0bf13d51a4542e5b17b3318503fb16edd993a965dea81eb028e01bfc673db55f

Sharing

Copy URL

Twitter E-mail

General

Target

0bf13d51a4542e5b17b3318503fb16edd993a965dea81eb028e01bfc673db55f
Size

361KB
MD5

89c449878f4c81d9dccab69e879956a3
SHA1

fcb6c1f577846640a9e1a1f67129559191a21c72
SHA256

0bf13d51a4542e5b17b3318503fb16edd993a965dea81eb028e01bfc673db55f
SHA512

8bab13935b37bf5081b40f8c318829e6cf69b72822b582cc697c4329fa0f3964795fa6a9aed90028124b28f388a0aa34293fd677114b7b31ca65a8f9090d4c67
SSDEEP

6144:IglLc5q/sGnKQTNIFe1v2QcTz4Rkd3+Zl:IglL8GKANIFeu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0bf13d51a4542e5b17b3318503fb16edd993a965dea81eb028e01bfc673db55f

Files

0bf13d51a4542e5b17b3318503fb16edd993a965dea81eb028e01bfc673db55f
.exe windows:6 windows x86 arch:x86

00de9d2244e7948d2d71d81ecd92eb82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

entitiesmp

?CheckEntityVersion@@YAXXZ

kernel32

LoadLibraryA
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
lstrcmpW
MoveFileA
GetSystemDefaultLangID
CreateToolhelp32Snapshot
Process32First
Process32Next
CreateEventA
SetEvent
GetLastError
Sleep
GetModuleFileNameA
CloseHandle
FindNextFileA
FindClose
FindFirstFileA
SetCurrentDirectoryA
GetFullPathNameA
OpenEventA
WaitForSingleObject
OpenFileMappingA
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetProcAddress
FreeLibrary
OpenProcess
CreateThread
TerminateProcess
DeleteFileA
CreateFileA
GetCurrentDirectoryA
GetCurrentProcessId
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW

user32

CreateWindowExA
DestroyWindow
ShowWindow
RegisterClassExA
DefWindowProcA
InvalidateRect
RegisterClassA
LoadCursorA
SetClassLongA
ShowCursor
MessageBoxW
IsIconic
SendMessageA
PeekMessageA
DispatchMessageA
TranslateMessage
ChangeDisplaySettingsA
LoadIconA
CreateDialogParamA
SetFocus
GetSystemMetrics
UpdateWindow
GetDC
ReleaseDC
BeginPaint
EndPaint
GetClientRect
GetWindowRect
MessageBoxA
FillRect
SetWindowLongA
GetDesktopWindow
LoadBitmapA
SetWindowPos

gdi32

GetDeviceCaps
GetStockObject
GetObjectA
BitBlt
CreateCompatibleDC
DeleteDC
SelectObject
DeleteObject

msvcp140

??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_W_Getmonths@_Locinfo@std@@QBEPBGXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAJ@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xbad_alloc@std@@YAXXZ
_Mbrtowc
?_W_Getdays@_Locinfo@std@@QBEPBGXZ

