a-gfwrm8[.]7z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a-gfwrm8.7z
Size

9.2MB
MD5

040c747fad2268c746b2017ef6b536ca
SHA1

c476747ae25e215ac25222a22bda82d9a54c1143
SHA256

6b9d056b50577252de67854248b6ea9aa6fa77fc65cf2243372c9a91861987a1
SHA512

a00b6230a4d3f99d7fa3f684f304cd35ba9dcf6d70c9d725704bd68d4ffafce230a1e5a6c5a24a29127580cd078ac12152e3733642843c93fbc644e3fe09aaf5
SSDEEP

196608:WS9PqjBvc+WGtdvE2maOHU5B2Z1tQwIMVr5pKYYItTkodTjId4td27GMzr:jCjB0OpE2NO0j2Z1tDIMtLSICbdrGMX

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/files/garfieldWR.exe
unpack001/files/paul.dll
unpack001/files/rld.dll

Files

a-gfwrm8.7z
.7z
alias.nfo
files/garfieldWR.exe
.exe windows x86

b654900905be998e61425e6b5dc30db5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
GetModuleFileNameA
GetCurrentDirectoryA
ResumeThread
GetThreadContext
SuspendThread
GetCurrentThread
IsBadReadPtr
GetWindowsDirectoryA
GetFullPathNameW
CreateSemaphoreA
Sleep
WaitForSingleObjectEx
ReleaseSemaphore
MoveFileExW
SleepEx
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
SetThreadPriority
CreateEventA
CopyFileW
SetEvent
ResetEvent
FileTimeToDosDateTime
FileTimeToLocalFileTime
lstrlenA
GetFileTime
VirtualQuery
GlobalMemoryStatus
GetSystemTimeAsFileTime
CreateProcessW
IsDebuggerPresent
SetErrorMode
WritePrivateProfileStringW
HeapAlloc
HeapReAlloc
HeapFree
RtlUnwind
EncodePointer
DecodePointer
ExitProcess
SetConsoleCtrlHandler
ExitThread
DuplicateHandle
GetCommandLineA
HeapSetInformation
GetStartupInfoW
GetStdHandle
HeapCreate
IsProcessorFeaturePresent
InterlockedIncrement
InterlockedDecrement
HeapSize
GetLocaleInfoW
UnhandledExceptionFilter
TerminateProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetFileAttributesW
ExpandEnvironmentStringsA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
OutputDebugStringA
SetStdHandle
LCMapStringW
GetEnvironmentVariableA
GetEnvironmentStringsW
GetTickCount
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CompareStringW
SetEnvironmentVariableA
CreateFileA
WriteConsoleW
GetProcessHeap
InterlockedCompareExchange
HeapValidate
SetThreadAffinityMask
TerminateThread
WaitForMultipleObjects
CreateEventW
GetOverlappedResult
CancelIo
LoadLibraryW
GetProcAddress
GetCommandLineW
FreeLibrary
CreateDirectoryW
GetFileSize
ReadFile
CreateFileW
GetCurrentDirectoryW
GetDriveTypeW
GetTimeZoneInformation
SetConsoleMode
ReadConsoleInputA
FindFirstFileExA
GetDriveTypeA
PeekNamedPipe
GetFileInformationByHandle
FileTimeToSystemTime
GetDateFormatA
GetTimeFormatA
CreateSemaphoreW
CreateMutexW
SignalObjectAndWait
ReleaseMutex
GetProcessAffinityMask
FlushConsoleInputBuffer
GetVersion
GetSystemDirectoryA
OpenEventA
VirtualAlloc
VirtualFree
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
lstrcmpiA
GetFullPathNameA
CreateThread
WaitForSingleObject
SetUnhandledExceptionFilter
GetCurrentProcessId
GetModuleHandleW
GetTempPathW
LoadLibraryA
GetComputerNameW
GetVersionExA
GetUserDefaultLangID
FreeEnvironmentStringsW
SetLastError
lstrcpynW
lstrcpyA
lstrcpynA
GlobalMemoryStatusEx
GetSystemInfo
GetModuleHandleA
GetCurrentProcess
GetCurrentThreadId
RaiseException
GetFileType
CreateMutexA
GetModuleFileNameW
FindFirstFileW
FindNextFileW
RemoveDirectoryW
DeleteFileW
FindClose
WriteFile
InterlockedExchange
GetFileAttributesW
SetEndOfFile
SetFilePointer
CloseHandle
WideCharToMultiByte
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
GetLastError
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedExchangeAdd
HeapWalk

