release[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

release.zip
Size

130.9MB
MD5

e334b8f5efc31854252c7be6271b552f
SHA1

4f4400b2293dedd2cf803b6aa0d6980ae378c528
SHA256

f8b2255021462e360eb6a0a0f0265f0895befac2773e253c03d06d931174ff9c
SHA512

c37c5bbae9a19fd0fbc0b912a108bcc71769838b4f08d15ec077b76182d5082f14a6edace690da8e542d9727050ff3d4a3f2ee5b224747030ee8466b0d955e59
SSDEEP

3145728:8jE85fWLAxAwMePiE8J/ed9Ti53d9dU8rZZDmS6t6HhT8ECWd:8jdt+YMePiLId9OffJmS6t6qECWd

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/iw4x.dll	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/iw4sp.exe
unpack001/iw4x.dll
unpack001/iw4x.exe

Files

release.zip
.zip
iw4sp.exe
.exe windows x86

cf7a4802d8fbbe39ae2252deff1e9876

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeGetTime
timeEndPeriod
timeBeginPeriod

wsock32

select
inet_addr
getsockname
WSAGetLastError
gethostbyname
ioctlsocket
recvfrom
sendto
closesocket
bind
htons
setsockopt
inet_ntoa
socket
recv
send
connect
ntohl
gethostname
WSAStartup
htonl
ntohs

steam_api

SteamFriends
SteamUser
SteamMatchmaking
SteamNetworking
SteamRemoteStorage
SteamAPI_RegisterCallResult
SteamAPI_UnregisterCallResult
SteamAPI_UnregisterCallback
SteamAPI_RegisterCallback
SteamAPI_RunCallbacks
SteamUtils
SteamAPI_Init
SteamAPI_Shutdown
SteamUserStats

mss32

_AIL_stream_ms_position@12
_AIL_sample_playback_rate@4
_AIL_set_sample_playback_rate@8
_AIL_set_stream_loop_count@8
_AIL_set_sample_reverb_levels@12
_AIL_set_stream_ms_position@8
_AIL_stream_info@20
_AIL_sample_volume_pan@12
_AIL_sample_channel_levels@8
_AIL_set_sample_channel_levels@12
_AIL_pause_stream@8
_AIL_close_stream@4
_AIL_resume_sample@4
_AIL_stop_sample@4
_AIL_end_sample@4
_AIL_set_DirectSound_HWND@8
_AIL_stream_sample_handle@4
_AIL_set_sample_3D_position@16
_AIL_digital_CPU_percent@4
_AIL_shutdown@0
_AIL_startup@0
_AIL_last_error@0
_AIL_sample_processor@8
_AIL_sample_stage_property@24
_AIL_find_filter@8
_AIL_open_filter@8
_AIL_allocate_sample_handle@4
_AIL_init_sample@12
_AIL_WAV_info@8
_AIL_size_processed_digital_audio@16
_AIL_process_digital_audio@24
_AIL_set_sample_3D_distances@16
_AIL_set_sample_info@8
_AIL_set_sample_loop_count@8
_AIL_set_sample_ms_position@8
_AIL_set_file_callbacks@16
_AIL_set_redist_directory@4
_AIL_set_3D_distance_factor@8
_AIL_set_3D_rolloff_factor@8
_AIL_set_speaker_configuration@16
_AIL_set_preference@8
_AIL_open_digital_driver@16
_AIL_open_stream@12
_AIL_set_room_type@8
_AIL_sample_volume_levels@12
_AIL_set_sample_volume_levels@12
_AIL_set_sample_processor@12
_AIL_sample_ms_position@12
_AIL_speaker_configuration@20
_AIL_stream_status@4
_AIL_sample_3D_position@16
_AIL_sample_status@4

binkw32

_BinkDoFrame@4
_BinkSetMemory@8
_BinkGetError@0
_BinkOpen@8
_BinkWait@4
_BinkGetRealtime@12
_BinkNextFrame@4
_BinkSetSoundTrack@8
_BinkSetIOSize@4
_BinkOpenMiles@4
_BinkRegisterFrameBuffers@8
_BinkSetError@4
_BinkControlBackgroundIO@8
_BinkGetFrameBuffersInfo@8
_BinkSetMixBinVolumes@20
_BinkClose@4
_BinkSetSoundSystem@8
_BinkGetRects@8
_BinkPause@8

