00d5eed5c8252d13607081a9a8c4a01f44db088a73ef95f8ce3d0a06c11648b5

Sharing

Copy URL Twitter E-mail

General

Target

00d5eed5c8252d13607081a9a8c4a01f44db088a73ef95f8ce3d0a06c11648b5
Size

4.0MB
MD5

748c875b9f29b31da267111ccd806941
SHA1

eeb6c54210229924847558a0d27a705569f982b9
SHA256

00d5eed5c8252d13607081a9a8c4a01f44db088a73ef95f8ce3d0a06c11648b5
SHA512

ee7bea0c07c54287236780e403477e215972a4ea5d95ced908238652437ffaac9607c87e25328a3363fc2f36e8e65b334cd075c002c65392e50d138ed3c86198
SSDEEP

98304:/JjOppgmVTIXIKHns9/cG3QRhrKGoXyYsF1SrUvT5lwYN:/57ecds9/cKhblo5lr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00d5eed5c8252d13607081a9a8c4a01f44db088a73ef95f8ce3d0a06c11648b5

Files

00d5eed5c8252d13607081a9a8c4a01f44db088a73ef95f8ce3d0a06c11648b5
.exe windows x86

6a137561c923a22ad9bec35b8c66fbdb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

cximagecrtu

?DrawTo32BitDC_@CxImage@@QAEHPAUHDC__@@ABUtagRECT@@1_N@Z
??0CxImage@@QAE@I@Z
??1CxImage@@UAE@XZ
??0CxImage@@QAE@PB_WI@Z
?IsValid@CxImage@@QBE_NXZ
?Crop@CxImage@@QAE_NABUtagRECT@@PAV1@@Z
?IsTransparent@CxImage@@QBE_NXZ
?AlphaIsValid@CxImage@@QAE_NXZ
??0CxImage@@QAE@ABV0@_N11@Z
?GetHeight@CxImage@@QBEIXZ
?DrawTo32BitDC_@CxImage@@QAEHPAUHDC__@@HH_N@Z
?GetWidth@CxImage@@QBEIXZ
?MakeIcon@CxImage@@QAEPAUHICON__@@PAUHDC__@@_N@Z

iocptcp

TcpInit

iocpudp

UdpInitLimitThread

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
FreeLibraryAndExitThread
ExitThread
ExitProcess
InterlockedFlushSList
FlushConsoleInputBuffer
GlobalMemoryStatus
GetStdHandle
GetSystemDirectoryA
K32GetDeviceDriverBaseNameW
K32EnumDeviceDrivers
K32GetModuleFileNameExW
OpenFileMappingW
ReleaseMutex
GetFileType
SetFilePointerEx
GetFileAttributesExW
FlushFileBuffers
GetFileTime
UnlockFile
SetEndOfFile
LockFile
GetLongPathNameW
GetComputerNameW
GetTimeZoneInformation
K32GetProcessImageFileNameW
ExpandEnvironmentStringsW
SetEnvironmentVariableA
LoadLibraryExA
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
GetCPInfo
GetLocaleInfoW
LCMapStringW
SetStdHandle
WriteConsoleW
GetModuleHandleExW
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
lstrlenW
lstrcatW
QueryDosDeviceW
GetLogicalDriveStringsW
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
GetNamedPipeInfo
CancelIo
CreateNamedPipeW
ConnectNamedPipe
DuplicateHandle
WriteFile
ReadFile
GetProcessHandleCount
GetProcessTimes
GetSystemInfo
SetThreadPriority
GetACP
GetSystemDirectoryW
LockResource
FindResourceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
DeviceIoControl
GetVolumeInformationW
GetFullPathNameW
GetFileAttributesW
CreateFileW
TerminateThread
CreateEventW
WaitForSingleObject
SetEvent
lstrcpyW
GlobalFree
GlobalAlloc
WriteProcessMemory
ReadProcessMemory
VirtualFreeEx
VirtualAllocEx
Module32NextW
GetPrivateProfileStringA
GetPrivateProfileIntW
SetProcessWorkingSetSize
GetCurrentThread
CreateThread
DeleteFileW
MultiByteToWideChar
WriteProfileStringW
FindResourceW
lstrcmpiW
SizeofResource
LoadResource
LoadLibraryExW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
ReleaseSemaphore
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
CloseHandle
GetCurrentProcess
GetCurrentProcessId
GetVersionExW
VirtualAlloc
VirtualFree
GetModuleHandleA
GetProcAddress
OutputDebugStringW
InitializeCriticalSection
EnterCriticalSection
GetModuleHandleW
GetModuleFileNameW
OpenProcess
GetPriorityClass
SetPriorityClass
GetCurrentThreadId
TerminateProcess
CreateMutexW
InitializeCriticalSectionEx
SetLastError
SwitchToThread
SignalObjectAndWait
LeaveCriticalSection
DeleteCriticalSection
Sleep
GetLastError
FreeLibrary
LoadLibraryW
GetPrivateProfileStringW
GetTickCount
CreateToolhelp32Snapshot
TlsAlloc
EncodePointer
FormatMessageW
GetStringTypeW
CreateFileMappingW
GetFileSize
RaiseException
DecodePointer
CreateDirectoryW
Process32FirstW
Process32NextW
SetFilePointer
WideCharToMultiByte
LoadLibraryA
VirtualQuery
SetThreadContext
FlushInstructionCache
GetThreadContext
ResumeThread
SuspendThread
VirtualProtect
GetPrivateProfileSectionW
LocalFree
FileTimeToLocalFileTime
GetLocalTime
FileTimeToSystemTime
GetTempFileNameW
GetWindowsDirectoryW
GetTempPathW
CopyFileW
SetFileAttributesW
FindClose
FindNextFileW
GetFileSizeEx
FindFirstFileW
Module32FirstW
OutputDebugStringA

