game[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

game.exe
Size

532KB
MD5

b08270b197f150632b22657331b13d12
SHA1

9007bbb9ede9e838cf77714f755cc5c7c05ed6a2
SHA256

287e343ffb76fd2d37a2f431d085bead4a455af6842f0a7a495d2c05b4ee8b93
SHA512

861731be451db97ec68c27f55efc6c6b76ccb831c178f359c2bf0e3abf8ce2409717fcdd8b16bf6d58f2997926e1341e67812db909b43ff4de52bdf302f7054d
SSDEEP

6144:ubdLWBO1sDTWn1NkDsBXk0O6nI/+qDNRXQqw5kH3w371ZrvtS26BiuosWmAgNvpg:wogn1tNksI/+WRXUkgf6isWmAU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
game.exe

Files

game.exe
.exe windows x86

428adf60bdef196af3cd2530df76bfd6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalLock
GlobalAlloc
InterlockedDecrement
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CloseHandle
GetFileSize
CreateFileA
SetEndOfFile
SetFilePointer
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
Sleep
InterlockedExchange
QueryPerformanceFrequency
GetVersionExA
TerminateProcess
OpenProcess
Module32Next
Module32First
GlobalUnlock
GetCurrentProcessId
InitializeCriticalSection
DeleteCriticalSection
ResumeThread
SetThreadPriority
CreateThread
CreateEventA
CreateMutexA
GetCurrentProcess
GetProcAddress
GetModuleHandleA
FreeLibrary
LoadLibraryA
GlobalFree
IsDBCSLeadByteEx
CreateDirectoryA
GetLastError
GetStartupInfoA
GetThreadPriority
GetCurrentThread
GetTickCount
IsDBCSLeadByte
QueryPerformanceCounter
GlobalMemoryStatus
SetEvent
MultiByteToWideChar
CreateToolhelp32Snapshot
WideCharToMultiByte

user32

WaitMessage
MessageBoxA
ShowWindow
SetTimer
GetWindowLongA
GetWindowRect
AdjustWindowRectEx
LoadIconA
LoadCursorA
GetIconInfo
CreateIconIndirect
SetClassLongA
SetWindowLongA
GetWindowTextLengthA
GetWindowTextA
CallWindowProcA
DefWindowProcA
FindWindowExA
UpdateWindow
BeginPaint
DispatchMessageA
CreateWindowExA
GetClassNameA
UnregisterClassA
TranslateMessage
PeekMessageA
RegisterClassExA
RegisterWindowMessageA
SetCursor
SetForegroundWindow
DestroyCursor
GetCursorPos
ScreenToClient
GetClipboardData
OpenClipboard
SetClipboardData
CloseClipboard
PostMessageA
SendMessageA
IsWindow
MoveWindow
EndPaint
GetKeyState

gdi32

CreateFontW
DeleteObject
GetStockObject
CreateFontA

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
calloc
_strupr
realloc
_controlfp
__CxxFrameHandler
free
_mbslwr
memcpy
memset
sscanf
strstr
strlen
sprintf
strncpy
strcpy
abs
wcscpy
swprintf
wcslen
strcmp
_purecall
srand
time
fclose
fread
fopen
_ftol
atoi
memmove
sin
memcmp
tan
rand
strcat
_CxxThrowException
malloc
_mbsnicmp
_mbsncmp
_mbsinc
_wcslwr
_wcsnicmp
wcsncmp
strtol
_ismbcdigit
wcstol
iswdigit
_wtoi
_itoa
localtime
_strlwr
_strnicmp
strncmp
isdigit
_snprintf
_unlink
??0exception@@QAE@ABV0@@Z
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
_stricmp
atol
cos
sqrt
atan2
islower
isupper
_mbsicmp
exit
getenv
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_exit

ws2_32

WSAEnumNetworkEvents
WSAWaitForMultipleEvents
connect
WSAEventSelect
WSACreateEvent
htons
inet_addr
socket
send
recv
WSACloseEvent
closesocket
WSASetEvent
WSACleanup
WSAStartup
shutdown