user32

IsDlgButtonChecked
DialogBoxParamA
LoadImageA
ValidateRect
DispatchMessageA
GetMessageA
PeekMessageA
GetCaretBlinkTime
EnumDisplayDevicesA
MonitorFromWindow
wvsprintfA
CheckDlgButton
CreateDialogParamW
EnableWindow
DestroyCursor
IsDialogMessageW
TranslateMessage
DefWindowProcW
DestroyWindow
CreateWindowExW
SetClipboardData
CloseClipboard
PeekMessageW
OpenClipboard
GetClipboardData
IsClipboardFormatAvailable
SetCapture
GetProcessWindowStation
GetUserObjectInformationW
ReleaseCapture
RegisterDeviceNotificationW
UnregisterDeviceNotification
SystemParametersInfoW
ClientToScreen
GetAsyncKeyState
ScreenToClient
IsWindowVisible
GetCursorPos
GetKeyState
wsprintfA
RegisterRawInputDevices
GetRawInputData
GetRawInputDeviceInfoW
GetRawInputDeviceList
SendMessageTimeoutA
EnumWindows
SendMessageA
LoadCursorA
SetCursor
GetSystemMetrics
GetDC
ReleaseDC
CreateIconIndirect
EmptyClipboard
DispatchMessageW
MsgWaitForMultipleObjects
SetWindowTextW
RegisterClassW
PostQuitMessage
SetWindowLongW
GetWindowLongW
SetCursorPos
ClipCursor
ShowCursor
GetFocus
SetFocus
WindowFromPoint
MessageBoxW
RegisterClassExW
SetForegroundWindow
ShowWindow
DialogBoxParamW
EndDialog
LoadIconA
SendDlgItemMessageW
SetDlgItemTextA
SetDlgItemTextW
MessageBoxA
CopyRect
OffsetRect
GetAncestor
IsIconic
RegisterWindowMessageA
GetUserObjectInformationA
GetThreadDesktop
GetParent
GetWindowRect
GetWindowLongA
SetWindowPos
GetClientRect
CreateDialogParamA
UnregisterClassW
GetDesktopWindow
EnumDisplaySettingsA
AdjustWindowRectEx
ChangeDisplaySettingsA
GetDlgItem
SetWindowLongA

version

VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoW
GetFileVersionInfoSizeA

ole32

CoCreateInstance
CoSetProxyBlanket
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoCreateGuid
CoInitialize
CoUninitialize

shlwapi

SHDeleteKeyA
PathFileExistsW
PathIsDirectoryW

advapi32

CryptGetHashParam
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyA
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
GetUserNameA
RegDeleteValueA
CryptDestroyKey
CryptVerifySignatureA
CryptImportKey
DeregisterEventSource
ReportEventA
RegisterEventSourceA
CryptDestroyHash

gdi32

GetDeviceCaps
SetPixelFormat
SwapBuffers
CreateDIBSection
GetObjectA
ChoosePixelFormat
DeleteObject
CreateBitmap

shell32

ShellExecuteW
SHGetFolderPathW
CommandLineToArgvW

opengl32

glFinish
glFogi
glIsTexture
glTexSubImage2D
glPixelStorei
glCopyTexSubImage2D
glDrawBuffer
glReadBuffer
glDrawArrays
wglDeleteContext
glTexParameteri
glBegin
glVertex3f
glNormal3f
glColor4f
glEnd
glHint
glLightModelf
glLoadIdentity
glMaterialfv
glMaterialf
glGenTextures
glBindTexture
glTexImage2D
glReadPixels
wglCreateContext
wglMakeCurrent
glGetIntegerv
wglGetCurrentContext
wglGetCurrentDC
wglShareLists
wglGetProcAddress
glGetError
glGetString
glDrawElements
glTexCoordPointer
glNormalPointer
glVertexPointer
glColorPointer
glEnableClientState
glDisableClientState
glTexEnvf
glTexEnvi
glAlphaFunc
glEnable
glBlendFunc
glDisable
glColorMask
glPolygonOffset
glCullFace
glDepthMask
glDepthFunc
glStencilMask
glStencilOp
glStencilFunc
glIsEnabled
glClear
glClearStencil
glClearDepth
glClearColor
glFrontFace
glPolygonMode
glLoadMatrixf
glMatrixMode
glMultMatrixf
glGetFloatv
glColorMaterial
glLightModeli
glColor4fv
glViewport
glScissor
glTexEnvfv
glTexGenfv
glTexGeni
glLightfv
glLightf
glLightModelfv
glFogfv
glFogf
glDeleteTextures

