00f7340f5e7a4fd48a5ab1da02c7899ccd5a46d67d9278f7ca2cbd0755bef61b

Sharing

Copy URL Twitter E-mail

General

Target

00f7340f5e7a4fd48a5ab1da02c7899ccd5a46d67d9278f7ca2cbd0755bef61b
Size

8.8MB
MD5

6bf5d41533f312c374637b3272299854
SHA1

566877c2ad030e753570c835efa849a66aab4e3b
SHA256

00f7340f5e7a4fd48a5ab1da02c7899ccd5a46d67d9278f7ca2cbd0755bef61b
SHA512

871344524166989c15e5a09dd4a556b8a6bcbc48a3c07230d75d8bf90a842bf3698047a765c3cc6f4cf59903653f7e7e4648e0b9d6e1f98089e7b545f25ac3b0
SSDEEP

98304:X89IJGsz/T+g8PAJ7icmdQnEBrdhMDD3Fe8P/B0bbOlSsNTtnOUw:3cAJ7GunAdhM7Fea50bKlSkTN6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00f7340f5e7a4fd48a5ab1da02c7899ccd5a46d67d9278f7ca2cbd0755bef61b

Files

00f7340f5e7a4fd48a5ab1da02c7899ccd5a46d67d9278f7ca2cbd0755bef61b
.exe windows:6 windows x86

52419e1722039bd63bc788487a7c2dae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeGetTime

ws2_32

select
getsockname
bind
__WSAFDIsSet
WSAGetLastError
inet_addr
gethostbyname
inet_ntoa
WSAStartup
socket
setsockopt
sendto
send
recv
ntohs
htons
ioctlsocket
WSACleanup
closesocket
connect

shlwapi

StrToIntW
PathFileExistsA
PathFindFileNameA
PathFindExtensionA

wininet

InternetOpenUrlW
HttpQueryInfoA
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
InternetCloseHandle
InternetOpenA
HttpSendRequestA
InternetReadFile

imm32

ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetCandidateListW
ImmIsIME
ImmGetDescriptionW
ImmGetCompositionStringW
ImmAssociateContext
ImmReleaseContext
ImmGetContext
ImmGetProperty

ddraw

DirectDrawCreate

d3d8

Direct3DCreate8

speedtreert

?SetLightAttributes@CSpeedTreeRT@@SAXIPBM@Z
?SetCamera@CSpeedTreeRT@@SAXPBM0@Z
?SetTime@CSpeedTreeRT@@SAXM@Z
?Authorize@CSpeedTreeRT@@SAXPBD@Z
??0SGeometry@CSpeedTreeRT@@QAE@XZ
??1SGeometry@CSpeedTreeRT@@QAE@XZ
??0STextures@CSpeedTreeRT@@QAE@XZ
??1STextures@CSpeedTreeRT@@QAE@XZ
??0CSpeedTreeRT@@QAE@XZ
??1CSpeedTreeRT@@QAE@XZ
??2CSpeedTreeRT@@SAPAXI@Z
??3CSpeedTreeRT@@SAXPAX@Z
?Compute@CSpeedTreeRT@@QAE_NPBMI_N@Z
?MakeInstance@CSpeedTreeRT@@QAEPAV1@XZ
?LoadTree@CSpeedTreeRT@@QAE_NPBEI@Z
?GetTreeSize@CSpeedTreeRT@@QBEXAAM0@Z
?SetTreeSize@CSpeedTreeRT@@QAEXMM@Z
?SetTreePosition@CSpeedTreeRT@@QAEXMMM@Z
?SetBranchLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetLeafLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetFrondLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetLeafRockingState@CSpeedTreeRT@@QAEX_N@Z
?SetNumLeafRockingGroups@CSpeedTreeRT@@QAEXI@Z
?SetLeafWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetBranchWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetFrondWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetWindStrength@CSpeedTreeRT@@QAEMMMM@Z
?ComputeLodLevel@CSpeedTreeRT@@QAEXXZ
?SetLodLevel@CSpeedTreeRT@@QAEXM@Z
?SetDropToBillboard@CSpeedTreeRT@@SAX_N@Z
?SetLodLimits@CSpeedTreeRT@@QAEXMM@Z
?GetDiscreteLeafLodLevel@CSpeedTreeRT@@QBEGM@Z
?GetNumBranchLodLevels@CSpeedTreeRT@@QBEGXZ
?GetNumLeafLodLevels@CSpeedTreeRT@@QBEGXZ
?GetNumFrondLodLevels@CSpeedTreeRT@@QBEGXZ
?GetGeometry@CSpeedTreeRT@@QAEXAAUSGeometry@1@KFFF@Z
?GetTextures@CSpeedTreeRT@@QBEXAAUSTextures@1@@Z
?SetTextureFlip@CSpeedTreeRT@@SAX_N@Z
?GetBoundingBox@CSpeedTreeRT@@QBEXPAM@Z
?SetLightState@CSpeedTreeRT@@SAXI_N@Z

