219
ord10250
ord9209
ord6501
ord1452
ord976
ord2221
ord2294
ord4815
ord8360
ord12921
ord4663
ord1523
ord296
ord4856
ord3236
ord14657
ord12405
ord14604
ord12348
ord14405
ord1045
ord290
ord286
ord6966
ord5884
ord1663
ord6751
ord2389
ord2378
ord2383
ord2385
ord266
ord265
ord1513
ord1511
ord2409

kernel32

GetModuleHandleW
DeleteCriticalSection
GetCurrentThreadId
SetLastError
LoadLibraryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
VerifyVersionInfoW
CreateEventW
LoadLibraryA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetConsoleCursorInfo
SetEvent
GetEnvironmentVariableW
SetConsoleCursorInfo
FillConsoleOutputCharacterW
ScrollConsoleScreenBufferW
WriteConsoleInputW
FillConsoleOutputAttribute
WriteConsoleW
SetConsoleCursorPosition
SetConsoleTitleW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLocalTime
GetModuleFileNameA
lstrcmpW
lstrcpynW
lstrlenW
GetPrivateProfileIntW
GetPrivateProfileStringA
WideCharToMultiByte
GetCurrentDirectoryA
CloseHandle
GetLastError
Sleep
CreateThread
GetPrivateProfileIntA
WritePrivateProfileStringA
WritePrivateProfileSectionA
GetProcAddress
lstrcpynA
MultiByteToWideChar
OutputDebugStringW
FormatMessageW
FormatMessageA
GetTickCount64
InitializeCriticalSectionEx
SleepEx
ResetEvent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetSystemDirectoryW
VerSetConditionMask
GetConsoleTitleW
WaitForSingleObjectEx
ExpandEnvironmentStringsA
WaitForMultipleObjects
FreeLibrary
PeekNamedPipe
ReadFile
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle

user32

PostMessageW
EnableWindow
RegisterWindowMessageW
wsprintfW
LoadAcceleratorsW
TranslateAcceleratorW
MessageBoxA
LoadIconW
IsWindow
SendMessageW

comctl32

ord17

shlwapi

StrToIntW

oleaut32

VariantClear
VariantInit

msvcp140

?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Winerror_message@std@@YAKKPADK@Z

kernelengine

?TraceStringEx@CTraceService@@SA_NW4enTraceLevel@@PB_WZZ
??0CDataBaseAide@@QAE@PAUIUnknownEx@@@Z
??1CDataBaseAide@@UAE@XZ
?SetDataBase@CDataBaseAide@@QAE_NPAUIUnknownEx@@@Z
?GetValue_INT@CDataBaseAide@@QAEHPB_W@Z
?GetValue_LONG@CDataBaseAide@@QAEJPB_W@Z
?GetValue_BYTE@CDataBaseAide@@QAEEPB_W@Z
?GetValue_WORD@CDataBaseAide@@QAEGPB_W@Z
?GetValue_DWORD@CDataBaseAide@@QAEKPB_W@Z
?GetValue_DOUBLE@CDataBaseAide@@QAENPB_W@Z
?TraceString@CTraceService@@SA_NPB_WW4enTraceLevel@@@Z
?GetValue_SystemTime@CDataBaseAide@@QAEXPB_WAAU_SYSTEMTIME@@@Z
?GetValue_String@CDataBaseAide@@QAEXPB_WPA_WI@Z
?ResetParameter@CDataBaseAide@@QAEXXZ
?GetParameter@CDataBaseAide@@QAEXPB_WAAV_variant_t@@@Z
?AddParameter@CDataBaseAide@@QAEXPB_WHW4ParameterDirectionEnum@ADOCG@@@Z
?AddParameter@CDataBaseAide@@QAEXPB_WJW4ParameterDirectionEnum@ADOCG@@@Z
?AddParameter@CDataBaseAide@@QAEXPB_W_JW4ParameterDirectionEnum@ADOCG@@@Z
?AddParameter@CDataBaseAide@@QAEXPB_WEW4ParameterDirectionEnum@ADOCG@@@Z
?AddParameter@CDataBaseAide@@QAEXPB_WGW4ParameterDirectionEnum@ADOCG@@@Z
?AddParameter@CDataBaseAide@@QAEXPB_WKW4ParameterDirectionEnum@ADOCG@@@Z
?AddParameter@CDataBaseAide@@QAEXPB_WPBDW4ParameterDirectionEnum@ADOCG@@@Z
?GetValue_LONGLONG@CDataBaseAide@@QAE_JPB_W@Z
?AddParameter@CDataBaseAide@@QAEXPB_W0W4ParameterDirectionEnum@ADOCG@@@Z
?AddParameter@CDataBaseAide@@QAEXPB_WAAU_SYSTEMTIME@@W4ParameterDirectionEnum@ADOCG@@@Z
?AddParameterOutput@CDataBaseAide@@QAEXPB_WPA_WIW4ParameterDirectionEnum@ADOCG@@@Z
?GetReturnValue@CDataBaseAide@@QAEJXZ
?ExecuteProcess@CDataBaseAide@@QAEJPB_W_N@Z
??0CTraceServiceControl@@QAE@XZ
??1CTraceServiceControl@@UAE@XZ