winmm

waveInStart
waveInOpen
waveInClose
waveOutPrepareHeader
waveInGetDevCapsW
waveInGetDevCapsA
waveInUnprepareHeader
waveInPrepareHeader
waveInAddBuffer
waveOutGetPosition
waveOutReset
waveOutWrite
waveOutUnprepareHeader
waveOutOpen
waveOutClose
waveOutGetDevCapsW
waveOutGetDevCapsA
waveOutGetNumDevs
waveInGetNumDevs
timeGetTime
timeEndPeriod
timeBeginPeriod
waveInReset

ws2_32

closesocket
getsockopt
getsockname
inet_ntoa
WSACleanup
WSAStartup
connect
htons
WSAAsyncGetHostByName
socket
getpeername
gethostname
ioctlsocket
setsockopt
select
WSASetLastError
__WSAFDIsSet
sendto
recvfrom
bind
ntohs
accept
listen
shutdown
WSACancelAsyncRequest
gethostbyaddr
gethostbyname
recv
htonl
send
freeaddrinfo
inet_addr
getaddrinfo
WSAGetLastError

oleaut32

SysAllocString
VariantChangeType
VariantClear
VariantInit
SysStringLen
SysFreeString

imm32

ImmGetContext
ImmAssociateContext
ImmAssociateContextEx
ImmGetCompositionStringW
ImmGetConversionStatus
ImmSetOpenStatus
ImmReleaseContext
ImmSetCompositionStringW

dnsapi

DnsFree
DnsQuery_A

iphlpapi

GetIpAddrTable

winhttp

WinHttpGetIEProxyConfigForCurrentUser

hid

HidD_FreePreparsedData
HidD_GetPreparsedData
HidD_GetProductString
HidP_GetCaps
HidP_GetButtonCaps
HidP_GetValueCaps
HidP_MaxDataListLength
HidP_GetData
HidD_GetHidGuid

msacm32

acmStreamUnprepareHeader
acmFormatSuggest
acmStreamOpen
acmStreamSize
acmStreamPrepareHeader
acmStreamConvert