immwrapper

?Start@AMImmEffect@@QAE_NXZ
?LoadImmEffect@AMImmWrapper@@QAE_NPADPAPAVAMImmEffect@@@Z
?ReleaseImmEffect@AMImmWrapper@@QAE_NAAPAVAMImmEffect@@@Z
??0AMImmWrapper@@QAE@XZ
??1AMImmWrapper@@QAE@XZ
?Init@AMImmWrapper@@QAE_NPAUHINSTANCE__@@PAUHWND__@@PAD2@Z
?Release@AMImmWrapper@@QAE_NXZ
?Stop@AMImmEffect@@QAE_NXZ

kernel32

OpenProcess
VirtualQueryEx
ReadProcessMemory
CreateToolhelp32Snapshot
Process32First
Process32Next
CreateFileA
DeviceIoControl
GlobalMemoryStatusEx
GetComputerNameW
Sleep
GetSystemInfo
GetVersionExW
GlobalMemoryStatus
lstrlenA
HeapAlloc
HeapFree
GetProcessHeap
GetSystemTime
SystemTimeToFileTime
GetModuleHandleW
FlushInstructionCache
ReleaseMutex
CreateMutexW
IsBadWritePtr
GlobalAlloc
GlobalUnlock
GlobalLock
WideCharToMultiByte
DeleteFileA
MultiByteToWideChar
GetCurrentDirectoryW
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
SetEvent
CreateEventW
ExitThread
CreateDirectoryA
FindFirstFileA
FindNextFileA
GetFileSize
ResetEvent
WaitForMultipleObjects
GetExitCodeThread
lstrcpyW
CopyFileA
ReadFile
GetCommandLineW
OutputDebugStringA
ExitProcess
ResumeThread
FindClose
WriteFile
ConnectNamedPipe
CreateNamedPipeW
CreateMutexA
CreateProcessW
GetDiskFreeSpaceA
LoadLibraryW
SignalObjectAndWait
SetThreadPriority
SetThreadPriorityBoost
GetPrivateProfileStringW
WritePrivateProfileStringW
SetCurrentDirectoryA
LoadLibraryA
IsDebuggerPresent
GetVersion
DuplicateHandle
SuspendThread
GetPrivateProfileIntA
OpenFile
ReleaseSemaphore
CreateSemaphoreW
SetLastError
QueueUserAPC
LoadLibraryExW
LoadResource
SizeofResource
FindResourceW
MulDiv
lstrcmpW
lstrcmpiW
IsProcessorFeaturePresent
GetVersionExA
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
SetFilePointer
IsDBCSLeadByteEx
WinExec
CreateFileMappingW
GetProcAddress
GetModuleFileNameW
GetModuleFileNameA
FreeLibrary
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
GetLastError
CloseHandle
CreateFileW
GetFileAttributesA
GetCommandLineA
GetTickCount
TerminateProcess
GetModuleHandleA
VirtualProtect
LoadLibraryExA
VirtualFree
VirtualAlloc
InterlockedPushEntrySList
InterlockedPopEntrySList
EncodePointer
GetStartupInfoW
CreateThread
GetSystemTimeAsFileTime
InitializeSListHead
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
GlobalFree
GetWindowsDirectoryA
IsDBCSLeadByte
GlobalReAlloc
GlobalSize
WaitForSingleObjectEx
GetCurrentDirectoryA
IsBadReadPtr
FormatMessageA
GetLocalTime

