TS2_update[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

TS2_update.zip
Size

160.6MB
MD5

8b74cc35d2bbc0150b7bfe0216a0957a
SHA1

5f266ea9f70844a931c40ad0e90d73c44c852a6f
SHA256

1125901b68bd95f98cc3452c8652382ec3a4c1bf423e56f1698bed438c7de1b4
SHA512

071983a5728f87e06a00c29ec3a391cd89dae37d47c8dd976ba4fdf11b1b90732025413f3dc33a7baa117d991f94545b77dba33625b0099e855e7b0f25059fd6
SSDEEP

3145728:rlGjHzTFHn7dZb01unKYz/y5KlVPSprT3Wxm6uaMe/8eANbb7LdW0dCW9:ETFHDb08KYWeQ9Tmxm6p+5XRWdM

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CSBin/PackageInstaller.exe
unpack001/CSBin/TS2BodyShop.exe
unpack001/TSBin/Sims2.exe
unpack001/TSBin/TS2UPD.exe
unpack001/eauninstall.exe

Files

TS2_update.zip
.zip
CSBin/PackageInstaller.exe
.exe windows x86

b19b6b0c6b3a64ffbdc2a361089fb708

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegOpenKeyA

user32

TranslateMessage
PeekMessageA
DispatchMessageA
PostMessageA
ShowCursor
MessageBoxA
IntersectRect
SetCursorPos
ClientToScreen
GetKeyState
DefWindowProcA
SetWindowPos
ReleaseDC
GetDC
ScreenToClient
GetCursorPos
wsprintfA
GetAsyncKeyState
CreateCursor
PostQuitMessage
WaitMessage
EqualRect
SetRect
SetWindowTextA
GetKeyboardLayout
RegisterClassExA
SetTimer
KillTimer
UnregisterClassA
ShowWindow
BeginPaint
EndPaint
ReleaseCapture
SetCapture
AdjustWindowRectEx
MoveWindow
IsZoomed
GetAncestor
GetActiveWindow
GetClientRect
FillRect
UpdateWindow
InvalidateRect
GetSystemMetrics
SetActiveWindow
OffsetRect
ValidateRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
IsWindow
GetWindowThreadProcessId
CharUpperBuffA
CharLowerBuffA
DestroyWindow
LoadIconA
CreateWindowExA
SetWindowLongA
GetWindowLongA
LoadCursorA
LoadCursorFromFileA
LoadImageA
GetIconInfo
GetCursorInfo
DestroyCursor
SetCursor

kernel32

FileTimeToSystemTime
FileTimeToLocalFileTime
IsProcessorFeaturePresent
CreateFileW
InterlockedCompareExchange
GetLocaleInfoW
IsBadCodePtr
IsValidCodePage
IsValidLocale
GetTimeZoneInformation
HeapCreate
HeapDestroy
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
SetStdHandle
GetStdHandle
SetHandleCount
HeapReAlloc
GetOEMCP
CreateThread
ExitThread
GetCurrentDirectoryA
CreateDirectoryA
ExitProcess
RtlUnwind
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
GetStringTypeA
LCMapStringA
EnumSystemLocalesA
CompareStringW
GetCPInfo
LCMapStringW
GetStringTypeW
GetFileType
FindResourceA
SizeofResource
LoadResource
LockResource
FindFirstChangeNotificationA
WaitForMultipleObjects
GetVersion
GetLongPathNameA
GetLongPathNameW
GetCommandLineW
InterlockedExchange
Sleep
GetFileInformationByHandle
GetDriveTypeA
GetLogicalDriveStringsA
CloseHandle
UnmapViewOfFile
SleepEx
QueryPerformanceFrequency
QueryPerformanceCounter
MapViewOfFile
GetLastError
CreateFileMappingA
GetCurrentProcessId
SetThreadPriority
SetPriorityClass
GetThreadPriority
GetCurrentThread
GetPriorityClass
GetCurrentProcess
GlobalMemoryStatus
FreeLibrary
LoadLibraryA
GetProcAddress
GetTickCount
GetModuleHandleA
GetEnvironmentVariableA
SetEnvironmentVariableA
GetACP
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
MoveFileA
FindNextFileA
FindClose
FindFirstFileA
RemoveDirectoryA
GetWindowsDirectoryA
lstrcpynA
lstrlenA
lstrcmpiA
FlushFileBuffers
SetFilePointer
ReadFile
WriteFile
SetEndOfFile
GetTempPathA
GetVolumeInformationA
CreateFileA
DeleteFileA
GetFileAttributesA
SetFileAttributesA
CopyFileA
LocalFree
FormatMessageA
GetFileSize
GetExitCodeThread
WaitForSingleObject
GetCurrentThreadId
SuspendThread
ResumeThread
RaiseException
QueueUserAPC
GetUserDefaultLCID
CompareStringA
ReleaseSemaphore
CreateSemaphoreA
ReleaseMutex
CreateMutexA
HeapAlloc
GetProcessHeap
HeapFree
VirtualAlloc
VirtualFree
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
IsBadReadPtr
IsBadWritePtr
OutputDebugStringA
TerminateProcess
SetUnhandledExceptionFilter
VirtualQuery
GetSystemInfo
VirtualProtect
GetLocalTime
GetFullPathNameA
PulseEvent
SetEvent
ResetEvent
CreateEventA
GetVersionExA
lstrcpyA
SetThreadExecutionState
GetLocaleInfoA
SetLastError
EnumResourceNamesA
LoadLibraryW
FindCloseChangeNotification
FindNextChangeNotification
PeekNamedPipe