d3d9

Direct3DCreate9

powrprof

CallNtPowerInformation

kernel32

GetStringTypeW
GetStringTypeA
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetStdHandle
FlushFileBuffers
VirtualQuery
GetConsoleMode
GetConsoleCP
GetFileType
SetHandleCount
SetFilePointer
LoadLibraryA
GetStdHandle
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetOEMCP
GetACP
GetCPInfo
DeleteCriticalSection
HeapCreate
HeapDestroy
GetStartupInfoA
GetCommandLineA
CreateDirectoryA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapReAlloc
RtlUnwind
GetDriveTypeA
FileTimeToLocalFileTime
MoveFileA
FindClose
FindNextFileA
FindFirstFileA
GlobalMemoryStatusEx
GetLocaleInfoA
MapViewOfFile
GetModuleHandleExA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateFileMappingA
CreateSemaphoreA
OpenFileMappingA
OpenEventA
IsValidCodePage
GetCurrentDirectoryW
GetFullPathNameA
ReleaseSemaphore
SetLastError
GetStartupInfoW
GetCommandLineW
GetEnvironmentStringsW
InterlockedExchangeAdd
GetFileSize
GetLastError
ReadFileEx
SleepEx
InterlockedIncrement
InterlockedDecrement
CloseHandle
InterlockedCompareExchange
InterlockedExchange
Sleep
GetCurrentThreadId
SetEvent
ResetEvent
CreateEventA
WaitForSingleObject
GetProcessAffinityMask
GetCurrentProcess
DuplicateHandle
GetCurrentThread
SetThreadPriority
RaiseException
CreateThread
SuspendThread
ResumeThread
SetThreadAffinityMask
GetThreadPriority
SetFileAttributesA
GetFileAttributesA
VirtualAlloc
VirtualFree
CreateFileA
QueryPerformanceCounter
QueryPerformanceFrequency
GetModuleFileNameA
GetModuleHandleA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GlobalMemoryStatus
GetProcAddress
SetProcessAffinityMask
GetSystemInfo
FormatMessageA
GlobalUnlock
GlobalSize
GlobalLock
GetVersionExA
Module32Next
Module32First
CreateToolhelp32Snapshot
OpenProcess
WriteFile
ReadFile
GetCurrentProcessId
DeleteFileA
SetErrorMode
GetSystemTime
MulDiv
SetPriorityClass
SetThreadExecutionState
GetCurrentDirectoryA
GetSystemTimeAsFileTime
HeapFree
GetProcessHeap
lstrcmpiW
CreateFileW
GetFileInformationByHandle
GetFullPathNameW
HeapAlloc
HeapSize
GetTimeZoneInformation
GetComputerNameA
GetTickCount
ExitProcess
FileTimeToSystemTime
GetSystemDirectoryW
GetWindowsDirectoryW
GetModuleFileNameW
UnmapViewOfFile
LockResource
LoadResource
SizeofResource
FindResourceW
GetConsoleWindow

user32

RegisterWindowMessageA
MonitorFromWindow
GetMonitorInfoA
EnumDisplayMonitors
AdjustWindowRectEx
MonitorFromPoint
IsWindow
MessageBoxA
SetWindowLongA
GetWindowLongA
GetWindowTextA
ReleaseDC
GetDC
GetDesktopWindow
EnumThreadWindows
ChangeDisplaySettingsA
GetActiveWindow
SetCursorPos
GetWindowRect
SetFocus
GetForegroundWindow
ScreenToClient
GetCursorPos
ClientToScreen
ShowCursor
PostMessageA
ShowWindow
TranslateMessage
DispatchMessageA
GetMessageA
CloseClipboard
GetClipboardData
OpenClipboard
PeekMessageA
RegisterClassExA
LoadCursorA
LoadIconA
SetWindowPos
AdjustWindowRect
SendMessageA
CreateWindowExA
LoadImageA
GetSystemMetrics
RegisterClassA
DefWindowProcA
UpdateWindow
DestroyWindow
PostQuitMessage
CallWindowProcA
SetWindowTextA
CloseWindow
SystemParametersInfoA
MapVirtualKeyA
MoveWindow