user32

DefWindowProcW
wsprintfW
ReleaseCapture
GetCapture
GetGUIThreadInfo
ChangeDisplaySettingsW
LoadIconW
SetCursor
MessageBoxA
EndPaint
BeginPaint
GetForegroundWindow
PeekMessageW
DispatchMessageW
TranslateMessage
SetWindowTextW
SetCursorPos
SetWindowLongW
AdjustWindowRectEx
InvalidateRect
GetAsyncKeyState
GetMenuBarInfo
EnumChildWindows
SetActiveWindow
GetActiveWindow
IsWindow
UnregisterClassW
SendMessageW
GetClassNameW
FindWindowW
GetWindowTextW
IsWindowEnabled
IsZoomed
IsIconic
IsWindowVisible
SetWindowPos
ShowWindow
GetClientRect
PostMessageW
ClientToScreen
GetKeyState
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
ScreenToClient
GetCursorPos
PostQuitMessage
EnumWindows
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
FindWindowA
PtInRect
IsRectEmpty
SetCapture
GetWindow
GetWindowThreadProcessId
GetTopWindow
GetClassNameA
GetWindowTextA
RegisterClassExW
CreateWindowExW
MoveWindow
GetSystemMetrics
UpdateWindow
SetForegroundWindow
AdjustWindowRect
LoadCursorW
MessageBoxW
RegisterWindowMessageW
GetMessageW
CallWindowProcW
GetClassInfoExW
IsChild
DestroyWindow
GetDlgItem
CharNextW
SetFocus
GetFocus
keybd_event
SetTimer
KillTimer
CreateAcceleratorTableW
DestroyAcceleratorTable
GetDC
ReleaseDC
InvalidateRgn
RedrawWindow
GetWindowTextLengthW
GetSysColor
FillRect
SetWindowLongA
GetDesktopWindow
GetParent
GetAncestor
SetRect
IntersectRect
LoadCursorFromFileA
DestroyCursor
GetWindowLongW
RegisterClipboardFormatW
WindowFromDC
CreateWindowExA
EnumThreadWindows
GetWindowDC
IsWindowUnicode
SetCaretPos
GetClipboardData
GetKeyboardLayout
CreateCaret
GetWindowRect

gdi32

CreateEllipticRgn
GetGlyphOutlineW
EnumFontFamiliesExW
CreatePolygonRgn
PtInRegion
CreateFontIndirectW
GetDIBits
CreateFontW
ExtTextOutW
SetTextAlign
SetTextColor
SetBkColor
TextOutA
SetMapMode
GetObjectW
SelectObject
GetTextExtentPoint32W
GetDeviceCaps
CreateDIBSection
DeleteObject
DeleteDC
CreateSolidBrush
CreateCompatibleDC
BitBlt
GetStockObject
CreateCompatibleBitmap

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
GetUserNameW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
RegSetValueExW
RegQueryValueExA
RegOpenKeyA

shell32

Shell_NotifyIconW
SHOpenFolderAndSelectItems
ShellExecuteW
ShellExecuteExA

ole32

OleUninitialize
CoTaskMemFree
CoUninitialize
OleInitialize
CreateStreamOnHGlobal
CoGetClassObject
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
OleLockRunning
CoInitialize

oleaut32

VariantClear
LoadTypeLi
VarUI4FromStr
VariantCopy
SysFreeString
SysAllocString
SysAllocStringLen
SysStringLen
VariantInit
OleCreateFontIndirect
DispCallFunc
LoadRegTypeLi