user32

PostQuitMessage
SetWindowPos
IsWindowVisible
DialogBoxParamW
EndDialog
SetFocus
keybd_event
MsgWaitForMultipleObjects
SetTimer
KillTimer
SetForegroundWindow
SetWindowTextW
CopyRect
GetDesktopWindow
FindWindowExW
LoadIconW
IsDialogMessageW
AttachThreadInput
GetWindowThreadProcessId
FindWindowW
GetParent
CharUpperW
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
CharNextW
CreateDialogParamW
ShowWindow
DestroyWindow
GetClassInfoW
UnregisterClassW
RegisterClassW
DefWindowProcW
PostMessageW
MessageBoxW
GetSystemMetrics
SendMessageTimeoutW
SendMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
wsprintfW
SetWindowLongW
SetCursorPos
SetWindowRgn
GetClassLongW
IsZoomed
EnumChildWindows
CopyImage
UpdateWindow
ShowScrollBar
SetScrollInfo
GetAsyncKeyState
IsWindowEnabled
WindowFromPoint
GetScrollInfo
ReleaseCapture
GetCapture
SetCapture
EndPaint
BeginPaint
GetDlgCtrlID
GetDlgItem
EnableWindow
GetClassNameW
BringWindowToTop
GetForegroundWindow
SystemParametersInfoW
IntersectRect
IsIconic
UpdateLayeredWindow
GetMessageTime
PtInRect
SetRect
ScreenToClient
TrackMouseEvent
RegisterWindowMessageW
LoadStringW
ClientToScreen
GetWindowDC
GetGuiResources
DestroyIcon
SetCursor
IsRectEmpty
ReleaseDC
GetDC
GetActiveWindow
MoveWindow
DrawIconEx
GetMessagePos
GetFocus
InflateRect
GetSysColor
IsWindow
GetCursorPos
GetMonitorInfoW
MonitorFromWindow
LoadCursorW
GetWindow
GetWindowLongW
EqualRect
OffsetRect
FillRect
MapWindowPoints
GetWindowRect
GetClientRect
GetWindowTextW
InvalidateRect
DrawTextW
CreateWindowExW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
SendInput

gdi32

EnumFontFamiliesExW
GetTextExtentPoint32W
Polygon
ExtCreateRegion
CreateFontW
SetViewportOrgEx
ExtSelectClipRgn
GetClipBox
GetClipRgn
SetPixelFormat
DescribePixelFormat
ChoosePixelFormat
GetStockObject
CreateFontIndirectW
CreateCompatibleBitmap
GetRandomRgn
OffsetRgn
SelectClipRgn
ExtTextOutW
CombineRgn
CreateRectRgnIndirect
CreateRectRgn
GetDeviceCaps
BitBlt
GetObjectW
GetCurrentObject
SetWindowOrgEx
GetWindowOrgEx
SetTextColor
SetBkColor
Rectangle
ExcludeClipRect
CreatePen
CreateDIBSection
DeleteDC
CreateCompatibleDC
SetBkMode
SelectObject
DeleteObject
IntersectClipRect
CreateSolidBrush

advapi32

RegDeleteValueW
RegOpenKeyW
CryptGenRandom
ReportEventA
RegisterEventSourceA
DeregisterEventSource
RegOpenKeyExA
RegEnumKeyExA
RegOpenKeyA
RegCreateKeyW
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
RegEnumKeyW
CryptAcquireContextW
CryptCreateHash
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegDeleteKeyW
StartServiceW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExA
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
OpenSCManagerW
OpenServiceW
QueryServiceStatus

shell32

SHGetFolderLocation
SHGetPathFromIDListW
SHFileOperationW
SHChangeNotify
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHGetPathFromIDListA
ord25
ShellExecuteW
Shell_NotifyIconW