Exports

Exports

??$Transfer@V?$StreamedBinaryRead@$00@@@AnimationEvent@@QAEXAAV?$StreamedBinaryRead@$00@@@Z
??$Transfer@V?$StreamedBinaryRead@$00@@@Behaviour@@QAEXAAV?$StreamedBinaryRead@$00@@@Z
??$Transfer@V?$StreamedBinaryRead@$00@@@Component@Unity@@QAEXAAV?$StreamedBinaryRead@$00@@@Z
??$Transfer@V?$StreamedBinaryRead@$00@@@GameObject@Unity@@QAEXAAV?$StreamedBinaryRead@$00@@@Z
??$Transfer@V?$StreamedBinaryRead@$00@@@GlobalGameManager@@QAEXAAV?$StreamedBinaryRead@$00@@@Z
??$Transfer@V?$StreamedBinaryRead@$00@@@LevelGameManager@@QAEXAAV?$StreamedBinaryRead@$00@@@Z
??$Transfer@V?$StreamedBinaryRead@$00@@@NamedObject@@QAEXAAV?$StreamedBinaryRead@$00@@@Z
??$Transfer@V?$StreamedBinaryRead@$00@@@Object@@IAEXAAV?$StreamedBinaryRead@$00@@@Z
??$Transfer@V?$StreamedBinaryRead@$00@@@Renderer@@QAEXAAV?$StreamedBinaryRead@$00@@@Z
??$Transfer@V?$StreamedBinaryRead@$0A@@@@AnimationEvent@@QAEXAAV?$StreamedBinaryRead@$0A@@@@Z
??$Transfer@V?$StreamedBinaryRead@$0A@@@@Behaviour@@QAEXAAV?$StreamedBinaryRead@$0A@@@@Z
??$Transfer@V?$StreamedBinaryRead@$0A@@@@Component@Unity@@QAEXAAV?$StreamedBinaryRead@$0A@@@@Z
??$Transfer@V?$StreamedBinaryRead@$0A@@@@GameObject@Unity@@QAEXAAV?$StreamedBinaryRead@$0A@@@@Z
??$Transfer@V?$StreamedBinaryRead@$0A@@@@GlobalGameManager@@QAEXAAV?$StreamedBinaryRead@$0A@@@@Z
??$Transfer@V?$StreamedBinaryRead@$0A@@@@LevelGameManager@@QAEXAAV?$StreamedBinaryRead@$0A@@@@Z
??$Transfer@V?$StreamedBinaryRead@$0A@@@@NamedObject@@QAEXAAV?$StreamedBinaryRead@$0A@@@@Z
??$Transfer@V?$StreamedBinaryRead@$0A@@@@Object@@IAEXAAV?$StreamedBinaryRead@$0A@@@@Z
??$Transfer@V?$StreamedBinaryRead@$0A@@@@Renderer@@QAEXAAV?$StreamedBinaryRead@$0A@@@@Z
??$Transfer@V?$StreamedBinaryWrite@$0A@@@@AnimationEvent@@QAEXAAV?$StreamedBinaryWrite@$0A@@@@Z
??$Transfer@V?$StreamedBinaryWrite@$0A@@@@Behaviour@@QAEXAAV?$StreamedBinaryWrite@$0A@@@@Z
??$Transfer@V?$StreamedBinaryWrite@$0A@@@@Component@Unity@@QAEXAAV?$StreamedBinaryWrite@$0A@@@@Z
??$Transfer@V?$StreamedBinaryWrite@$0A@@@@GameObject@Unity@@QAEXAAV?$StreamedBinaryWrite@$0A@@@@Z
??$Transfer@V?$StreamedBinaryWrite@$0A@@@@GlobalGameManager@@QAEXAAV?$StreamedBinaryWrite@$0A@@@@Z
??$Transfer@V?$StreamedBinaryWrite@$0A@@@@LevelGameManager@@QAEXAAV?$StreamedBinaryWrite@$0A@@@@Z
??$Transfer@V?$StreamedBinaryWrite@$0A@@@@NamedObject@@QAEXAAV?$StreamedBinaryWrite@$0A@@@@Z
??$Transfer@V?$StreamedBinaryWrite@$0A@@@@Object@@IAEXAAV?$StreamedBinaryWrite@$0A@@@@Z
??$Transfer@V?$StreamedBinaryWrite@$0A@@@@Renderer@@QAEXAAV?$StreamedBinaryWrite@$0A@@@@Z
??$Transfer@VProxyTransfer@@@AnimationEvent@@QAEXAAVProxyTransfer@@@Z
??$Transfer@VProxyTransfer@@@Behaviour@@QAEXAAVProxyTransfer@@@Z
??$Transfer@VProxyTransfer@@@Component@Unity@@QAEXAAVProxyTransfer@@@Z
??$Transfer@VProxyTransfer@@@GameObject@Unity@@QAEXAAVProxyTransfer@@@Z
??$Transfer@VProxyTransfer@@@GlobalGameManager@@QAEXAAVProxyTransfer@@@Z
??$Transfer@VProxyTransfer@@@LevelGameManager@@QAEXAAVProxyTransfer@@@Z
??$Transfer@VProxyTransfer@@@NamedObject@@QAEXAAVProxyTransfer@@@Z
??$Transfer@VProxyTransfer@@@Object@@IAEXAAVProxyTransfer@@@Z
??$Transfer@VProxyTransfer@@@Renderer@@QAEXAAVProxyTransfer@@@Z
??$Transfer@VRemapPPtrTransfer@@@AnimationEvent@@QAEXAAVRemapPPtrTransfer@@@Z
??$Transfer@VRemapPPtrTransfer@@@Behaviour@@QAEXAAVRemapPPtrTransfer@@@Z
??$Transfer@VRemapPPtrTransfer@@@Component@Unity@@QAEXAAVRemapPPtrTransfer@@@Z
??$Transfer@VRemapPPtrTransfer@@@GameObject@Unity@@QAEXAAVRemapPPtrTransfer@@@Z
??$Transfer@VRemapPPtrTransfer@@@GlobalGameManager@@QAEXAAVRemapPPtrTransfer@@@Z
??$Transfer@VRemapPPtrTransfer@@@LevelGameManager@@QAEXAAVRemapPPtrTransfer@@@Z
??$Transfer@VRemapPPtrTransfer@@@NamedObject@@QAEXAAVRemapPPtrTransfer@@@Z
??$Transfer@VRemapPPtrTransfer@@@Object@@IAEXAAVRemapPPtrTransfer@@@Z
??$Transfer@VRemapPPtrTransfer@@@Renderer@@QAEXAAVRemapPPtrTransfer@@@Z
??$Transfer@VSafeBinaryRead@@@AnimationEvent@@QAEXAAVSafeBinaryRead@@@Z
??$Transfer@VSafeBinaryRead@@@Behaviour@@QAEXAAVSafeBinaryRead@@@Z
??$Transfer@VSafeBinaryRead@@@Component@Unity@@QAEXAAVSafeBinaryRead@@@Z
??$Transfer@VSafeBinaryRead@@@GameObject@Unity@@QAEXAAVSafeBinaryRead@@@Z
??$Transfer@VSafeBinaryRead@@@GlobalGameManager@@QAEXAAVSafeBinaryRead@@@Z
??$Transfer@VSafeBinaryRead@@@LevelGameManager@@QAEXAAVSafeBinaryRead@@@Z
??$Transfer@VSafeBinaryRead@@@NamedObject@@QAEXAAVSafeBinaryRead@@@Z
??$Transfer@VSafeBinaryRead@@@Object@@IAEXAAVSafeBinaryRead@@@Z
??$Transfer@VSafeBinaryRead@@@Renderer@@QAEXAAVSafeBinaryRead@@@Z
AgPmDestroySourceConnection
AgPmEventEnabled
AgPmEventLoggingEnabled
AgPmSubmitEvent
NxCreateCoreSDK

