Forager_1[.]0[.]13_A2ZAPK[.]COM[.]apk

Sharing

Copy URL Twitter E-mail

General

Target

Forager_1.0.13_A2ZAPK.COM.apk
Size

128.8MB
MD5

f20bef012b7c1e7004918265a26285bc
SHA1

6c165683271d70a4e113847e799d6a467e7efbb9
SHA256

e150fdf9708d085aa7a391a1aac8c7311d2413da7f2a9d05e38cd18f78de3cf2
SHA512

d028c4c1c4afd4589ab346e03b12a3053ec0b391578314fbef4d2f2c570da3596537a8a64b1734e6fb762890fcba135f9701a18e7a732da7c6edd372b3f57897
SSDEEP

3145728:FJ/TMRrokzSWG+7GQvjGY7Zy6sg0hRvVTu5KOZTJD/Ak:F5OvypPy3P7D

Score

7^/10

Malware Config

Signatures

Requests dangerous framework permissions 2 IoCs

description	ioc
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/gc.dll
unpack001/gmlive-server.exe
unpack001/neko.dll
unpack001/std.ndll

Files

Forager_1.0.13_A2ZAPK.COM.apk
.apk android arch:arm

com.humblebundle.forager

com.humblebundle.forager.RunnerActivity

Activities

com.humblebundle.forager.RunnerActivity

android.intent.action.MAIN

Permissions

android.permission.BLUETOOTH
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.ACCESS_NETWORK_STATE
android.permission.INTERNET
com.android.vending.CHECK_LICENSE
com.android.vending.BILLING
android.permission.READ_EXTERNAL_STORAGE
android.permission.WAKE_LOCK
android.permission.ACCESS_WIFI_STATE
android.permission.FOREGROUND_SERVICE

Services
audiogroup1.dat
chinese.json
chinese_traditional.json
consentform.html
.html .js
data.txt
english.json
french.json
game.droid
gc.dll
.dll windows:4 windows x86 arch:x86

f314ad573c5c860298ea23c4823e87d3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
_beginthreadex
_endthreadex
free
malloc
atol
atoi
_vsnprintf
getenv
_except_handler3
_setjmp3
_errno
exit

kernel32

GetThreadContext
CreateThread
ExitThread
ResumeThread
GetExitCodeThread
SuspendThread
CloseHandle
InterlockedExchange
InterlockedIncrement
DuplicateHandle
GetLastError
SetUnhandledExceptionFilter
VirtualProtect
GlobalFree
GlobalAlloc
GetVersion
VirtualAlloc
VirtualFree
GetSystemInfo
GetTickCount
LeaveCriticalSection
EnterCriticalSection
VirtualQuery
GetCurrentThreadId
DeleteCriticalSection
DebugBreak
WriteFile
CreateFileA
GetModuleFileNameA
GetProcAddress
InitializeCriticalSection
GetModuleHandleA
GetCurrentProcess
SetLastError
GetCurrentThread