d3d9

Direct3DCreate9

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext
ImmSetOpenStatus
ImmNotifyIME
ImmSetCompositionStringW
ImmGetCompositionStringW
ImmGetCandidateListW

gdi32

CreateDCA
CreateSolidBrush
StretchBlt
DeleteDC
SelectObject
CreateDIBSection
GetClipBox
GetDCOrgEx
GetDeviceCaps
DeleteObject
GetDIBits
GetObjectA
CreateCompatibleBitmap
CreateCompatibleDC

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListA

ole32

CoCreateInstance
IIDFromString
StringFromGUID2

oleaut32

VariantInit
VariantClear

Exports

Exports

GZDllGetGZCOMDirector

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 397KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 119KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PIXO_RST
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PIXO_2D
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

STLPORT_
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CSBin/TS2BodyShop.exe
.exe windows x86

829a2e19724208275e7884d99d5225bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
GetUserNameA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyA

user32

WaitMessage
PeekMessageA
SetWindowPos
PostMessageA
ReleaseDC
GetDC
ScreenToClient
GetCursorPos
CreateCursor
LoadCursorFromFileA
LoadImageA
GetIconInfo
GetCursorInfo
DestroyCursor
SetCursor
GetAsyncKeyState
wsprintfA
PostQuitMessage
TranslateMessage
DispatchMessageA
MessageBoxA
SetCursorPos
ShowCursor
EqualRect
SetRect
SetWindowTextA
GetKeyboardLayout
RegisterClassExA
SetTimer
KillTimer
UnregisterClassA
BeginPaint
EndPaint
ReleaseCapture
RegisterWindowMessageA
AdjustWindowRectEx
MoveWindow
ClientToScreen
IsZoomed
GetAncestor
GetActiveWindow
GetClientRect
FillRect
UpdateWindow
InvalidateRect
ValidateRect
SetActiveWindow
GetKeyState
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
SetForegroundWindow
GetWindowRect
GetSystemMetrics
GetWindowPlacement
GetWindowThreadProcessId
CharUpperBuffA
CharLowerBuffA
SetClipboardViewer
SendMessageA
EmptyClipboard
SetClipboardData
OpenClipboard
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
ChangeClipboardChain
DestroyWindow
GetClassInfoA
LoadCursorA
LoadIconA
RegisterClassA
CreateWindowExA
SetWindowLongA
GetWindowLongA
DefWindowProcA
ShowWindow
SetCapture
IsWindow