Sections

.text
Size: 8.1MB - Virtual size: 8.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 184KB - Virtual size: 813KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.trace
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 553KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CttowuC
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
files/paul.dll
.dll windows x86

3cba9409e4cef8029c70f0fdcaf9bec8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
GetFileSizeEx
GetFileTime
RtlUnwind
RaiseException
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitThread
SetStdHandle
GetFileType
ExitProcess
HeapSize
GetStdHandle
HeapCreate
HeapDestroy
VirtualFree
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetFullPathNameA
FindFirstFileA
FindClose
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
ReadFile
GetOEMCP
GetCPInfo
GlobalFlags
GetModuleHandleW
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
lstrcmpA
GetThreadLocale
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
CreateEventA
SuspendThread
SetEvent
SetThreadPriority
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MultiByteToWideChar
MulDiv
GetTickCount
lstrlenA
GetModuleHandleA
GetCurrentProcessId
GetCurrentProcess
DuplicateHandle
ResumeThread
GetComputerNameA
GetVersionExA
LoadLibraryA
GetProcAddress
FreeLibrary
GetSystemDirectoryA
GetVolumeInformationA
GlobalMemoryStatus
SystemTimeToFileTime
CreateFileA
SetFilePointer
WriteFile
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateThread
WaitForSingleObject
Sleep
GetTempPathA
GetTempFileNameA
DeleteFileA
GetSystemTimeAsFileTime
CreateMutexA
GetCommandLineA
CloseHandle
CreateProcessA
WritePrivateProfileStringA
CopyFileA
OutputDebugStringA
GetModuleFileNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetLastError
GetExitCodeProcess
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource

user32

SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
IsWindowEnabled
GetNextDlgTabItem
EndDialog
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsWindow
SetFocus
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
GetNextDlgGroupItem
IsWindowVisible
UpdateWindow
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
CharUpperA
ReleaseCapture
EnumWindows
GetWindowThreadProcessId
GetParent
SetForegroundWindow
GetFocus
PostMessageA
wsprintfA
GetSystemMetrics
LoadIconA
GetClientRect
GetWindowRect
IsIconic
SendMessageA
DrawIcon
EnableWindow
SetWindowLongA
KillTimer
SetTimer
GetWindowLongA
PostThreadMessageA
RegisterClipboardFormatA
MessageBeep
SetCapture
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
DestroyMenu
LoadCursorA
GetSysColorBrush
UnregisterClassA
SetWindowContextHelpId
MapDialogRect
SetCursor
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
CharNextA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetMenu
PostQuitMessage

gdi32

DeleteObject
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreateRectRgnIndirect
GetRgnBox
GetMapMode
SetMapMode
RestoreDC
SaveDC
GetTextColor
GetBkColor
GetStockObject
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext

shell32

ShellExecuteA

shlwapi

PathFileExistsA
PathFindFileNameA
UrlUnescapeA
PathIsUNCA
PathStripToRootA
PathFindExtensionA

oledlg

ord8

ole32

CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
CoUninitialize
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject

oleaut32

SysStringLen
SysAllocStringByteLen
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
OleCreateFontIndirect
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocString
SysFreeString

wininet

InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetQueryDataAvailable
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetReadFile
InternetGetLastResponseInfoA
InternetOpenUrlA
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetCloseHandle
InternetCrackUrlA
InternetGetConnectedState