winmm

timeGetTime

windsoul

?Create@WFont@@QAEKPAUHFONT__@@HH@Z
??0WFontw@@QAE@PAUHFONT__@@HH@Z
?Destroy@WFontw@@QAEXXZ
??0WCanvas@@QAE@HH@Z
?SetWindowStyle@WSurface@@QAEXI@Z
?IsWindow@WSurface@@QAEHXZ
?CreateFullScreen@WSurface@@QAEKPAUHWND__@@AAVWCanvas@@HH@Z
?IsFullScreen@WSurface@@QAEHXZ
?CreateWindows@WSurface@@QAEKPAUHWND__@@AAVWCanvas@@@Z
?Release@WSurface@@QAEXXZ
?SetWindowPos@WSurface@@QAEXHHHH@Z
?Blit2Screen@WSurface@@QAEXHH@Z
??0WSurface@@QAE@XZ
??1WSurface@@QAE@XZ
?Destroy@WFont@@QAEXXZ
?Create@WChar@@QAEKAAVWFontw@@GUWPixel@@@Z
??0WBox@@QAE@HHUWPixel@@@Z
??1WBox@@UAE@XZ
?Clear@WBitmap@@QAEKUWPixel@@@Z
?IsMoved@WCanvas@@QBE_NXZ
?Create@WAlphaBitmap@@UAEKHHPAX@Z
?Create@WAlphaBitmap@@UAEKHH@Z
?SubBitmap@WAlphaBitmap@@UBEPAVWBitmap@@HHHH@Z
?BlitTo@WCanvas@@QAEXAAVWBitmap@@@Z
??AWBitmap@@QBEPAUWPixel@@H@Z
?Clear@WCanvas@@QAEXXZ
?Clear@WCanvas@@QAEXUWPixel@@@Z
?Update@WCanvas@@QAEXXZ
?Destroy@WAlphaBitmap@@UAEXXZ
??1WAlphaBitmap@@UAE@XZ
??1WObject@@UAE@XZ
?IsValid@WObject@@UBE_NXZ
?Affect@WObject@@UBE_NHH@Z
?SetUserData@WObject@@UBEXK@Z
?IsCover@WObject@@UBE_NU?$WPointEx@H@@@Z
?GetW@WBitmap@@UBEHXZ
?GetH@WBitmap@@UBEHXZ
?DrawFunc@WBitmap@@UBEP6GKKK@ZK@Z
?Duplicate@WBitmap@@UBEPAUWObjStruct@@PAVWObjectHeap@@@Z
?SetUserData@WBitmap@@UBEXK@Z
?IsCover@WBitmap@@UBE_NU?$WPointEx@H@@@Z
?Create@WBitmap@@UAEKHHPAX@Z
?Create@WBitmap@@UAEKHH@Z
?SubBitmap@WBitmap@@UBEPAV1@HHHH@Z
?Destroy@WBitmap@@UAEXXZ
?Draw@WBitmap@@UAEKABVWObject@@K@Z
??1WBitmap@@UAE@XZ
?LoadTGA@WAlphaBitmap@@QAEKPBX@Z
?Load@WBitmap@@QAEKPAX@Z
?WMemoryFree@@YAXPAX@Z
?WMemoryAlloc@@YAPAXI@Z
?WThreadLock@@YAXPAJ@Z
?WThreadUnlock@@YAXPAJ@Z
?NextFrame@WCanvas@@QAEXXZ
?MoveTo@WCanvas@@QAEXHH@Z
??1WLine@@UAE@XZ
??0WLine@@QAE@HHUWPixel@@@Z
?SetUserData@WLine@@UBEXK@Z
?Size@WLine@@QAEAAV1@HH@Z
?DrawEx@WCanvas@@QAEKABVWObject@@K@Z
?GetViewPort@WCanvas@@QBE?AU?$WPointEx@H@@HH@Z
?Create@WChar@@QAEKAAVWFont@@IUWPixel@@@Z
?SetPos@WCanvas@@QAEAAV1@HH@Z
?GetWidth@WChar@@QBEHXZ
?Destroy@WChar@@QAEXXZ
??1WChar@@UAE@XZ
?GetW@WChar@@UBEHXZ
?GetH@WChar@@UBEHXZ
?DrawFunc@WChar@@UBEP6GKKK@ZK@Z
?Duplicate@WChar@@UBEPAUWObjStruct@@PAVWObjectHeap@@@Z
??2WObjStruct@@SAPAXIPAVWObjectHeap@@@Z
?DrawFunc@WAlphaBitmap@@UBEP6GKKK@ZK@Z
?Duplicate@WAlphaBitmap@@UBEPAUWObjStruct@@PAVWObjectHeap@@@Z
?IsCover@WAlphaBitmap@@UBE_NU?$WPointEx@H@@@Z