kernel32

GetComputerNameA
FindCloseChangeNotification
FindNextChangeNotification
WaitForMultipleObjects
FindFirstChangeNotificationA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetTickCount
ExitProcess
Sleep
InterlockedExchange
IsProcessorFeaturePresent
FindResourceA
SizeofResource
LoadResource
LockResource
CreateFileW
InterlockedCompareExchange
GetLocaleInfoW
CreateProcessA
GetExitCodeProcess
IsBadCodePtr
SetConsoleCtrlHandler
IsValidCodePage
IsValidLocale
GetTimeZoneInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapCreate
HeapDestroy
HeapSize
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
SetStdHandle
GetStdHandle
SetHandleCount
GetDateFormatA
GetTimeFormatA
GetOEMCP
CreateThread
ExitThread
CreateDirectoryA
GetCurrentDirectoryA
HeapReAlloc
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
RtlUnwind
GetStringTypeA
LCMapStringA
EnumSystemLocalesA
GetFileInformationByHandle
PeekNamedPipe
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
FlushConsoleInputBuffer
GetWindowsDirectoryA
ReleaseMutex
WaitForSingleObject
GetCurrentThreadId
CreateMutexA
CloseHandle
GetDriveTypeA
GetLogicalDriveStringsA
UnmapViewOfFile
SleepEx
QueryPerformanceFrequency
QueryPerformanceCounter
MapViewOfFile
GetLastError
CreateFileMappingA
GetCurrentProcessId
SetThreadPriority
SetPriorityClass
GetThreadPriority
GetCurrentThread
GetPriorityClass
GetCurrentProcess
GetVolumeInformationA
LoadLibraryA
FreeLibrary
GetProcAddress
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
OutputDebugStringA
GetModuleHandleA
LoadLibraryW
LocalFree
FormatMessageA
GetVersion
GetEnvironmentVariableA
SetEnvironmentVariableA
GetACP
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
IsBadReadPtr
IsBadWritePtr
RaiseException
TerminateProcess
SetUnhandledExceptionFilter
VirtualQuery
GetSystemInfo
VirtualProtect
SetFilePointer
CreateFileA
GetLocalTime
ResumeThread
SuspendThread
lstrcpynA
lstrlenA
lstrcmpiA
FlushFileBuffers
ReadFile
WriteFile
SetEndOfFile
GetTempPathA
DeleteFileA
GetFileAttributesA
SetFileAttributesA
MoveFileA
CopyFileA
FindFirstFileA
FindClose
GetDiskFreeSpaceA
GetFileSize
FindNextFileA
RemoveDirectoryA
GetExitCodeThread
QueueUserAPC
GlobalSize
GlobalMemoryStatus
GetUserDefaultLCID
CompareStringA
HeapAlloc
GetProcessHeap
HeapFree
VirtualAlloc
VirtualFree
GetFullPathNameA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
PulseEvent
SetEvent
ResetEvent
CreateEventA
GetVersionExA
lstrcpyA
SetThreadExecutionState
GetLocaleInfoA
SetLastError
EnumResourceNamesA
GetProcessTimes
GetFileType
GetStringTypeW
LCMapStringW
GetCPInfo
CompareStringW

ole32

CoCreateGuid
CoCreateInstance
IIDFromString
StringFromGUID2
CoInitialize
CoUninitialize

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wsock32

connect
ioctlsocket
WSASetLastError
WSAStartup
WSAGetLastError
WSACleanup
closesocket
socket
inet_addr
gethostbyname
gethostname
__WSAFDIsSet
select
WSAAsyncSelect
shutdown
recvfrom
bind
getsockname
getpeername
inet_ntoa
setsockopt
getsockopt
accept
listen
send
recv
sendto

d3d9

Direct3DCreate9

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext
ImmSetOpenStatus
ImmNotifyIME
ImmSetCompositionStringW
ImmGetCompositionStringW
ImmGetCandidateListW

gdi32

GetDeviceCaps
GetStockObject
GetDCOrgEx
DeleteDC
CreateDCA
DeleteObject
CreateSolidBrush
StretchBlt
GetDIBits
CreateCompatibleBitmap
SelectObject
CreateDIBSection
CreateCompatibleDC
GetObjectA
GetClipBox

