gmailcrt[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

gmailcrt.zip
Size

11.0MB
MD5

f1afc23cce3370959ca5f4c08361c61c
SHA1

e9de3f0d4f6f1e7805f2b5b7a16674af60b737a0
SHA256

aa878d2e9269e103a3ec8143dfa7027d5586e920379b9ae2308a99f80d5268e1
SHA512

ce2b063049850d13fa5f2ec6f6963aeeabf6b10a50113683f20e2a37674285efeea1fad9dedd09345dfb4d1ee187fa8b0552507fdfe5df3508549f4e8393014f
SSDEEP

196608:qjgW/CBSlKBdLd4qJl2KzpAlsvvCAiDZfM4AJd43lrNqX1L5WciP2:A+Ss/j2eIsIZfMYlYXZ5Lie

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/gmailcrt.exe	pyinstaller

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/gmailcrt.exe
unpack001/resources/dinput8.dll
unpack001/resources/game.dll

Files

gmailcrt.zip
.zip
ReadME.txt
gmailcrt.exe
.exe windows x64

0b5552dccd9d0a834cea55c0c8fc05be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateWindowExW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW

comctl32

ord380

kernel32

GetStringTypeW
GetFileAttributesExW
HeapReAlloc
FlushFileBuffers
GetCurrentDirectoryW
IsValidCodePage
GetACP
GetModuleHandleW
MulDiv
GetLastError
SetDllDirectoryW
GetModuleFileNameW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
GetOEMCP
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetEnvironmentVariableW
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
SetEndOfFile
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW

advapi32

OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

gdi32

SelectObject
DeleteObject
CreateFontIndirectW

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
indircalistir.pyc
resources/dinput8.dll
.dll regsvr32 windows x64

f5f209429dbaeaca1f662a16f3114287

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

malloc
free
_vsnwprintf
__C_specific_handler
_wsplitpath_s
_wcsnicmp
iswctype
towupper
_XcptFilter
_amsg_exit
_initterm
strchr
atan2
cos
memcmp
memcpy
memset
sin
sqrt

kernel32

lstrlenW
GetSystemTimeAsFileTime
EnterCriticalSection
GetCurrentThreadId
LeaveCriticalSection
SetEvent
DeleteCriticalSection
ResetEvent
WideCharToMultiByte
GetCurrentProcessId
lstrcmpW
WaitForSingleObject
FreeLibraryAndExitThread
LoadLibraryW
CreateEventW
CreateThread
SetThreadPriority
WaitForMultipleObjects
lstrcmpiW
ReadFileEx
GetCurrentProcess
DuplicateHandle
MulDiv
GetFileSize
GetVersion
LocalReAlloc
LocalAlloc
SleepEx
ResumeThread
DisableThreadLibraryCalls
GetProcAddress
UnmapViewOfFile
MultiByteToWideChar
CompareFileTime
lstrlenA
Sleep
GetWindowsDirectoryW
GetPrivateProfileStringW
GetSystemDirectoryW
WriteFileEx
HeapAlloc
GetProcessHeap
HeapFree
DeviceIoControl
GetLocalTime
SystemTimeToFileTime
CreateMutexW
CreateFileMappingW
MapViewOfFile
FindResourceW
LoadResource
CreateProcessW
InitializeCriticalSection
GetVersionExW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
SetFilePointer
ReadFile
CreateFileW
GetFullPathNameW
GetModuleHandleW
GetModuleFileNameW
LocalFree
FreeLibrary
GetTickCount
CloseHandle
GetLastError
CreateFileA
GetFullPathNameA
ReleaseMutex

advapi32

RegSetValueExW
GetSecurityInfo
RegDeleteKeyW
SetEntriesInAclW
GetUserNameW
FreeSid
SetSecurityDescriptorControl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAceEx
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
RegSetKeySecurity
RegEnumKeyExW
RegCreateKeyExW
RegEnumValueW
RegQueryValueW
EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyW
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyW

user32

TranslateMessage
GetKeyNameTextW
ToUnicodeEx
MapVirtualKeyExW
GetKeyboardLayout
GetActiveWindow
IsWindow
CallWindowProcW
SetPropW
RemovePropW
GetPropW
GetWindowLongPtrW
SetWindowLongPtrW
ord2597
RegisterWindowMessageW
IsRectEmpty
SubtractRect
GetRawInputDeviceList
GetRawInputDeviceInfoW
GetKeyboardType
CharUpperW
PostMessageW
UnhookWindowsHookEx
CallNextHookEx
GetForegroundWindow
IsIconic
GetWindowThreadProcessId
SetWindowsHookExW
GetWindowLongW
PostThreadMessageW
MsgWaitForMultipleObjects
DefWindowProcW
LoadCursorW
LoadIconW
RegisterClassW
CreateWindowExW
GetInputState
SetTimer
PeekMessageW
DispatchMessageW
DestroyWindow
SystemParametersInfoW
GetClientRect
MapWindowPoints
GetWindowRect
GetDesktopWindow
IntersectRect
SetCapture
ShowCursor
ClipCursor
GetAsyncKeyState
mouse_event
SetCursorPos
ReleaseCapture
GetMessageTime
SendNotifyMessageW
GetSystemMetrics
GetCursorPos
MapVirtualKeyW
LoadStringW
keybd_event

Exports

Exports

DirectInput8Create
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetdfDIJoystick

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/game.dll
.dll windows x86

4cb10f9fc287fea276ff79fc03c79a7b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_Add
ImageList_Replace
ImageList_DragMove
ImageList_EndDrag
ImageList_Destroy
_TrackMouseEvent
ImageList_Create
ImageList_DragShowNolock
ImageList_GetImageCount
InitCommonControlsEx

winmm

timeGetTime

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualProtect
FlushInstructionCache
VirtualFree
GetLogicalDriveStringsA
GetDriveTypeA
SuspendThread
ResumeThread
GlobalAlloc
GlobalFree
GlobalSize
GlobalLock
GlobalUnlock
TerminateThread
GetQueuedCompletionStatus
CreateIoCompletionPort
PostQueuedCompletionStatus
InterlockedDecrement
InterlockedIncrement
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
GetCurrentThreadId
CreateSemaphoreA
ReleaseMutex
OpenMutexA
CreateMutexA
ReleaseSemaphore
WaitForMultipleObjects
DuplicateHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ResetEvent
WaitForSingleObject
GetDiskFreeSpaceA
FindFirstFileA
FindNextFileA
FindClose
SetCurrentDirectoryA
RemoveDirectoryA
CreateDirectoryA
CopyFileA
MoveFileA
SetFileAttributesA
SetEndOfFile
SetFileTime
GetFileTime
GetFileSize
SetFilePointer
FlushFileBuffers
ReadFile
SetEvent
GetModuleHandleA
MultiByteToWideChar
GetACP
Sleep
OutputDebugStringA
GetLastError
WideCharToMultiByte
InterlockedExchange
InterlockedCompareExchange
WriteFile
CreateFileA
DeleteFileA
IsDebuggerPresent
CreateProcessA
GetUserDefaultLangID
GetTimeZoneInformation
GetUserDefaultLCID
GetSystemDefaultLangID
GetLocaleInfoA
QueryPerformanceFrequency
QueryPerformanceCounter
SetThreadPriority
GetThreadPriority
GetCurrentThread
GetTickCount
SystemTimeToFileTime
GetSystemTime
CompareFileTime
GetLocalTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTimeFormatA
GetDateFormatA
GetCommandLineA
GetModuleFileNameA
GetWindowsDirectoryA
GetFileAttributesA
GetSystemInfo
GetVersionExA
GetComputerNameA
CloseHandle
GlobalMemoryStatus
CreateEventA
OpenEventA
GetProcAddress
FreeLibrary
LoadLibraryA
GetCurrentProcess
LocalFree
FormatMessageA
GetSystemTimeAsFileTime
GetCurrentProcessId
DisableThreadLibraryCalls