gdi32

GetDeviceCaps
CreateFontA
SetDeviceGammaRamp
CreateSolidBrush

advapi32

SetSecurityDescriptorDacl
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
InitializeSecurityDescriptor

shell32

ShellExecuteA

ole32

StringFromGUID2

ddraw

DirectDrawCreateEx
DirectDrawEnumerateExA

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 632KB - Virtual size: 628KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 30.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 29B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.version
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
iw4x.dll
.dll windows x86

69cbe30e797cd5585a0338fe7615c270

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
CreateDirectoryA
CreateFileA
GetCurrentThreadId
GetCurrentProcessId
SetUnhandledExceptionFilter
GetCommandLineW
LocalFree
GetSystemTime
CreateNamedPipeA
WriteFile
CancelIoEx
DisconnectNamedPipe
CloseHandle
ConnectNamedPipe
ReadFile
SetEnvironmentVariableA
SetThreadExecutionState
CreateMutexA
GetSystemTimeAsFileTime
SetProcessDEPPolicy
GetTickCount
VirtualAlloc
VirtualFree
GetCurrentDirectoryA
OpenProcess
WaitForSingleObject
WaitForMultipleObjects
CreateEventA
SetDllDirectoryA
SetEvent
LoadLibraryExA
GetModuleFileNameW
FreeLibrary
CreateProcessA
VirtualQuery
ReleaseMutex
FreeConsole
FormatMessageA
GlobalUnlock
SetLastError
GetModuleHandleW
SetCurrentDirectoryW
SetDllDirectoryW
GetFileAttributesA
DeleteFileA
TerminateProcess
GetStdHandle
GetConsoleScreenBufferInfo
GetTickCount64
SetConsoleTitleA
ExitProcess
GetCommandLineA
WriteConsoleW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
SetEndOfFile
HeapSize
DeleteFileW
HeapReAlloc
GetFileSizeEx
SetFilePointerEx
GetTimeZoneInformation
SetStdHandle
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapFree
HeapAlloc
SetEnvironmentVariableW
ReadConsoleW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GlobalLock
GlobalAlloc
GetLastError
IsBadReadPtr
GetProcAddress
GetFileType
SetCurrentDirectoryA
GetModuleFileNameA
GetModuleHandleA
OutputDebugStringA
GetCurrentProcess
FlushInstructionCache
GetDriveTypeW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RaiseException
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
UnhandledExceptionFilter
CreateEventW
ResetEvent
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
GetCPInfo
CompareStringEx
LCMapStringEx
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
DecodePointer
EncodePointer
InitializeCriticalSectionEx
GetStringTypeW
InitOnceBeginInitialize
InitOnceComplete
VirtualProtect
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
GetLocaleInfoEx
CreateSymbolicLinkW
GetFileInformationByHandleEx
MoveFileExW
CopyFileW
DeviceIoControl
AreFileApisANSI
PeekNamedPipe
CreateFileW
WaitNamedPipeW
lstrlenW
MultiByteToWideChar
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
Sleep
WideCharToMultiByte
WriteConsoleA
SetConsoleMode
GetConsoleCursorInfo
SetConsoleCursorInfo
WriteConsoleOutputA
SetConsoleCursorPosition
PeekConsoleInputA
GetConsoleMode
ReadConsoleInputA
FlushConsoleInputBuffer
GetNumberOfConsoleInputEvents
SetConsoleCtrlHandler
SetConsoleActiveScreenBuffer
SetConsoleScreenBufferSize
GetConsoleOutputCP
SetConsoleWindowInfo
CreateConsoleScreenBuffer
GetVersion
GetLargestConsoleWindowSize
GetCurrentDirectoryW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObjectEx
SwitchToThread
GetExitCodeThread
CreateDirectoryW
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetFileInformationByHandle

