General

Malware Config

Signatures

Files

• 01fe5970d12953b33f535d5e20b19028a94c99857313ca797ddcc2c8ab17d576

  .dll windows x86

  96be7d50c14e402a0963d666ae2bc981

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  SetWaitableTimer

  CloseHandle

  lstrcpyn

  VirtualProtect

  GetTickCount

  lstrlenW

  WideCharToMultiByte

  GetCurrentProcess

  OpenProcess

  LocalAlloc

  LocalFree

  VirtualQueryEx

  VirtualProtectEx

  ReadProcessMemory

  WriteProcessMemory

  VirtualAllocEx

  RtlMoveMemory

  VirtualFreeEx

  LoadLibraryExA

  GetProcAddress

  FreeLibrary

  GetProcessHeap

  GetModuleHandleA

  ExitProcess

  HeapAlloc

  HeapReAlloc

  HeapFree

  IsBadReadPtr

  MultiByteToWideChar

  GetUserDefaultLCID

  SetFilePointer

  WriteFile

  GetFileSize

  ReadFile

  SetEndOfFile

  CreateFileA

  GetCommandLineA

  GetModuleFileNameA

  LoadLibraryA

  LCMapStringA

  EnterCriticalSection

  CreateWaitableTimerA

  LeaveCriticalSection

  LCMapStringW

  FlushFileBuffers

  SetStdHandle

  IsBadCodePtr

  SetUnhandledExceptionFilter

  InterlockedIncrement

  InterlockedDecrement

  GetOEMCP

  GetACP

  GetCPInfo

  GetStringTypeW

  GetStringTypeA

  RaiseException

  IsBadWritePtr

  VirtualAlloc

  VirtualFree

  HeapDestroy

  GetVersionExA

  GetEnvironmentVariableA

  GetEnvironmentStringsW

  GetEnvironmentStrings

  FreeEnvironmentStringsW

  FreeEnvironmentStringsA

  GetStartupInfoA

  GetFileType

  GetStdHandle

  SetHandleCount

  GetLastError

  TlsGetValue

  SetLastError

  TlsFree

  CreateThread

  InitializeCriticalSection

  GetCurrentProcessId

  DeleteCriticalSection

  TerminateThread

  Sleep

  GetVersion

  RtlUnwind

  TerminateProcess

  GetCurrentThreadId

  TlsSetValue

  TlsAlloc

  HeapCreate

  user32

  IsWindowVisible

  FindWindowExA

  GetWindowThreadProcessId

  GetParent

  GetClassNameA

  GetWindowTextLengthW

  GetWindowTextW

  GetAncestor

  PeekMessageA

  GetMessageA

  TranslateMessage

  DispatchMessageA

  wsprintfA

  MessageBoxA

  CallWindowProcA

  RegisterWindowMessageA

  SetWindowLongA

  EnumWindows

  MsgWaitForMultipleObjects

  ole32

  CoUninitialize

  OleRun

  CoCreateInstance

  CLSIDFromString

  CLSIDFromProgID

  CoInitialize

  oleaut32

  VarR8FromCy

  VarR8FromBool

  VariantChangeType

  LoadTypeLi

  LHashValOfNameSys

  RegisterTypeLi

  VariantCopy

  SafeArrayCreate

  SysAllocString

  VariantClear

  SafeArrayDestroy

  ws2_32

  connect

  inet_addr

  WSAGetLastError

  recv

  gethostbyname

  ioctlsocket

  inet_ntoa

  send

  __WSAFDIsSet

  select

  closesocket

  htons

  socket

  WSAStartup

  WSACleanup

  shutdown

  Exports

  Exports

  GET_Game_name

  GET_name_����

  main

  Sections

  .text

  Size: 160KB - Virtual size: 156KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 8KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 28KB - Virtual size: 88KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 4KB - Virtual size: 664B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 12KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