elementskill

?GetRequiredMoney@ElementSkill@GNET@@SAHIH@Z
?IsGoblinSkill@ElementSkill@GNET@@SA_NI@Z
?GetType@ElementSkill@GNET@@SADI@Z
?IsOverridden@ElementSkill@GNET@@SA_NI@Z
?GetRequiredSp@ElementSkill@GNET@@SAHIH@Z
?GetRequiredRealmLevel@ElementSkill@GNET@@SAHIH@Z
?GetAbility@ElementSkill@GNET@@SAHI@Z
?GetMaxAbility@ElementSkill@GNET@@SAHIH@Z
?IsMovingSkill@ElementSkill@GNET@@SA_NI@Z
?NextSkill@ElementSkill@GNET@@SAII@Z
?GetInherentSkills@ElementSkill@GNET@@SAABV?$vector@IV?$allocator@I@std@@@std@@H@Z
?GetIcon@ElementSkill@GNET@@SAPBDI@Z
?GetRequiredLevel@ElementSkill@GNET@@SAHIH@Z
?GetComboSkPreSkill@ElementSkill@GNET@@SAHI@Z
?InitStaticData@ElementSkill@GNET@@SAXXZ
?GetNativeName@ElementSkill@GNET@@SAPBDI@Z
?GetRequiredBook@ElementSkill@GNET@@SAHIH@Z
?GetExecuteTime@ElementSkill@GNET@@SAHIH@Z
?GetVersion@ElementSkill@GNET@@SAHXZ
?GoblinCondition@ElementSkill@GNET@@SAHIAAUGoblinUseRequirement@2@H@Z
?GetComboSkActivated@ElementSkill@GNET@@SAXABUComboSkillState@2@AAV?$vector@U?$pair@IH@std@@V?$allocator@U?$pair@IH@std@@@2@@std@@@Z
?SetAbility@ElementSkill@GNET@@SAHIH@Z
?SetLevel@ElementSkill@GNET@@SAHIH@Z
?LoadSkillData@ElementSkill@GNET@@SAXPAX@Z
?LearnCondition@ElementSkill@GNET@@SAHIAAULearnRequirement@2@H@Z
?Condition@ElementSkill@GNET@@SAHIAAUUseRequirement@2@H@Z
?PetLearn@ElementSkill@GNET@@SAHIAAUPetRequirement@2@H@Z
?GetAbilityPercent@ElementSkill@GNET@@SAHI@Z
?Create@ElementSkill@GNET@@SAPAV12@IH@Z
?Destroy@ElementSkill@GNET@@QAEXXZ
?GoblinLearn@ElementSkill@GNET@@SAHIAAUGoblinRequirement@2@H@Z
?GetEffect@ElementSkill@GNET@@SAPBDI@Z
?Query@VisibleState@GNET@@SAPBV12@HH@Z
?GetName@ElementSkill@GNET@@SAPB_WI@Z
?GetCommonCoolDown@ElementSkill@GNET@@SAHI@Z
?Query@TeamState@GNET@@SAPBV12@H@Z

msvcp140

?id@?$ctype@_W@std@@2V0locale@2@A
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?_Xlength_error@std@@YAXPBD@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Xout_of_range@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
??Bid@locale@std@@QAEIXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?widen@?$ctype@_W@std@@QBE_WD@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z

iphlpapi

GetAdaptersAddresses

urlmon

URLDownloadToFileW

vcruntime140

memmove
__RTDynamicCast
memchr
_local_unwind4
wcsstr
wcsrchr
wcschr
__std_type_info_name
__CxxFrameHandler
longjmp
_setjmp3
__current_exception
__current_exception_context
_except_handler4_common
__std_terminate
strrchr
__CxxFrameHandler3
_CxxThrowException
memcpy
memset
_purecall
strstr
strchr
__std_exception_destroy
__std_exception_copy

api-ms-win-crt-utility-l1-1-0

srand
qsort
rand

api-ms-win-crt-math-l1-1-0

_libm_sse2_sqrt_precise
_libm_sse2_acos_precise
_libm_sse2_cos_precise
_libm_sse2_asin_precise
_libm_sse2_sin_precise
_CIacos
_finite
_ftol
_CIpow
__setusermatherr
_libm_sse2_atan_precise
_libm_sse2_tan_precise
floor
ceil
_libm_sse2_exp_precise
_CIcosh
modf
_CIatan2
_libm_sse2_pow_precise
_CIfmod
_CIsinh
_isnan
_libm_sse2_log10_precise
frexp
ldexp
_libm_sse2_log_precise
_CItanh