user32

MessageBoxA

Exports

Exports

GC_abort
GC_add_roots
GC_all_interior_pointers
GC_allocate_ml
GC_arrays
GC_base
GC_beginthreadex
GC_call_with_alloc_lock
GC_call_with_stack_base
GC_calloc_explicitly_typed
GC_change_stubborn
GC_clear_roots
GC_collect_a_little
GC_debug_change_stubborn
GC_debug_end_stubborn_change
GC_debug_free
GC_debug_invoke_finalizer
GC_debug_malloc
GC_debug_malloc_atomic
GC_debug_malloc_atomic_ignore_off_page
GC_debug_malloc_ignore_off_page
GC_debug_malloc_replacement
GC_debug_malloc_stubborn
GC_debug_malloc_uncollectable
GC_debug_realloc
GC_debug_realloc_replacement
GC_debug_register_displacement
GC_debug_register_finalizer
GC_debug_register_finalizer_ignore_self
GC_debug_register_finalizer_no_order
GC_debug_register_finalizer_unreachable
GC_debug_strdup
GC_disable
GC_dont_expand
GC_dont_gc
GC_dont_precollect
GC_enable
GC_enable_incremental
GC_end_stubborn_change
GC_endthreadex
GC_err_printf
GC_exclude_static_roots
GC_expand_hp
GC_finalize_all
GC_finalize_on_demand
GC_finalizer_notifier
GC_find_leak
GC_fo_entries
GC_free
GC_free_space_divisor
GC_full_freq
GC_gc_no
GC_gcollect
GC_general_register_disappearing_link
GC_get_bytes_since_gc
GC_get_free_bytes
GC_get_heap_size
GC_get_stack_base
GC_get_total_bytes
GC_ignore_self_finalize_mark_proc
GC_incremental_protection_needs
GC_init
GC_invoke_finalizers
GC_is_marked
GC_is_valid_displacement
GC_is_valid_displacement_print_proc
GC_is_visible
GC_is_visible_print_proc
GC_java_finalization
GC_log_printf
GC_make_closure
GC_make_descriptor
GC_malloc
GC_malloc_atomic
GC_malloc_atomic_ignore_off_page
GC_malloc_explicitly_typed
GC_malloc_explicitly_typed_ignore_off_page
GC_malloc_ignore_off_page
GC_malloc_stubborn
GC_malloc_uncollectable
GC_max_retries
GC_need_to_lock
GC_no_dls
GC_non_gc_bytes
GC_noop
GC_noop1
GC_normal_finalize_mark_proc
GC_null_finalize_mark_proc
GC_oom_fn
GC_parallel
GC_post_incr
GC_pre_incr
GC_printf
GC_realloc
GC_register_disappearing_link
GC_register_displacement
GC_register_finalizer
GC_register_finalizer_ignore_self
GC_register_finalizer_inner
GC_register_finalizer_no_order
GC_register_finalizer_unreachable
GC_register_my_thread
GC_same_obj
GC_same_obj_print_proc
GC_set_free_space_divisor
GC_set_max_heap_size
GC_set_warn_proc
GC_should_invoke_finalizers
GC_size
GC_stackbottom
GC_strdup
GC_time_limit
GC_try_to_collect
GC_unreachable_finalize_mark_proc
GC_unregister_disappearing_link
GC_unregister_my_thread
GC_use_DllMain
GC_use_entire_heap
GC_win32_free_heap
_DllMain@12
_GC_CreateThread@24
_GC_ExitThread@4

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
german.json
gmlive-server.exe
.exe windows:6 windows x86 arch:x86

be033b2a4fd78e6c89992cd2db5cb1ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentProcess
GetProcessAffinityMask
SetProcessAffinityMask
GetModuleFileNameA
DecodePointer
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer

neko

neko_vm_set_stats
neko_default_loader
neko_vm_jit
neko_vm_select
neko_exc_stack
neko_vm_alloc
neko_global_free
neko_global_init
neko_val_print
neko_val_buffer
neko_buffer_to_string
neko_buffer_append_char
neko_buffer_append
neko_alloc_buffer
neko_alloc_function
neko_val_callEx
neko_val_ocall0
neko_alloc_field
neko_val_field
neko_val_id
val_null
neko_alloc_array
neko_alloc_string

msvcr120

_except_handler4_common
_controlfp_s
_invoke_watson
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
__crtSetUnhandledExceptionFilter
?terminate@@YAXXZ
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_commode
_fmode
__initenv
free
malloc
__iob_func
fclose
fopen
fprintf
fread
fseek
printf
sprintf
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
_strdup

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 596B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
gmlive.html
.html .js
humblebundle_h264_nopreroll.mp4
japanese.json
korean.json
neko.dll
.dll windows:5 windows x86 arch:x86

b31d55a706d6340d6eebe0e21665cf3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gc

GC_unregister_my_thread
GC_get_stack_base
GC_register_my_thread
_GC_CreateThread@24
GC_register_finalizer_no_order
GC_free
GC_malloc_uncollectable
GC_malloc_atomic_ignore_off_page
GC_malloc_atomic
GC_malloc_ignore_off_page
GC_malloc
GC_get_heap_size
GC_get_free_bytes
GC_gcollect
GC_collect_a_little
GC_set_warn_proc
GC_all_interior_pointers
GC_use_DllMain
GC_java_finalization
GC_init
GC_no_dls
GC_clear_roots