user32

CreateWindowExA
SetCursor
LoadCursorA
ShowCursor
RegisterRawInputDevices
IsWindow
MessageBoxA
GetParent
MapVirtualKeyA
GetKeyState
GetClipboardData
GetForegroundWindow
GetRawInputData
ReleaseDC
SetWindowTextA
MonitorFromWindow
GetDC
MapWindowPoints
GetWindowLongA
GetWindowRect
MoveWindow
GetWindowTextA
GetWindowTextLengthA
SendMessageA
EnumChildWindows
RegisterClassA
GetMessageA
TranslateMessage
DispatchMessageA
CloseClipboard
GetDesktopWindow
OpenClipboard
EmptyClipboard
SetCursorPos
SetClipboardData
GetCursorPos
ScreenToClient

gdi32

DeleteObject
SetTextColor
SetBkColor
CreateFontA
GetDeviceCaps
CreateSolidBrush
AddFontMemResourceEx

advapi32

CryptAcquireContextW
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExW
RegCreateKeyExW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA

shell32

ShellExecuteW
CommandLineToArgvW
SHGetKnownFolderPath
ShellExecuteA

ole32

CoTaskMemFree

d3dx9_43

D3DXSaveTextureToFileA

xinput1_3

ord4
ord2

dwmapi

DwmSetWindowAttribute

winmm

timeGetTime

ws2_32

socket
htons
select
WSAGetLastError
setsockopt
ioctlsocket
sendto
recv
recvfrom
ntohs
send
getsockname
getpeername
WSAStartup
listen
closesocket
bind
accept
__WSAFDIsSet

d3d9

Direct3DCreate9
Direct3DCreate9Ex

wininet

InternetCloseHandle
InternetConnectA
InternetSetOptionA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetOpenA
InternetReadFile

shlwapi

PathRemoveExtensionA
PathStripPathA
ord1
PathCombineA

dbghelp

MiniDumpWriteDump

Exports

Exports

NvOptimusEnablement
SteamAPI_Init
SteamAPI_RegisterCallResult
SteamAPI_RegisterCallback
SteamAPI_RunCallbacks
SteamAPI_Shutdown
SteamAPI_UnregisterCallResult
SteamAPI_UnregisterCallback
SteamFriends
SteamGameServer
SteamGameServer_Init
SteamGameServer_RunCallbacks
SteamGameServer_Shutdown
SteamMasterServerUpdater
SteamMatchmaking
SteamNetworking
SteamRemoteStorage
SteamUser
SteamUtils

Sections

.UPX0
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.UPX1
Size: 105KB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX2
Size: 994KB - Virtual size: 994KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iw4x.exe
.exe windows x86

acaca217a98aa431ceb15b7386fda6f5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeGetTime
mixerGetLineControlsA
mixerClose
mixerGetLineInfoA
mixerOpen
mixerGetNumDevs
waveInGetNumDevs
mixerSetControlDetails
timeBeginPeriod
timeEndPeriod
mixerGetControlDetailsA

wsock32

sendto
closesocket
bind
htons
setsockopt
inet_ntoa
socket
recv
send
connect
ntohl
gethostname
WSACleanup
WSASetLastError
getsockopt
accept
listen
__WSAFDIsSet
WSAGetLastError
gethostbyname
ioctlsocket
ntohs
recvfrom
WSAStartup
getsockname
inet_addr
select
htonl

iw4x

SteamMatchmaking
SteamGameServer
SteamNetworking
SteamRemoteStorage
SteamAPI_RegisterCallResult
SteamAPI_UnregisterCallResult
SteamAPI_UnregisterCallback
SteamUser
SteamAPI_RunCallbacks
SteamGameServer_Shutdown
SteamMasterServerUpdater
SteamGameServer_Init
SteamUtils
SteamAPI_Init
SteamAPI_Shutdown
SteamFriends
SteamAPI_RegisterCallback
SteamGameServer_RunCallbacks