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation

oleaut32

VariantInit
VariantClear

Exports

Exports

?CDAPFN0506_CDAPFN0506_X_GetTSCommonCOMDirector@@3UCDAPFN_PROPERTIES@@A
?CDAPFN0506_GetTSCommonCOMDirector@@3UCDAPFN_PROPERTIES@@A
?CDAPFN0506_cTSCommonCOMDirector__OnStart@@3UPFNAPI_DATA_TYPE@@A
?OnStart@cTSCommonCOMDirector@@UAE_NPAVcIGZCOM@@@Z
GZDllGetGZCOMDirector
__export__GetMemoryReport

Sections

.text
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 884KB - Virtual size: 883KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 291KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PIXO_RST
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PIXO_2D
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

STLPORT_
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CSBin/properties.txt
TSBin/OpenSSL_License.txt
TSBin/OpenSSL_License_FR.TXT
TSBin/Sims2.exe
.exe windows x86

99e256d99e6f9d5ae5f47efb2e6f9643

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
ExitProcess

advapi32

RegCreateKeyA

gdi32

CreateCompatibleDC

user32

MessageBoxA

version

GetFileVersionInfoA

imm32

ImmReleaseContext

d3d9

Direct3DCreate9

msvfw32

ICClose

avifil32

AVIStreamWrite

winmm

mmioAdvance

shell32

SHGetSpecialFolderLocation

ole32

CoTaskMemFree

oleaut32

VariantClear

ws2_32

getsockname

dsound

ord1

Exports

Exports

?OnStart@cTSAppFWCOMDirector@@UAE_NPAVcIGZCOM@@@Z
?OnStart@cTSAudioCOMDirector@@UAE_NPAVcIGZCOM@@@Z
?OnStart@cTSCommonCOMDirector@@UAE_NPAVcIGZCOM@@@Z
?OnStart@cTSSimCOMDirector@@UAE_NPAVcIGZCOM@@@Z
?OnStart@cTSUICOMDirector@@UAE_NPAVcIGZCOM@@@Z
GZDllGetGZCOMDirector
__export__GetMemoryReport

Sections

.text
Size: 11.2MB - Virtual size: 11.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 596KB - Virtual size: 877KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PIXO_RST
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PIXO_2D
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

STLPORT_
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

LBMPEG_D
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

stxt774
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

stxt371
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
TSBin/TS2UPD.exe
.exe windows x86

8e1fd0e7e149c438faf98581c709d2b7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

FindResourceA
GetTempFileNameA
GetTempPathA
GetModuleFileNameA
GetModuleHandleA
WideCharToMultiByte
GetUserDefaultLangID
MulDiv
GetDiskFreeSpaceExA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetVolumeInformationA
GetDriveTypeA
GetLogicalDriveStringsA
CopyFileA
GetLastError
SetFileAttributesA
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetStringTypeA
SetEndOfFile
InterlockedExchange
GetCPInfo
GetOEMCP
LoadResource
VirtualQuery
GetSystemInfo
VirtualProtect
FlushFileBuffers
SetStdHandle
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
GetStringTypeW
HeapReAlloc
RtlUnwind
GetCurrentProcess
TerminateProcess
GetFileType
GetStdHandle
LockResource
CreateFileA
WriteFile
CloseHandle
FreeResource
LoadLibraryA
GetProcAddress
DeleteFileA
FreeLibrary
LCMapStringA
LCMapStringW
GetACP
GetLocaleInfoA
MultiByteToWideChar
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapFree
HeapAlloc
ExitProcess
ReadFile
SetFilePointer
SetHandleCount

user32

RegisterWindowMessageA
CharToOemA
GetMessageA
LoadIconA
LoadCursorA
RegisterClassA
DialogBoxParamA
CreateDialogParamA
InvalidateRect
GetClientRect
SetWindowTextA
SetFocus
DefWindowProcA
PostQuitMessage
CreateWindowExA
ShowWindow
UpdateWindow
SetWindowLongA
EndDialog
GetParent
GetDesktopWindow
GetWindowRect
MoveWindow
DestroyWindow
DispatchMessageA
PeekMessageA
TranslateMessage
GetDlgItem
SendMessageA
MessageBoxA
GetDC
ReleaseDC
GetSysColor

gdi32

GetStockObject
CreateSolidBrush
SelectObject
Rectangle
SetBkMode
GetDeviceCaps
CreateFontA
DeleteObject