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoCreateGuid
OleUninitialize
OleInitialize
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoUninitialize

oleaut32

VarBstrCmp
VariantCopy
VariantClear
VariantInit
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
SysAllocString
SysFreeString
VarUI4FromStr

downtaskmgr

DTMRegEventCallbackById
DTMRegUpdatingCallbackById
DTMUnregEventCallback
DTMUnregUpdatingCallback
DTMInit

httpsapi

HttpsGetWithResponse
HttpsFreeMemory

log

GenericLogImpl
LogGetOutputLevel
LogSetOutputLevel

nbmgldatacenter

?IsOfflineConfigData@CGeneral@GameLife@@QAE_NXZ
?QueryIndex@CGLDataCenter@GameLife@@QAEXXZ
?GetSystemConstant@CGeneral@GameLife@@QAE_NHAAV?$shared_ptr@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@std@@@Z
?Create@CGLDataCenter@GameLife@@QAEXXZ
??0CGLDataCenter@GameLife@@QAE@XZ
?GetSystemConstantPersonal@CGeneral@GameLife@@QAE_NHAAV?$shared_ptr@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@std@@@Z
?GetPasterInfo@CGeneral@GameLife@@QAE_NAAV?$shared_ptr@UPasterInfo@CGeneral@GameLife@@@std@@@Z
?GetSystemControlPersonal@CGeneral@GameLife@@QAE_NH@Z
?GetVipInfo@CGeneral@GameLife@@QAE_NAAV?$shared_ptr@UVipInfo@CGeneral@GameLife@@@std@@@Z
?IsOfflineData@CGeneral@GameLife@@QAE_NI@Z
??0CGeneral@GameLife@@QAE@XZ

psapi

GetProcessImageFileNameW
GetProcessMemoryInfo

shlwapi

SHOpenRegStream2W
ord512
PathStripToRootW
PathFindFileNameW
PathFileExistsW
SHDeleteValueW
SHSetValueW
PathIsUNCW
SHDeleteKeyW
PathFileExistsA
ord184
SHGetValueW
StrStrIW
StrStrW

comctl32

ImageList_Destroy
InitCommonControlsEx
ImageList_GetIcon
ImageList_LoadImageW

opengl32

glDeleteTextures
glDisable
wglGetCurrentContext
wglMakeCurrent
wglDeleteContext
wglCreateContext

ws2_32

bind
WSAGetLastError
send
WSACleanup
ntohs
htons
WSAStartup
connect
closesocket
inet_addr
socket
sendto
shutdown
accept
select
__WSAFDIsSet
recvfrom
recv
gethostname
gethostbyname
inet_ntoa
ntohl
htonl
listen

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

rpcrt4

UuidCreate

iphlpapi

GetIfEntry
GetAdaptersInfo
GetAdaptersAddresses

wininet

InternetOpenW
HttpOpenRequestW
InternetReadFile
HttpAddRequestHeadersW
InternetQueryOptionW
HttpOpenRequestA
InternetOpenA
HttpSendRequestA
InternetConnectA
InternetSetOptionW
InternetGetCookieExW
HttpQueryInfoW
InternetConnectW
InternetCrackUrlW
HttpSendRequestW
InternetCloseHandle

winmm

mixerOpen
mixerSetControlDetails
mixerGetLineControlsW
mixerGetLineInfoW
mixerClose

dsound

ord1
ord11

crypt32

CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CertCloseStore
CryptStringToBinaryA
CryptUnprotectData
CertNameToStrW
CryptMsgClose
CertFreeCertificateContext
CryptBinaryToStringA
CryptQueryObject

wintrust

WinVerifyTrust

ntdll

RtlUnwind

winhttp

WinHttpAddRequestHeaders
WinHttpReadData
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpSetOption
WinHttpOpen
WinHttpCrackUrl
WinHttpCloseHandle
WinHttpQueryDataAvailable

comdlg32

GetFileTitleW

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 408KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a137561c923a22ad9bec35b8c66fbdb

Headers

DLL Characteristics

File Characteristics

Imports

cximagecrtu

iocptcp

iocpudp

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

downtaskmgr

httpsapi

log

nbmgldatacenter

psapi

shlwapi

comctl32

opengl32

ws2_32

version

rpcrt4

iphlpapi

wininet

winmm

dsound

crypt32

wintrust

ntdll

winhttp

comdlg32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 408KB - Virtual size: 408KB

.data Size: 46KB - Virtual size: 65KB

.gfids Size: 4KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 9B

.shared Size: 512B - Virtual size: 4B

.rsrc Size: 2.0MB - Virtual size: 2.0MB

.reloc Size: 78KB - Virtual size: 77KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 408KB - Virtual size: 408KB

.data
Size: 46KB - Virtual size: 65KB

.gfids
Size: 4KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 9B

.shared
Size: 512B - Virtual size: 4B

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

.reloc
Size: 78KB - Virtual size: 77KB