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameA
FreeSid
RegSetValueExA

wininet

InternetCanonicalizeUrlA

storm

ord275
ord580
ord537
ord534
ord525
ord524
ord291
ord406
ord428
ord619
ord628
ord621
ord607
ord622
ord636
ord601
ord633
ord603
ord638
ord609
ord612
ord403
ord293
ord252
ord263
ord253
ord267
ord266
ord270
ord423
ord151
ord264
ord268
ord300
ord578
ord465
ord401
ord422
ord503
ord501
ord405
ord426
ord425
ord507
ord509
ord543
ord542
ord541
ord548
ord280
ord504
ord279
ord587
ord545
ord572
ord470
ord496
ord590
ord272
ord568
ord469
ord460
ord565
ord567
ord585
ord289
ord506
ord576
ord281
ord288
ord575
ord508
ord571
ord574
ord570
ord581
ord589
ord482
ord510
ord295
ord579
ord596
ord461
ord553
ord595
ord551
ord552
ord472
ord474
ord479
ord476
ord569
ord577
ord462
ord463
ord269
ord265
ord586
ord424
ord502
ord421
ord597
ord563
ord624
ord606
ord584
ord471
ord251
ord294
ord302
ord271
ord544

ijl15

ord2
ord4
ord3

msvcr80

_CIexp
_CIatan
_CItan
iswspace
isalnum
strncpy
malloc
realloc
fread
fseek
ftell
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?terminate@@YAXXZ
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
strstr
isupper
isdigit
_CIacos
sprintf
setvbuf
_beginthreadex
_CIlog10
_clearfp
_control87
free
calloc
strncmp
_time64
exit
__iob_func
fprintf
vfprintf
fputc
fputs
putc
toupper
strtoul
srand
sscanf
atof
printf
rand
floor
fopen
fwrite
fclose
_ismbcspace
_HUGE
ceil
_CIatan2
_CIasin
_mbsstr
_itoa
atoi
memmove
qsort
_CIpow
isprint
memcpy
_CIsqrt
_CIsin
_CIcos
strtol
_vsnprintf
memset
atol
__CxxFrameHandler3
_purecall
_ctime64
_CIfmod

wsock32

accept
WSACleanup
closesocket
htons
getpeername
getsockname
listen
bind
setsockopt
inet_ntoa
socket
WSAStartup
sendto
recvfrom
WSAGetLastError
recv
ioctlsocket
select
ntohs
inet_addr
ntohl
gethostbyname
gethostname
send
connect