mss32

_AIL_stop_sample@4
_AIL_end_sample@4
_AIL_set_DirectSound_HWND@8
_AIL_stream_sample_handle@4
_AIL_set_sample_3D_position@16
_AIL_digital_CPU_percent@4
_AIL_shutdown@0
_AIL_startup@0
_AIL_set_sample_processor@12
_AIL_sample_processor@8
_AIL_sample_stage_property@24
_AIL_find_filter@8
_AIL_open_filter@8
_AIL_allocate_sample_handle@4
_AIL_init_sample@12
_AIL_set_stream_loop_count@8
_AIL_resume_sample@4
_AIL_size_processed_digital_audio@16
_AIL_process_digital_audio@24
_AIL_set_sample_info@8
_AIL_set_sample_loop_count@8
_AIL_set_sample_ms_position@8
_AIL_set_file_callbacks@16
_AIL_set_redist_directory@4
_AIL_set_3D_distance_factor@8
_AIL_set_3D_rolloff_factor@8
_AIL_set_speaker_configuration@16
_AIL_sample_playback_rate@4
_AIL_stream_ms_position@12
_AIL_last_error@0
_AIL_open_stream@12
_AIL_close_stream@4
_AIL_pause_stream@8
_AIL_set_sample_reverb_levels@12
_AIL_sample_channel_levels@8
_AIL_stream_info@20
_AIL_set_sample_3D_distances@16
_AIL_set_preference@8
_AIL_set_sample_playback_rate@8
_AIL_set_stream_ms_position@8
_AIL_open_digital_driver@16
_AIL_speaker_configuration@20
_AIL_set_room_type@8
_AIL_sample_volume_levels@12
_AIL_set_sample_volume_levels@12
_AIL_sample_ms_position@12
_AIL_sample_volume_pan@12
_AIL_sample_3D_position@16
_AIL_sample_status@4
_AIL_set_sample_channel_levels@12
_AIL_stream_status@4

binkw32

_BinkOpenMiles@4
_BinkGetFrameBuffersInfo@8
_BinkSetIOSize@4
_BinkPause@8
_BinkSetMixBinVolumes@20
_BinkRegisterFrameBuffers@8
_BinkSetError@4
_BinkSetSoundTrack@8
_BinkOpen@8
_BinkGetError@0
_BinkControlBackgroundIO@8
_BinkNextFrame@4
_BinkGetRealtime@12
_BinkSetSoundSystem@8
_BinkSetMemory@8
_BinkDoFrame@4
_BinkWait@4
_BinkGetRects@8
_BinkClose@4

d3d9

Direct3DCreate9

dsound

ord11
ord6

powrprof

CallNtPowerInformation

kernel32

GetConsoleMode
GetConsoleCP
SetHandleCount
DeleteCriticalSection
HeapCreate
HeapDestroy
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
ExitThread
GetStartupInfoA
GetCommandLineA
CreateDirectoryA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetEnvironmentStrings
HeapReAlloc
RtlUnwind
GetDriveTypeA
FileTimeToLocalFileTime
MoveFileA
VirtualQuery
ExpandEnvironmentStringsA
LoadLibraryA
FreeLibrary
GetStdHandle
GetFileType
PeekNamedPipe
TerminateThread
GetExitCodeThread
CreateMutexA
WaitForMultipleObjects
ReleaseMutex
FindNextFileA
FindFirstFileA
FindClose
GlobalMemoryStatusEx
FreeEnvironmentStringsW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
FlushFileBuffers
SetStdHandle
FreeEnvironmentStringsA
OpenEventA
OpenFileMappingA
CreateSemaphoreA
CreateFileMappingA
MapViewOfFile
GetModuleHandleExA
SetEnvironmentVariableW
TerminateProcess
GetFullPathNameA
ReleaseSemaphore
SetLastError
InterlockedExchange
InterlockedExchangeAdd
GetFileSize
GetLastError
ReadFileEx
SleepEx
CloseHandle
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
Sleep
GetCurrentThreadId
SetEvent
ResetEvent
CreateEventA
WaitForSingleObject
GetProcessAffinityMask
GetCurrentProcess
DuplicateHandle
GetCurrentThread
SetThreadPriority
RaiseException
CreateThread
SuspendThread
ResumeThread
SetThreadAffinityMask
GetThreadPriority
SetFileAttributesA
GetFileAttributesA
VirtualAlloc
VirtualFree
CreateFileA
QueryPerformanceCounter
QueryPerformanceFrequency
GetModuleFileNameA
GetModuleHandleA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GlobalMemoryStatus
GetProcAddress
SetProcessAffinityMask
GetSystemInfo
FormatMessageA
GlobalUnlock
GlobalSize
GlobalLock
GetVersionExA
Module32Next
Module32First
CreateToolhelp32Snapshot
OpenProcess
WriteFile
ReadFile
GetCurrentProcessId
DeleteFileA
SetErrorMode
GetSystemTime
SystemTimeToFileTime
MulDiv
SetPriorityClass
SetThreadExecutionState
GetCurrentDirectoryA
OutputDebugStringA
GetSystemTimeAsFileTime
HeapFree
GetProcessHeap
lstrcmpiW
CreateFileW
GetFileInformationByHandle
GetFullPathNameW
HeapAlloc
HeapSize
GetTimeZoneInformation
GetComputerNameA
GetTickCount
ExitProcess
FileTimeToSystemTime
GetSystemDirectoryW
GetWindowsDirectoryW
GetModuleFileNameW
UnmapViewOfFile
LockResource
LoadResource
SizeofResource
FindResourceW
GetConsoleWindow
GetCurrentDirectoryW
GetEnvironmentStringsW
GetCommandLineW
GetStartupInfoW