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__stdio_common_vfscanf
_popen
tmpfile
getc
_pclose
clearerr
__acrt_iob_func
ferror
freopen
__p__commode
tmpnam
_fileno
fread
fflush
__stdio_common_vfwprintf
__stdio_common_vfprintf
__stdio_common_vswscanf
fseek
__stdio_common_vsscanf
ftell
__stdio_common_vswprintf
__stdio_common_vsprintf
fwrite
fopen
fclose
__stdio_common_vswprintf_s
setvbuf
ungetc
fputs
fgetwc
fgetws
feof
fgets

api-ms-win-crt-time-l1-1-0

_localtime32
_localtime32_s
_mktime32
_gmtime32
_difftime64
clock
_mktime64
strftime
_gmtime64
_time32
_time64
asctime
_localtime64

api-ms-win-crt-string-l1-1-0

iscntrl
isalnum
isalpha
strncat
_strlwr
_wcsicmp
strcoll
_strupr
isdigit
_strnicmp
_wcslwr
islower
wcsncpy_s
ispunct
isxdigit
isspace
isupper
strpbrk
tolower
toupper
wcsncat
iswdigit
strcspn
_stricmp
wcsncmp
_wcsupr
strncpy
wcsncpy
strncmp
_strdup

api-ms-win-crt-filesystem-l1-1-0

rename
_fstat64i32
_wremove
_splitpath
_stat32
_rmdir
_findfirst32
remove
_mkdir
_findclose
_findnext64i32
_access
_stat64i32
_findfirst64i32
_findnext32

api-ms-win-crt-convert-l1-1-0

_wtoi
atoi
atof
atol
strtod
_itow
strtoul
_itoa

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
strerror
_register_onexit_function
_initialize_onexit_table
_controlfp_s
_beginthreadex
_beginthread
_invalid_parameter_noinfo_noreturn
_seh_filter_exe
_set_app_type
exit
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
_exit
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_resetstkoflw
_errno
system
_invalid_parameter_noinfo
terminate

api-ms-win-crt-heap-l1-1-0

malloc
realloc
calloc
_set_new_mode
free
_recalloc
_callnewh

api-ms-win-crt-locale-l1-1-0

setlocale
localeconv
_configthreadlocale

dsound

ord11

ftdriver

?CreateFTManager@@YAPAVIFTManager@@HHH@Z

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: 7.1MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 228KB - Virtual size: 432KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 459KB - Virtual size: 459KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

52419e1722039bd63bc788487a7c2dae

Headers

DLL Characteristics

File Characteristics

Imports

winmm

ws2_32

shlwapi

wininet

imm32

ddraw

d3d8

speedtreert

immwrapper

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

elementskill

msvcp140

iphlpapi

urlmon

vcruntime140

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

dsound

ftdriver

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 7.1MB - Virtual size: 7.1MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 228KB - Virtual size: 432KB

.data1 Size: 2KB - Virtual size: 2KB

_RDATA Size: 512B - Virtual size: 48B

.rsrc Size: 32KB - Virtual size: 32KB

.reloc Size: 459KB - Virtual size: 459KB

.text
Size: 7.1MB - Virtual size: 7.1MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 228KB - Virtual size: 432KB

.data1
Size: 2KB - Virtual size: 2KB

_RDATA
Size: 512B - Virtual size: 48B

.rsrc
Size: 32KB - Virtual size: 32KB

.reloc
Size: 459KB - Virtual size: 459KB