mss32

_AIL_set_stream_user_data@12
_AIL_register_stream_callback@8
_AIL_set_sequence_user_data@12
_AIL_register_sequence_callback@8
_AIL_DLS_load_memory@12
_AIL_set_3D_sample_effects_level@8
_AIL_set_3D_sample_cone@16
_AIL_set_3D_sample_distances@12
_AIL_3D_sample_attribute@12
_AIL_set_3D_sample_preference@12
_AIL_open_stream@12
_AIL_shutdown@0
_AIL_mem_use_malloc@4
_AIL_mem_use_free@4
_AIL_set_redist_directory@4
_AIL_startup@0
_AIL_open_digital_driver@16
_AIL_set_file_callbacks@16
_AIL_open_XMIDI_driver@4
_AIL_DLS_open@28
_AIL_set_3D_orientation@28
_AIL_DLS_unload@8
_AIL_set_3D_position@16
_AIL_digital_CPU_percent@4
_AIL_set_3D_speaker_type@8
_AIL_set_3D_provider_preference@12
_AIL_set_3D_room_type@8
_AIL_set_XMIDI_master_volume@8
_AIL_open_3D_provider@4
_AIL_last_error@0
_AIL_open_3D_listener@4
_AIL_set_3D_distance_factor@8
_AIL_enumerate_3D_providers@12
_AIL_file_type@8
_AIL_MIDI_to_XMI@20
_AIL_init_sequence@12
_AIL_sequence_ms_position@12
_AIL_mem_free_lock@4
_AIL_init_sample@4
_AIL_set_named_sample_file@20
_AIL_WAV_info@8
_AIL_sample_ms_position@12
_AIL_close_3D_listener@4
_AIL_close_3D_provider@4
_AIL_DLS_close@8
_AIL_close_XMIDI_driver@4
_AIL_close_digital_driver@4
_AIL_stream_status@4
_AIL_sample_position@4
_AIL_3D_sample_offset@4
_AIL_stream_position@4
_AIL_register_EOS_callback@8
_AIL_3D_sample_length@4
_AIL_set_sample_ms_position@8
_AIL_set_stream_ms_position@8
_AIL_set_sample_playback_rate@8
_AIL_sample_playback_rate@4
_AIL_set_3D_sample_playback_rate@8
_AIL_3D_sample_playback_rate@4
_AIL_set_stream_playback_rate@8
_AIL_stream_playback_rate@4
_AIL_set_3D_sample_obstruction@8
_AIL_3D_user_data@8
_AIL_sample_user_data@8
_AIL_stream_user_data@8
_AIL_sequence_user_data@8
_AIL_set_sample_volume@8
_AIL_set_3D_sample_volume@8
_AIL_set_stream_volume@8
_AIL_set_sequence_volume@12
_AIL_extract_DLS@28
_AIL_find_DLS@24
_AIL_decompress_ASI@24
_AIL_decompress_ADPCM@12
_AIL_set_sequence_loop_count@8
_AIL_DLS_compact@4
_AIL_start_sequence@4
_AIL_set_sample_loop_count@8
_AIL_resume_sample@4
_AIL_start_sample@4
_AIL_set_3D_sample_info@8
_AIL_set_3D_sample_loop_count@8
_AIL_set_sample_user_data@12
_AIL_register_3D_EOS_callback@8
_AIL_set_3D_user_data@12
_AIL_sample_status@4
_AIL_3D_sample_status@4
_AIL_resume_3D_sample@4
_AIL_stop_sample@4
_AIL_stop_3D_sample@4
_AIL_stop_sequence@4
_AIL_release_3D_sample_handle@4
_AIL_release_sample_handle@4
_AIL_release_sequence_handle@4
_AIL_close_stream@4
_AIL_allocate_sequence_handle@4
_AIL_allocate_sample_handle@4
_AIL_allocate_3D_sample_handle@4
_AIL_end_sample@4
_AIL_end_3D_sample@4
_AIL_end_sequence@4
_AIL_set_3D_sample_occlusion@8
_AIL_set_stream_pan@8
_AIL_set_sample_pan@8
_AIL_set_3D_velocity@20
_AIL_set_stream_loop_count@8
_AIL_pause_stream@8
_AIL_stream_ms_position@12
_AIL_sequence_status@4
_AIL_resume_sequence@4

opengl32

glColorMaterial
wglCreateContext
wglDeleteContext
glGetString
glGetIntegerv
wglGetProcAddress
glDeleteTextures
glVertexPointer
glNormalPointer
glNormal3fv
glColorPointer
glDrawElements
glTexCoordPointer
glViewport
glDepthRange
glScissor
glMatrixMode
glLoadMatrixf
glFinish
wglSwapLayerBuffers
glReadBuffer
glReadPixels
glClearColor
glClear
glPolygonOffset
glMaterialfv
glLightModelfv
glTexGeni
wglMakeCurrent
glLightfv
glLightf
glDepthFunc
glDrawBuffer
glFogi
glFogf
glFogfv
glDepthMask
glTexEnvi
glDisable
glDisableClientState
glEnable
glEnableClientState
glBlendFunc
glAlphaFunc
glGenTextures
glBindTexture
glTexParameteri
glPixelStorei
glTexImage2D
glTexSubImage2D

imm32

ImmAssociateContextEx
ImmGetContext
ImmNotifyIME
ImmGetCandidateListA
ImmGetConversionStatus
ImmGetCompositionStringA
ImmReleaseContext
ImmGetOpenStatus
ImmAssociateContext