user32

LoadCursorA
IsWindow
EnumDisplayMonitors
AdjustWindowRectEx
MonitorFromPoint
MessageBoxA
SetWindowLongA
GetWindowLongA
GetWindowTextA
ReleaseDC
GetDC
GetDesktopWindow
EnumThreadWindows
ChangeDisplaySettingsA
GetActiveWindow
SetCursorPos
GetWindowRect
SetFocus
GetForegroundWindow
ScreenToClient
GetCursorPos
ClientToScreen
ShowCursor
PostMessageA
ShowWindow
TranslateMessage
DispatchMessageA
GetMessageA
CloseClipboard
GetClipboardData
OpenClipboard
RegisterClassExA
PeekMessageA
LoadIconA
SetWindowPos
AdjustWindowRect
SendMessageA
CreateWindowExA
LoadImageA
GetSystemMetrics
RegisterClassA
DefWindowProcA
UpdateWindow
DestroyWindow
PostQuitMessage
CallWindowProcA
SetWindowTextA
CloseWindow
CallNextHookEx
GetAsyncKeyState
UnhookWindowsHookEx
SetWindowsHookExA
SystemParametersInfoA
MapVirtualKeyA
MoveWindow
GetMonitorInfoA
MonitorFromWindow
RegisterWindowMessageA

gdi32

SetDeviceGammaRamp
CreateFontA
GetDeviceCaps
CreateSolidBrush

advapi32

InitializeSecurityDescriptor
RegCloseKey
RegQueryValueExA
RegOpenKeyA
SetSecurityDescriptorDacl
RegOpenKeyExW
RegQueryValueExW