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 776KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TSData/Control/control0.dat
TSData/Control/control1.dat
TSData/Control/control2.dat
TSData/Control/control3.dat
TSData/Res/CSConfig/RootCerts.pem
TSData/Res/Catalog/Bins/H05.bundle.package
TSData/Res/Catalog/Skins/Skins.package
TSData/Res/Config/Graphics Rules.sgr
.vbs
TSData/Res/Config/RootCerts.pem
TSData/Res/Config/Video Cards.sgr
TSData/Res/ContentRegistry
TSData/Res/Effects/effects.package
TSData/Res/NeighborhoodTemplate/Neighborhood.png
TSData/Res/Objects/objects.package
TSData/Res/Sims3D/properties.txt
TSData/Res/Sound/properties.txt
TSData/Res/Terrain/terrain.package
TSData/Res/Text/Credits.package
TSData/Res/Text/UIText.package
TSData/Res/Text/Wants.package
TSData/Res/Text/eCAS.package
TSData/Res/UI/ui.package
TSData/Sys/Version.sig
TSData/properties.txt
addflist.bat
eauninstall.exe
.exe windows x86

aa7f6f87a7d7e65bca1b3da13eaf9d6b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
ExitProcess
TerminateProcess
GetStartupInfoA
GetCommandLineA
GetSystemTimeAsFileTime
ExitThread
CreateThread
SetEnvironmentVariableA
HeapReAlloc
SetStdHandle
GetFileType
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
GetTickCount
VirtualProtect
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetTimeZoneInformation
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetLocaleInfoW
HeapFree
HeapAlloc
SetErrorMode
RaiseException
GetOEMCP
GetCPInfo
InterlockedIncrement
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
InterlockedDecrement
WritePrivateProfileStringA
ResumeThread
lstrcmpA
GetModuleFileNameA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
GlobalFree
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
lstrcpynA
CreateFileA
FreeLibrary
CreateDirectoryA
CreateProcessA
GetExitCodeProcess
GetSystemDirectoryA
GetWindowsDirectoryA
LocalAlloc
GetCurrentProcess
GetCurrentThread
FormatMessageA
LocalFree
SetLastError
GetUserDefaultLangID
CopyFileA
FindResourceA
LockResource
SizeofResource
GetTempPathA
RemoveDirectoryA
FindFirstFileA
DeleteFileA
FindNextFileA
FindClose
GetShortPathNameA
GetFileAttributesA
SetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
FindResourceExA
LoadResource
CreateToolhelp32Snapshot
Sleep
Process32First
Process32Next
CloseHandle
GetModuleHandleA
LoadLibraryA
GetProcAddress
CreateMutexA
WaitForSingleObject
ReleaseMutex
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetCurrentProcessId
InterlockedExchange

user32

GetSysColorBrush
GetMenuItemInfoA
InflateRect
LoadMenuA
DestroyMenu
UnpackDDElParam
ReuseDDElParam
ReleaseCapture
LoadAcceleratorsA
InvalidateRect
InsertMenuItemA
CreatePopupMenu
SetRectEmpty
BringWindowToTop
SetMenu
TranslateAcceleratorA
GetMessageA
GetCursorPos
ValidateRect
ShowOwnedPopups
SetCursor
PostQuitMessage
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
IsWindowEnabled
ShowWindow
SetWindowTextA
IsDialogMessageA
GetMenuState
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
IsWindow
SetFocus
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
TrackPopupMenu
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetClientRect
GetMenu
PostMessageA
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetSysColor
AdjustWindowRectEx
GetParent
ScreenToClient
EqualRect
DeferWindowPos
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
CallWindowProcA
GetWindowLongA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
CopyRect
PtInRect
GetWindow
PeekMessageA
TranslateMessage
DispatchMessageA
wsprintfA
SystemParametersInfoA
DefWindowProcA
MessageBoxA
BroadcastSystemMessageA
SendMessageA
SetTimer
LoadCursorA
EnableWindow
SetWindowsHookExA