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsProcessorFeaturePresent
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
DeleteCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetModuleHandleA
ReleaseSemaphore
WaitForSingleObject
CloseHandle
CreateSemaphoreA
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue

msvcr100

__dllonexit
_onexit
_except_handler4_common
_crt_debugger_hook
_lock
_unlock
memcpy
memmove
memset
strtol
strtod
_setjmp3
fputs
fflush
fwrite
__iob_func
printf
_CIfmod
longjmp
free
fmod
malloc
_stat64i32
strchr
fopen
strrchr
fclose
sprintf
getenv
atof
fread
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
__clean_type_info_names_internal

Exports

Exports

_neko_failure
neko_alloc
neko_alloc_abstract
neko_alloc_array
neko_alloc_buffer
neko_alloc_empty_string
neko_alloc_field
neko_alloc_float
neko_alloc_function
neko_alloc_int32
neko_alloc_local
neko_alloc_lock
neko_alloc_object
neko_alloc_private
neko_alloc_root
neko_alloc_string
neko_buffer_append
neko_buffer_append_char
neko_buffer_append_sub
neko_buffer_length
neko_buffer_to_string
neko_call_stack
neko_copy_string
neko_default_loader
neko_exc_stack
neko_file_reader
neko_free_local
neko_free_lock
neko_free_root
neko_gc_loop
neko_gc_major
neko_gc_stats
neko_global_free
neko_global_init
neko_id_module
neko_is_big_endian
neko_k_hash
neko_kind_module
neko_kind_share
neko_local_get
neko_local_set
neko_lock_acquire
neko_lock_release
neko_lock_try
neko_read_module
neko_select_file
neko_set_stack_base
neko_string_reader
neko_thread_blocking
neko_thread_create
neko_thread_register
neko_val_buffer
neko_val_call0
neko_val_call1
neko_val_call2
neko_val_call3
neko_val_callEx
neko_val_callN
neko_val_compare
neko_val_field
neko_val_field_name
neko_val_gc
neko_val_hash
neko_val_id
neko_val_iter_fields
neko_val_ocall0
neko_val_ocall1
neko_val_ocall2
neko_val_ocallN
neko_val_print
neko_val_rethrow
neko_val_this
neko_val_throw
neko_vm_alloc
neko_vm_current
neko_vm_custom
neko_vm_dump_stack
neko_vm_execute
neko_vm_jit
neko_vm_redirect
neko_vm_select
neko_vm_set_custom
neko_vm_set_stats
neko_vm_trusted
val_false
val_null
val_true

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
options.ini
portrait_splash.png
.jpg
portuguese.json
russian.json
spanish.json
splash.png
std.ndll
.dll windows:5 windows x86 arch:x86

fcc7d1356904c6bad382177facb20d5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

neko

neko_val_ocall1
neko_lock_release
neko_lock_try
neko_lock_acquire
neko_alloc_lock
neko_free_lock
neko_alloc_root
neko_free_root
neko_call_stack
neko_thread_create
neko_val_callEx
neko_vm_alloc
neko_vm_select
neko_vm_set_custom
neko_vm_custom
neko_val_ocall0
neko_alloc_function
neko_val_ocall2
neko_val_field
neko_alloc_private
neko_val_gc
neko_vm_execute
neko_select_file
neko_buffer_append
neko_file_reader
neko_string_reader
neko_read_module
neko_val_call3
neko_val_call2
neko_vm_trusted
neko_vm_redirect
neko_val_call1
neko_val_print
neko_vm_current
neko_vm_jit
neko_gc_stats
neko_gc_major
neko_gc_loop
neko_is_big_endian
neko_kind_module
neko_k_hash
neko_val_iter_fields
neko_copy_string
neko_alloc_float
neko_val_id
neko_kind_share
neko_alloc_empty_string
val_false
neko_alloc
neko_alloc_array
neko_val_throw
neko_alloc_object
neko_alloc_field
neko_alloc_string
val_null
_neko_failure
neko_buffer_length
neko_alloc_int32
neko_buffer_to_string
neko_buffer_append_sub
neko_buffer_append_char
neko_val_buffer
val_true
neko_alloc_buffer
neko_alloc_abstract