vcruntime140

_except_handler4_common
__std_exception_destroy
strchr
strstr
__std_terminate
_purecall
memchr
__CxxFrameHandler3
_CxxThrowException
strrchr
memset
memmove
memcpy
memcmp
__std_exception_copy

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_initterm
_initterm_e
exit
_errno
_controlfp_s
_set_app_type
__sys_nerr
_cexit
terminate
_wassert
_getpid
_get_wide_winmain_command_line
_c_exit
_beginthreadex
_configure_wide_argv
_exit
_register_thread_local_exe_atexit_callback
strerror
_initialize_wide_environment
_invalid_parameter_noinfo_noreturn
_crt_atexit
_register_onexit_function
_initialize_onexit_table

api-ms-win-crt-string-l1-1-0

isxdigit
strpbrk
_wcsdup
strlen
strcmp
strcat
tolower
isalnum
strncmp
wcspbrk
isupper
islower
isgraph
wcslen
isprint
isdigit
isalpha
_strdup
strncpy
toupper
isspace

api-ms-win-crt-stdio-l1-1-0

fopen
__stdio_common_vfprintf
__stdio_common_vswprintf
__stdio_common_vsprintf_s
fread
fseek
fflush
_lseeki64
__p__commode
feof
ferror
_fileno
__acrt_iob_func
_read
_close
_write
fputc
fgets
fputs
_set_fmode
__stdio_common_vsscanf
_open
fclose
fwrite
__stdio_common_vsprintf

api-ms-win-crt-time-l1-1-0

_mktime64
_time64
wcsftime
_gmtime64
_localtime64_s

api-ms-win-crt-utility-l1-1-0

ldiv
rand
qsort

api-ms-win-crt-convert-l1-1-0

strtol
_wtol
atoll
atoi
strtoll
strtoul
wcstol

api-ms-win-crt-heap-l1-1-0

malloc
realloc
calloc
free
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr
_except1

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_stat64

api-ms-win-crt-environment-l1-1-0

getenv

wldap32

ord147
ord133
ord79
ord142
ord167
ord127
ord27
ord26
ord118
ord41
ord208
ord216
ord14
ord46
ord145
ord301

advapi32

CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
CryptAcquireContextW

Sections

.text
Size: 526KB - Virtual size: 526KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

��E|�u�
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f65904697fe00e452233f086a2718b30

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

servicecore

modulemanager

gameservice

mfc140u

kernel32

user32

comctl32

shlwapi

oleaut32

msvcp140

kernelengine

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

wldap32

advapi32

Sections

.text Size: 526KB - Virtual size: 526KB

.rdata Size: 107KB - Virtual size: 106KB

.data Size: 6KB - Virtual size: 16KB

.rsrc Size: 28KB - Virtual size: 27KB

.reloc Size: 24KB - Virtual size: 24KB

��E|�u� Size: 16KB - Virtual size: 20KB

.text
Size: 526KB - Virtual size: 526KB

.rdata
Size: 107KB - Virtual size: 106KB

.data
Size: 6KB - Virtual size: 16KB

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 24KB - Virtual size: 24KB

��E|�u�
Size: 16KB - Virtual size: 20KB