ec39b22712650751b901ab2bd6e064845a8698b774486cce476a591735e59452

Sharing

Copy URL Twitter E-mail

General

Target

ec39b22712650751b901ab2bd6e064845a8698b774486cce476a591735e59452
Size

5.2MB
MD5

db3414f148e726a0308202c34d19fb64
SHA1

cda77544a5f2e9b9e41fa595a6f0d2000c88e901
SHA256

ec39b22712650751b901ab2bd6e064845a8698b774486cce476a591735e59452
SHA512

0bc01e9c194a89a1a793d6c11577232b0299181441b43887bb27b92b57aee76fab18d6d94e074e4f3c30f5cdeab97c6ca6934b1644761ff8a329a5ae997e6806
SSDEEP

98304:qMj7dpVnXO+7teJOHlCiFq5I+IcjMTWkSpUaa:q2pVbBxlCi85I+ITWkSpUN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ec39b22712650751b901ab2bd6e064845a8698b774486cce476a591735e59452

Files

ec39b22712650751b901ab2bd6e064845a8698b774486cce476a591735e59452
.exe windows:4 windows x86

7062b4bf7803f707933d6e881e441a0a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetOEMCP
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetLocaleInfoW
GetStdHandle
SetEndOfFile
SetEnvironmentVariableA
Sleep
CreateDirectoryA
DeleteFileA
HeapSize
GetTimeZoneInformation
ReadFile
SetFilePointer
FlushFileBuffers
GetCurrentProcessId
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
IsBadWritePtr
HeapReAlloc
VirtualFree
HeapCreate
HeapDestroy
GetCPInfo
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapAlloc
GetCurrentProcess
TerminateProcess
GetCommandLineA
GetStartupInfoA
GetSystemTimeAsFileTime
ExitProcess
RtlUnwind
InterlockedIncrement
LoadLibraryA
GetProcAddress
FreeLibrary
GetTickCount
GetModuleFileNameA
SetCurrentDirectoryA
GetVersionExA
UnhandledExceptionFilter
InterlockedDecrement
WriteFile
IsProcessorFeaturePresent
GetProcessHeap
HeapFree
CreateFileW
CreateFileA
GetCurrentThreadId
OutputDebugStringA
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
UnmapViewOfFile
MapViewOfFile
GetLastError
CreateFileMappingA
OpenFileMappingA
QueryPerformanceFrequency
QueryPerformanceCounter
VirtualQuery
TerminateThread
CreateThread
lstrlenA
EnterCriticalSection
LeaveCriticalSection
GlobalUnlock
GlobalLock
GlobalAlloc
GetPrivateProfileStringA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
MultiByteToWideChar
WideCharToMultiByte
RaiseException
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
CompareStringA
CompareStringW
FindFirstFileA
WritePrivateProfileStringA
GetPrivateProfileIntA
FindClose
GlobalSize
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetModuleHandleA
GlobalMemoryStatus

user32

GetDlgItemTextA
DefWindowProcA
SetCursor
LoadCursorA
SetFocus
GetClientRect
UpdateWindow
ShowWindow
EndDialog
CreateWindowExA
SetWindowLongA
AdjustWindowRect
SetClassLongA
EnumDisplaySettingsA
ChangeDisplaySettingsA
EnumWindows
IsWindow
IsWindowVisible
GetParent
GetWindowTextLengthA
GetWindowTextA
GetClipboardData
GetKeyboardLayoutNameA
GetWindowRect
MoveWindow
AnimateWindow
DestroyCursor
CreateCursor
SetRect
LoadStringA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
PostMessageA
ShowCursor
DialogBoxParamA
MessageBoxA
GetCapture
SetCapture
ReleaseCapture
GetWindowThreadProcessId
BeginPaint
EndPaint
PostQuitMessage
DestroyWindow
GetFocus
FlashWindowEx
GetDC
ReleaseDC
LoadIconA
RegisterClassExA
GetSystemMetrics
SendMessageA
KillTimer
GetKeyboardState
GetKeyState
GetCursorPos
SetTimer
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
CharNextA
OffsetRect
LoadKeyboardLayoutA

gdi32

GetDeviceCaps

advapi32

RegOpenKeyA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA

shell32

ShellExecuteA

sdident

SDIdent_Fin
SDIdent_Set_Counter
SDIdent_Init
SDIdent_Set_Int

d3d8

Direct3DCreate8

ws2_32

WSARecv
WSAStartup
WSACleanup
WSAGetLastError
inet_addr
socket
shutdown
connect
WSAAsyncSelect
WSASend
closesocket
gethostbyname
htons
setsockopt
ntohs

wininet

InternetReadFile
InternetOpenUrlA
HttpQueryInfoA
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle

winmm

timeBeginPeriod
timeGetDevCaps

ingameframework

?OpenSkyCity@CIGFMgr@@QAEXPAVIIGFCallBack@@PBD@Z
??_7IIGFCallBack@@6B@
??1IIGFDrawCharacter@@UAE@XZ
?CloseSkyCity@CIGFMgr@@QAEXXZ
?WndProc@CIGFMgr@@QAE_NPAUHWND__@@IIJ@Z
?GetSingleton@CIGFMgr@@SAAAV1@XZ
?IsSkyCityOpen@CIGFMgr@@QAE_NXZ
?Render@CIGFMgr@@QAEXXZ
?Recv@CIGFMgr@@QAEXPBDH@Z
?SetIGFCallBack@CIGFMgr@@QAEXPAVIIGFCallBack@@@Z
??_7IIGFDrawCharacter@@6B@

psapi

EnumProcessModules
GetModuleFileNameExA

netapi32

Netbios

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

ijl15

ord3
ord4
ord2

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 184KB - Virtual size: 26.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7062b4bf7803f707933d6e881e441a0a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

sdident

d3d8

ws2_32

wininet

winmm

ingameframework

psapi

netapi32

version

ijl15

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 184KB - Virtual size: 26.6MB

.data1 Size: 4KB - Virtual size: 2KB

.rsrc Size: 8KB - Virtual size: 6KB

.text
Size: 4.0MB - Virtual size: 4.0MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 184KB - Virtual size: 26.6MB

.data1
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 6KB