shell32

ShellExecuteA

ole32

StringFromGUID2

ddraw

DirectDrawCreateEx
DirectDrawEnumerateExA

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 760KB - Virtual size: 757KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 104.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 37B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.version
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 356KB - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
iw4x/html/img/background_default.png
.png
iw4x/html/index.html
.html
iw4x/html/script.js
.js
iw4x/html/style.css
iw4x/images/icon.png
.png
iw4x/images/logo.bmp
iw4x/images/splash.bmp
iw4x/iw4x_00.iwd
.zip
iw4x/iw4x_01.iwd
.zip
iw4x/iw4x_02.iwd
.zip
iw4x/playlists_default.info
.vbs
iw4x/video/IW_logo.bik
zone/patch/co_hunted_load.ff
zone/patch/favela_escape_load.ff
zone/patch/iw4_credits_load.ff
zone/patch/iw4x_code_post_gfx_mp.ff
zone/patch/iw4x_localized_english.ff
zone/patch/iw4x_localized_french.ff
zone/patch/iw4x_localized_russian.ff
zone/patch/iw4x_localized_spanish.ff
zone/patch/iw4x_patch_mp.ff
zone/patch/iw4x_team_militia.ff
zone/patch/iw4x_team_opforce_airborne.ff
zone/patch/iw4x_team_opforce_arctic.ff
zone/patch/iw4x_team_opforce_composite.ff
zone/patch/iw4x_team_seals_udt.ff
zone/patch/iw4x_team_socom_141_arctic.ff
zone/patch/iw4x_team_socom_141_desert.ff
zone/patch/iw4x_team_socom_141_forest.ff
zone/patch/iw4x_team_us_army.ff
zone/patch/iw4x_ui_mp.ff
zone/patch/mp_rust_long_load.ff
zone/patch/mp_shipment.ff
zone/patch/mp_shipment_load.ff
zone/patch/mp_shipment_long_load.ff
zone/patch/oilrig_load.ff
zone/patch/patch_co_hunted.ff
zone/patch/patch_mp_bloc.ff
zone/patch/patch_mp_bloc_sh.ff
zone/patch/patch_mp_bog_sh.ff
zone/patch/patch_mp_cargoship.ff
zone/patch/patch_mp_cargoship_sh.ff
zone/patch/patch_mp_crash_tropical.ff
zone/patch/patch_mp_cross_fire.ff
zone/patch/patch_mp_estate_tropical.ff
zone/patch/patch_mp_fav_tropical.ff
zone/patch/patch_mp_firingrange.ff
zone/patch/patch_mp_killhouse.ff
zone/patch/patch_mp_nuked.ff
zone/patch/patch_mp_rust_long.ff
zone/patch/patch_mp_shipment.ff
zone/patch/patch_mp_shipment_long.ff
zone/patch/patch_mp_storm_spring.ff
zone/patch/patch_oilrig.ff
zone/zonebuilder/zonebuilder_minigun.ff

Sharing

General

Malware Config

Signatures

Files

cf7a4802d8fbbe39ae2252deff1e9876

Headers

File Characteristics

Imports

winmm

wsock32

steam_api

mss32

binkw32

d3d9

powrprof

kernel32

user32

gdi32

advapi32

shell32

ole32

ddraw

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 632KB - Virtual size: 628KB

.data Size: 52KB - Virtual size: 30.0MB

.tls Size: 4KB - Virtual size: 29B

.version Size: 4KB - Virtual size: 4B

.rsrc Size: 220KB - Virtual size: 219KB

69cbe30e797cd5585a0338fe7615c270

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

d3dx9_43

xinput1_3

dwmapi

winmm

ws2_32

d3d9

wininet

shlwapi

dbghelp

Exports

Exports

Sections

.UPX0 Size: 1.6MB - Virtual size: 1.6MB

.UPX1 Size: 105KB - Virtual size: 2.9MB

.UPX2 Size: 994KB - Virtual size: 994KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 83KB - Virtual size: 83KB

acaca217a98aa431ceb15b7386fda6f5

Headers

File Characteristics

Imports

winmm

wsock32

iw4x

mss32

binkw32

d3d9

dsound

powrprof

kernel32

user32

gdi32

advapi32

shell32

ole32

ddraw

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 760KB - Virtual size: 757KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 632KB - Virtual size: 628KB

.data
Size: 52KB - Virtual size: 30.0MB

.tls
Size: 4KB - Virtual size: 29B

.version
Size: 4KB - Virtual size: 4B

.rsrc
Size: 220KB - Virtual size: 219KB

.UPX0
Size: 1.6MB - Virtual size: 1.6MB

.UPX1
Size: 105KB - Virtual size: 2.9MB

.UPX2
Size: 994KB - Virtual size: 994KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 83KB - Virtual size: 83KB

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 760KB - Virtual size: 757KB

.data
Size: 56KB - Virtual size: 104.5MB

.tls
Size: 4KB - Virtual size: 37B

.version
Size: 4KB - Virtual size: 4B

.rsrc
Size: 356KB - Virtual size: 353KB