Exports

Exports

CheckIfGameIsPurchased
LockGame
drm_pagui_doit

Sections

.text
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
files/rld.dll
.dll windows x86

373b9bcb510910a35da6bad2c7250681

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
SetEnvironmentVariableA
GetProcAddress
CreateFileA
lstrlenA
WideCharToMultiByte
ReadFile
CreateFileW
lstrlenW
CloseHandle
lstrcpyA
SetFilePointer
VirtualFree
lstrcatA
MultiByteToWideChar
CreateDirectoryA
GetLastError
SetLastError
VirtualAlloc
GetTempPathA
lstrcpynA
GetCurrentProcess
QueryPerformanceCounter
GetModuleHandleA
QueryPerformanceFrequency
GetCurrentProcessId
CreateEventA
ExitProcess
lstrcmpiA
lstrcmpiW
GetThreadContext
lstrcmpA
SetThreadContext
TerminateProcess
VirtualAllocEx
ResumeThread
FreeLibrary
HeapAlloc
HeapCreate
GetModuleFileNameA
GetPrivateProfileStringA
SetEndOfFile
CompareFileTime
UnlockFile
SetEvent
LockFile
GetTickCount
WriteFile
GetProcessTimes
VirtualFreeEx
ReadProcessMemory
GetFileAttributesA
GetFileAttributesW
ExitThread
FlushFileBuffers
OpenEventA
WaitForMultipleObjects
GetFileTime
GetCurrentThreadId
WriteProcessMemory
CreateThread
SetStdHandle
HeapFree
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetFileSize
VirtualProtect

user32

CharLowerA
GetMessageA
SetTimer
RegisterClassExA
PostQuitMessage
KillTimer
SendMessageA
SetWindowLongA
UnregisterClassA
GetWindowLongA
CreateWindowExA
DefWindowProcA
IsWindow
DispatchMessageA
MessageBoxA
wsprintfA

advapi32

OpenProcessToken

userenv

GetUserProfileDirectoryA

Exports

Exports

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.RLD0
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.RLD1
Size: 376KB - Virtual size: 375KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b654900905be998e61425e6b5dc30db5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

version

ole32

shlwapi

advapi32

gdi32

shell32

opengl32

winmm

ws2_32

oleaut32

imm32

dnsapi

iphlpapi

winhttp

hid

msacm32

Exports

Exports

Sections

.text Size: 8.1MB - Virtual size: 8.1MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 184KB - Virtual size: 813KB

.trace Size: 5KB - Virtual size: 5KB

.rsrc Size: 553KB - Virtual size: 552KB

.CttowuC Size: 1024B - Virtual size: 1024B

3cba9409e4cef8029c70f0fdcaf9bec8

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

wininet

Exports

Exports

Sections

.text Size: 284KB - Virtual size: 284KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 11KB - Virtual size: 26KB

.rsrc Size: 48KB - Virtual size: 47KB

.reloc Size: 42KB - Virtual size: 41KB

373b9bcb510910a35da6bad2c7250681

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

userenv

Exports

Exports

Sections

.text Size: 67KB - Virtual size: 67KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 2KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 4B

.RLD0 Size: 2KB - Virtual size: 1KB

.RLD1 Size: 376KB - Virtual size: 375KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 8.1MB - Virtual size: 8.1MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 184KB - Virtual size: 813KB

.trace
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 553KB - Virtual size: 552KB

.CttowuC
Size: 1024B - Virtual size: 1024B

.text
Size: 284KB - Virtual size: 284KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 11KB - Virtual size: 26KB

.rsrc
Size: 48KB - Virtual size: 47KB

.reloc
Size: 42KB - Virtual size: 41KB

.text
Size: 67KB - Virtual size: 67KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 2KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 4B

.RLD0
Size: 2KB - Virtual size: 1KB

.RLD1
Size: 376KB - Virtual size: 375KB

.reloc
Size: 1KB - Virtual size: 1KB