ws2_32

sendto
ioctlsocket
shutdown
setsockopt
getsockname
getpeername
recvfrom
accept
bind
select
__WSAFDIsSet
listen
htons
ntohs
connect
gethostname
gethostbyaddr
inet_ntoa
inet_addr
gethostbyname
recv
send
closesocket
socket
WSAStartup
WSAGetLastError

kernel32

Sleep
FindNextFileA
FindClose
GetCurrentThread
GetThreadTimes
GetProcessTimes
GetSystemTime
SystemTimeToFileTime
GetTickCount
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
QueryPerformanceCounter
DisableThreadLibraryCalls
IsProcessorFeaturePresent
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
WaitForSingleObject
GetExitCodeProcess
WriteFile
ReadFile
GetCurrentProcess
CreatePipe
DuplicateHandle
CreateProcessA
CloseHandle
GetFullPathNameA
GetModuleFileNameA
GetCurrentProcessId
InitializeCriticalSection
CreateSemaphoreA
DeleteCriticalSection
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
FindFirstFileA

user32

SendMessageTimeoutA

msvcr100

_errno
memset
strrchr
memcpy
_CIasin
_CIacos
_CIexp
_CIlog
_CItan
_CIsin
_stat64i32
_CIatan
_CIsqrt
floor
ceil
_CIpow
_CIatan2
__iob_func
fflush
feof
ftell
fseek
fread
fwrite
fclose
fopen
strftime
sscanf
_time64
_mktime64
_localtime64
_gmtime64
getenv
setlocale
system
exit
rename
strchr
_environ
fprintf
free
malloc
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_crt_debugger_hook
_getpid
_putenv
_stricmp
_getcwd
_chdir
_unlink
_mkdir
_rmdir
_getch
_getche
_CIcos