user32

GetActiveWindow
IsWindowEnabled
IsWindowVisible
GetParent
DrawMenuBar
GetMenuItemInfoA
SetMenuItemInfoA
GetMenuItemCount
KillTimer
RemovePropA
SetPropA
GetPropA
SendMessageA
GetForegroundWindow
CallWindowProcA
RegisterClassA
FillRect
SetTimer
InvalidateRect
ShowCursor
GetMessageA
TranslateMessage
DispatchMessageA
ChangeDisplaySettingsA
GetClientRect
PostMessageA
SetFocus
LoadImageA
LoadCursorA
RegisterClassExA
EmptyClipboard
SetClipboardData
ScreenToClient
ClientToScreen
CreateDialogIndirectParamA
DeleteMenu
TranslateAcceleratorA
MessageBoxA
DrawFocusRect
DrawTextA
SetWindowTextA
PeekMessageA
IsDialogMessageA
SetParent
CreateAcceleratorTableA
DestroyAcceleratorTable
SetMenu
InsertMenuItemA
CreatePopupMenu
CreateMenu
SetCapture
GetMenu
DestroyMenu
SystemParametersInfoA
WindowFromPoint
ReleaseCapture
GetClassLongA
TrackPopupMenu
GetWindow
GetDesktopWindow
SetForegroundWindow
GetDCEx
UpdateWindow
GetKeyState
MessageBeep
SetWindowPlacement
GetWindowPlacement
EnableWindow
SetActiveWindow
SetClassLongA
DestroyIcon
GetWindowTextA
SetCursor
SetScrollPos
GetScrollInfo
SetScrollInfo
OpenClipboard
GetClipboardData
CloseClipboard
GetSysColor
GetSysColorBrush
GetWindowTextLengthA
GetFocus
SetCursorPos
GetCursorPos
GetWindowRect
ClipCursor
UnregisterClassA
DestroyWindow
ShowWindow
SetWindowPos
ChangeDisplaySettingsExA
EnumDisplaySettingsA
EnumDisplayDevicesA
ReleaseDC
GetDC
DefWindowProcA
EndPaint
BeginPaint
SetWindowLongA
GetWindowLongA
MapWindowPoints
CreateWindowExA
GetWindowInfo

gdi32

CreateDIBitmap
SetDeviceGammaRamp
GetDeviceGammaRamp
CreateFontA
GetStockObject
TextOutW
SelectObject
CreatePen
MoveToEx
LineTo
GetTextExtentPoint32A
CreateRectRgnIndirect
CombineRgn
SetBkMode
GetBkColor
CreateSolidBrush
FillRgn
GetDeviceCaps
ChoosePixelFormat
DescribePixelFormat
SetPixelFormat
DeleteObject
SetBkColor
SetTextColor
SetTextAlign

shell32

SHGetPathFromIDListA
ShellExecuteA
FindExecutableA
DragQueryFileA
DragAcceptFiles
SHBrowseForFolderA
SHGetMalloc

ole32

CoUninitialize
CoCreateInstance
CoInitialize

Exports

Exports

GameMain

Sections

.text
Size: 8.4MB - Virtual size: 8.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 384KB - Virtual size: 609KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 816KB - Virtual size: 812KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b5552dccd9d0a834cea55c0c8fc05be

Headers

DLL Characteristics

File Characteristics

Imports

user32

comctl32

kernel32

advapi32

gdi32

Sections

.text Size: 162KB - Virtual size: 162KB

.rdata Size: 75KB - Virtual size: 74KB

.data Size: 3KB - Virtual size: 64KB

.pdata Size: 8KB - Virtual size: 8KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 68KB - Virtual size: 67KB

.reloc Size: 2KB - Virtual size: 1KB

f5f209429dbaeaca1f662a16f3114287

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

advapi32

user32

Exports

Exports

Sections

.text Size: 156KB - Virtual size: 156KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 10KB - Virtual size: 48KB

.pdata Size: 9KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 1KB - Virtual size: 1KB

4cb10f9fc287fea276ff79fc03c79a7b

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

winmm

kernel32

comdlg32

advapi32

wininet

storm

ijl15

msvcr80

wsock32

mss32

opengl32

imm32

user32

gdi32

shell32

ole32

Exports

Exports

Sections

.text Size: 8.4MB - Virtual size: 8.4MB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 384KB - Virtual size: 609KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 816KB - Virtual size: 812KB

.text
Size: 162KB - Virtual size: 162KB

.rdata
Size: 75KB - Virtual size: 74KB

.data
Size: 3KB - Virtual size: 64KB

.pdata
Size: 8KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 68KB - Virtual size: 67KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 156KB - Virtual size: 156KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 10KB - Virtual size: 48KB

.pdata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 8.4MB - Virtual size: 8.4MB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 384KB - Virtual size: 609KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 816KB - Virtual size: 812KB