gdi32

TextOutA
RectVisible
PtVisible
BitBlt
DeleteObject
GetTextExtentPoint32A
CreateFontIndirectA
CreateCompatibleBitmap
CreateSolidBrush
GetStockObject
CreateCompatibleDC
CreatePatternBrush
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
GetPixel
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
GetObjectA
SetBkColor
SetTextColor
GetClipBox
ExtTextOutA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
OpenProcessToken
FreeSid
RevertToSelf
AccessCheck
IsValidSecurityDescriptor
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegCreateKeyExA
RegEnumKeyExA
RegCloseKey
ImpersonateSelf
OpenThreadToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner

shell32

DragFinish
DragQueryFileA
ShellExecuteA

comctl32

ord17
ImageList_Draw
ImageList_GetImageInfo
ImageList_Destroy

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantInit
VariantChangeType

Sections

.text
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b19b6b0c6b3a64ffbdc2a361089fb708

Headers

File Characteristics

Imports

advapi32

user32

kernel32

d3d9

imm32

gdi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 397KB - Virtual size: 396KB

.data Size: 119KB - Virtual size: 254KB

PIXO_RST Size: 4KB - Virtual size: 4KB

PIXO_2D Size: 1KB - Virtual size: 1KB

STLPORT_ Size: 512B - Virtual size: 32B

.rsrc Size: 22KB - Virtual size: 21KB

829a2e19724208275e7884d99d5225bf

Headers

File Characteristics

Imports

advapi32

user32

kernel32

ole32

version

wsock32

d3d9

imm32

gdi32

shell32

oleaut32

Exports

Exports

Sections

.text Size: 6.2MB - Virtual size: 6.2MB

.rdata Size: 884KB - Virtual size: 883KB

.data Size: 291KB - Virtual size: 464KB

Shared Size: 512B - Virtual size: 4B

PIXO_RST Size: 4KB - Virtual size: 4KB

PIXO_2D Size: 1KB - Virtual size: 1KB

STLPORT_ Size: 512B - Virtual size: 32B

.rsrc Size: 11KB - Virtual size: 11KB

99e256d99e6f9d5ae5f47efb2e6f9643

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

user32

version

imm32

d3d9

msvfw32

avifil32

winmm

shell32

ole32

oleaut32

ws2_32

dsound

Exports

Exports

Sections

.text Size: 11.2MB - Virtual size: 11.2MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 596KB - Virtual size: 877KB

PIXO_RST Size: 8KB - Virtual size: 4KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 397KB - Virtual size: 396KB

.data
Size: 119KB - Virtual size: 254KB

PIXO_RST
Size: 4KB - Virtual size: 4KB

PIXO_2D
Size: 1KB - Virtual size: 1KB

STLPORT_
Size: 512B - Virtual size: 32B

.rsrc
Size: 22KB - Virtual size: 21KB

.text
Size: 6.2MB - Virtual size: 6.2MB

.rdata
Size: 884KB - Virtual size: 883KB

.data
Size: 291KB - Virtual size: 464KB

Shared
Size: 512B - Virtual size: 4B

PIXO_RST
Size: 4KB - Virtual size: 4KB

PIXO_2D
Size: 1KB - Virtual size: 1KB

STLPORT_
Size: 512B - Virtual size: 32B

.rsrc
Size: 11KB - Virtual size: 11KB

.text
Size: 11.2MB - Virtual size: 11.2MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 596KB - Virtual size: 877KB

PIXO_RST
Size: 8KB - Virtual size: 4KB

PIXO_2D
Size: 4KB - Virtual size: 1KB

STLPORT_
Size: 4KB - Virtual size: 32B

LBMPEG_D
Size: 4KB - Virtual size: 1024B

.rsrc
Size: 12KB - Virtual size: 11KB

stxt774
Size: 12KB - Virtual size: 8KB

stxt371
Size: 16KB - Virtual size: 13KB

.text
Size: 60KB - Virtual size: 58KB

.rdata
Size: 52KB - Virtual size: 48KB

.data
Size: 8KB - Virtual size: 776KB

.rsrc
Size: 212KB - Virtual size: 211KB

.text
Size: 176KB - Virtual size: 173KB

.rdata
Size: 48KB - Virtual size: 45KB

.data
Size: 16KB - Virtual size: 174KB

.rsrc
Size: 100KB - Virtual size: 96KB