Exports

Exports

__neko_entry_point
base_decode__2
base_encode__2
buffer_add__2
buffer_add_char__2
buffer_add_sub__4
buffer_get_length__1
buffer_new__0
buffer_reset__1
buffer_string__1
date_format__2
date_get_day__1
date_get_hour__1
date_get_tz__0
date_new__1
date_now__0
date_set_day__4
date_set_hour__4
deque_add__2
deque_create__0
deque_pop__2
deque_push__2
double_bytes__2
double_of_bytes__2
elf_update_section_header_for_bytecode__3
enable_jit__1
file_close__1
file_contents__1
file_delete__1
file_eof__1
file_exists__1
file_flush__1
file_full_path__1
file_name__1
file_open__2
file_read__4
file_read_char__1
file_seek__3
file_stderr__0
file_stdin__0
file_stdout__0
file_tell__1
file_write__4
file_write_char__2
float_bytes__2
float_of_bytes__2
gc_stats__0
get_cwd__0
get_env__1
host_local__0
host_resolve__1
host_reverse__1
host_to_string__1
int32_add__2
int32_address__1
int32_and__2
int32_compare__2
int32_complement__1
int32_div__2
int32_mod__2
int32_mul__2
int32_neg__1
int32_new__1
int32_or__2
int32_shl__2
int32_shr__2
int32_sub__2
int32_to_float__1
int32_to_int__1
int32_ushr__2
int32_xor__2
k_thread
lock_create__0
lock_release__1
lock_wait__2
make_md5__1
make_sha1__3
math_abs__1
math_acos__1
math_asin__1
math_atan2__2
math_atan__1
math_ceil__1
math_cos__1
math_exp__1
math_fceil__1
math_ffloor__1
math_floor__1
math_fround__1
math_int__1
math_log__1
math_pi__0
math_pow__2
math_round__1
math_sin__1
math_sqrt__1
math_tan__1
mem_local_size__2
mem_size__1
merge_sort__3
module_code_size__1
module_exec__1
module_exports__1
module_global_get__2
module_global_set__3
module_loader__1
module_name__1
module_nglobals__1
module_read__2
module_read_path__3
module_read_string__2
module_set_name__2
mutex_acquire__1
mutex_create__0
mutex_release__1
mutex_try__1
parse_xml__2
print_redirect__1
process_close__1
process_exit__1
process_kill__1
process_pid__1
process_run__2
process_stderr_read__4
process_stdin_close__1
process_stdin_write__4
process_stdout_read__4
put_env__2
random_float__1
random_int__2
random_new__0
random_set_seed__2
run_gc__1
same_closure__2
serialize__1
set_cwd__1
set_time_locale__1
set_trusted__1
socket_accept__1
socket_bind__3
socket_close__1
socket_connect__3
socket_epoll_alloc__1
socket_epoll_register__3
socket_epoll_unregister__2
socket_epoll_wait__2
socket_host__1
socket_init__0
socket_listen__2
socket_new__1
socket_peer__1
socket_poll__3
socket_poll_alloc__1
socket_poll_events__2
socket_poll_prepare__3
socket_read__1
socket_recv__4
socket_recv_char__1
socket_recv_from__5
socket_select__4
socket_send__4
socket_send_char__2
socket_send_to__5
socket_set_blocking__2
socket_set_fast_send__2
socket_set_timeout__2
socket_shutdown__3
socket_write__2
sprintf__2
string_split__2
sys_command__1
sys_cpu_time__0
sys_create_dir__2
sys_env__0
sys_exe_path__0
sys_exists__1
sys_exit__1
sys_file_type__1
sys_get_pid__0
sys_getch__1
sys_is64__0
sys_read_dir__1
sys_remove_dir__1
sys_rename__2
sys_sleep__1
sys_stat__1
sys_string__0
sys_thread_cpu_time__0
sys_time__0
test__0
thread_create__2
thread_current__0
thread_read_message__1
thread_send__2
thread_stack__1
tls_create__0
tls_get__1
tls_set__2
unicode_buf_add__2
unicode_buf_alloc__2
unicode_buf_content__1
unicode_buf_length__1
unicode_buf_size__1
unicode_compare__3
unicode_convert__3
unicode_get__3
unicode_iter__3
unicode_length__2
unicode_lower__2
unicode_sub__4
unicode_upper__2
unicode_validate__2
unserialize__2
url_decode__1
url_encode__1
utf8_buf_add__2
utf8_buf_alloc__1
utf8_buf_content__1
utf8_buf_length__1
utf8_buf_size__1
utf8_compare__2
utf8_get__2
utf8_iter__2
utf8_length__1
utf8_sub__3
utf8_validate__1
win_env_changed__0

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
thai.json
turkish.json

Android Permissions

Forager_1.0.13_A2ZAPK.COM.apk

Permissions

android.permission.BLUETOOTH

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.ACCESS_NETWORK_STATE

android.permission.INTERNET

com.android.vending.CHECK_LICENSE

com.android.vending.BILLING

android.permission.READ_EXTERNAL_STORAGE

android.permission.WAKE_LOCK

android.permission.ACCESS_WIFI_STATE

android.permission.FOREGROUND_SERVICE

Sharing

General

Malware Config

Signatures

Files

com.humblebundle.forager

com.humblebundle.forager.RunnerActivity

Activities

com.humblebundle.forager.RunnerActivity

Permissions

Services

f314ad573c5c860298ea23c4823e87d3

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 45KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 165KB

.reloc Size: 8KB - Virtual size: 5KB

be033b2a4fd78e6c89992cd2db5cb1ce

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

neko

msvcr120

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1024B - Virtual size: 596B

b31d55a706d6340d6eebe0e21665cf3c

Headers

DLL Characteristics

File Characteristics

Imports

gc

kernel32

msvcr100

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 83KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 4KB - Virtual size: 4KB

fcc7d1356904c6bad382177facb20d5b

Headers

DLL Characteristics

File Characteristics

Imports

neko

ws2_32

kernel32

user32

msvcr100

Exports

Exports

Sections

.text Size: 58KB - Virtual size: 57KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 32KB - Virtual size: 33KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 9KB - Virtual size: 8KB

Android Permissions

Forager_1.0.13_A2ZAPK.COM.apk

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 165KB

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 596B

.text
Size: 84KB - Virtual size: 83KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 58KB - Virtual size: 57KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 32KB - Virtual size: 33KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 9KB - Virtual size: 8KB