victorycore

??0VStringW@@QAE@XZ
?GetBufferSetLength@VStringW@@QAEPAGH@Z
?_vfxAnsi2Unicode@@YAHPBDPAGH@Z
??1VStringW@@QAE@XZ
?_vfxFileGetCurrentPath@@YA?AVVStringA@@XZ
?RemoveLock@@YAXPAUVLockDebug@@@Z
?GetBuffer@VStringA@@QAEPADH@Z
??0VMemFile@@QAE@XZ
?Open@VMemFile@@UAEHPBDI@Z
?GetLength@VMemFile@@UBEKXZ
??1VMemFile@@UAE@XZ
?DeleteKey@VIniFile@@QAE_NVVStringA@@@Z
?Empty@VStringA@@QAEXXZ
?ConcatCopy@VStringA@@IAEXHPBDH0@Z
?FindKey@VIniFile@@QBEHVVStringA@@@Z
?FindValue@VIniFile@@QBEHHVVStringA@@@Z
?GetNumValues@VIniFile@@QBEHVVStringA@@@Z
?EnumrateValueName@VIniFile@@QBE?AVVStringA@@V2@H@Z
?GetValue@VIniFile@@QBE?AVVStringA@@V2@H@Z
?GetBufferSetLength@VStringA@@QAEPADH@Z
?_vfxMemoryNew@@YAPAXI@Z
?_vfxMemoryDelete@@YAXPAX@Z
??0VFile@@QAE@XZ
??1VFile@@UAE@XZ
??1VStringA@@QAE@XZ
?CopyBeforeWrite@VStringA@@IAEXXZ
?TrimRight@VStringA@@QAEXXZ
?TrimLeft@VStringA@@QAEXXZ
??0VStringA@@QAE@PBD@Z
?Read@VFile@@UAEIPAXI@Z
?GetLength@VFile@@UBEKXZ
?Open@VFile@@UAEHPBDI@Z
?Format@VStringA@@QAAXPBDZZ
??0VStringA@@QAE@XZ
?_vfxLevelTraceA@@YAXIPBDZZ
?SetValue@VIniFile@@QAE_NVVStringA@@00_N@Z
??4VStringA@@QAEABV0@PBD@Z
?ConcatInPlace@VStringA@@IAEXHPBD@Z
??1VIniFile@@QAE@XZ
??0VIniFile@@QAE@XZ
?Find@VStringA@@QBEHPBDH@Z
??0VStringA@@QAE@ABV0@@Z
?GetValue@VIniFile@@QBE?AVVStringA@@V2@0@Z
?ReadFile@VIniFile@@QAE_NXZ
??4VStringA@@QAEABV0@ABV0@@Z
?Reset@VIniFile@@QAEXXZ
?WriteFile@VIniFile@@QBEXXZ
?DeleteValue@VIniFile@@QAE_NVVStringA@@0@Z
?Mid@VStringA@@QBE?AV1@HH@Z
?Find@VStringA@@QBEHDH@Z
?Mid@VStringA@@QBE?AV1@H@Z
?Close@VFile@@UAEXXZ
?Format@VTime@@QBE?AVVStringA@@PBD@Z
?_vfxFileGetFullPath@@YA?AVVStringA@@PBD0@Z
?_vfxFileGetModulePath@@YA?AVVStringA@@PAUHINSTANCE__@@@Z
?Left@VStringA@@QBE?AV1@H@Z
?Right@VStringA@@QBE?AV1@H@Z
?ReleaseBuffer@VStringA@@QAEXH@Z

ole32

CoCreateInstance
CoInitialize

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

shell32

ShellExecuteA

winio

ShutdownWinIo
InitializeWinIo

dsound

ord1

Sections

.text
Size: 368KB - Virtual size: 364KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 9.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

428adf60bdef196af3cd2530df76bfd6

Headers

File Characteristics

Imports

kernel32

user32

gdi32

msvcrt

ws2_32

winmm

windsoul

victorycore

ole32

advapi32

shell32

winio

dsound

Sections

.text Size: 368KB - Virtual size: 364KB

.rdata Size: 84KB - Virtual size: 81KB

.data Size: 48KB - Virtual size: 9.5MB

.rsrc Size: 28KB - Virtual size: 24KB

.text
Size: 368KB - Virtual size: 364KB

.rdata
Size: 84KB - Virtual size: 81KB

.data
Size: 48KB - Virtual size: 9.5MB

.rsrc
Size: 28KB - Virtual size: 24KB