engine

??0CDrawPort@@QAE@XZ
??0CTFileName@@QAE@PBDH@Z
?SetValue@CShell@@QAEXABVCTString@@0@Z
?GetValue@CShell@@QAE?AVCTString@@ABV2@@Z
?GetLine_t@CTStream@@QAEXAAVCTString@@D@Z
?TranslateConst@@YAPBDPBDJ@Z
?TrimSpacesRight@CTString@@QAEJXZ
?RemovePrefix@CTString@@QAEHABV1@@Z
?Clear@CTString@@QAEXXZ
?DeleteSelf@CEntity@@QAEXXZ
?g_bNoPlaySnd@@3HA
?g_fFramePerSecond@@3MA
?g_iCountry@@3JA
?snd_iFormat@@3JA
?g_szExitError@@3PADA
?_pEntityClassStock@@3PAVCStock_CEntityClass@@A
?g_bNasTrans@@3HA
?g_nmVER@@3VCTString@@A
?g_nmCID@@3VCTString@@A
?g_nmPW@@3VCTString@@A
?g_nmID@@3VCTString@@A
?g_bAutoLogin@@3HA
?g_bAgree@@3JA
?sam_bWideScreen@@3JA
?sam_iGfxAPI@@3JA
?sam_iDisplayAdapter@@3JA
?sam_iDisplayDepth@@3JA
?sam_iScreenSizeJ@@3JA
?sam_iScreenSizeI@@3JA
?_pvpViewPortMain@@3PAVCViewPort@@A
?_pdpNormalMain@@3PAVCDrawPort@@A
?_pdpMain@@3PAVCDrawPort@@A
?_bClientApp@@3HA
?_pfdDisplayFont@@3PAVCFontData@@A
?_pSound@@3PAVCSoundLibrary@@A
?_pNetwork@@3PAVCNetworkLibrary@@A
?_pTimer@@3PAVCTimer@@A
?_strModExt@@3VCTString@@A
?_fnmApplicationPath@@3VCTFileName@@A
?CheckEngineVersion@@YAXXZ
?initialize@CWebAddress@@QAEXXZ
?End@cWeb@@QAEHXZ
?Begin@cWeb@@QAEHXZ
?SetNextStage@StageMgr@@QAEXW4eSTAGE@@0@Z
?Run@StageMgr@@QAEXXZ
?Create@StageMgr@@QAEXXZ
?getSingleton@?$CSingletonBase@VStageMgr@@@@SAPAVStageMgr@@XZ
?setVersion@CUILoginNew@@QAEXPBD@Z
?Create@GameDataManager@@QAEXXZ
?DestroyRenderTarget@CUIManager@@QAEXXZ
?InitRenderTarget@CUIManager@@QAEXHH@Z
?SetTitleName@CUIManager@@QAEXJHH@Z
?MsgProc@CUIManager@@QAEXPAUtagMSG@@PAH@Z
?AdjustUIPos@CUIManager@@QAEXPAVCDrawPort@@@Z
?ResetUIPos@CUIManager@@QAEXPAVCDrawPort@@@Z
?SetGameHandle@CUIManager@@QAEXPAVCGame@@@Z
?Create@CUIManager@@QAEXXZ
?Release@CStock_CEntityClass@@QAEXPAVCEntityClass@@@Z
?Obtain_t@CStock_CEntityClass@@QAEPAVCEntityClass@@ABVCTFileName@@@Z
?SE_Destroy_WebAddressPtr@@YAXXZ
?SE_Get_GameDataManagerPtr@@YAPAVGameDataManager@@XZ
?SE_Get_UIManagerPtr@@YAPAVCUIManager@@XZ
?SE_Get_WebAddressPtr@@YAPAVCWebAddress@@XZ
?SE_LoadDefaultFonts@@YAXXZ
?SE_EndEngine@@YAXXZ
?SE_InitEngine@@YAXVCTString@@@Z
?SwapBuffers@CViewPort@@QAEXH@Z
?UpdateSounds@CSoundLibrary@@QAEXXZ
?SetFormat@CSoundLibrary@@QAEXW4SoundFormat@1@H@Z
?SetVolume@CSoundObject@@QAEXMH@Z
??1CSoundObject@@QAE@XZ
??0CSoundObject@@QAE@XZ
?GameInactive@CNetworkLibrary@@QAEXXZ
?InitPos@CUIBase@@QAEXHHHH@Z
?Fill@CDrawPort@@QBEXK@Z
?PutTexture@CDrawPort@@QBEXPAVCTextureObject@@ABV?$AABBox@J$01@@1KK@Z
?PutText@CDrawPort@@QBEXABVCTString@@JJK@Z
?SetFont@CDrawPort@@QAEXPAVCFontData@@@Z
?IsTripleHead@CDrawPort@@QAEHXZ
?IsDualHead@CDrawPort@@QAEHXZ
?MakeWideScreen@CDrawPort@@QAEXPAV1@@Z
??0CDrawPort@@QAE@PAV0@J@Z
??1CDrawPort@@QAE@XZ
?FinishTranslationTable@@YAXXZ
?Unlock_internal@CDrawPort@@QAEXXZ
?Lock_internal@CDrawPort@@QAEHXZ
?InitSEEDEncrypt@CMessageDispatcher@@SAXXZ
??1CTextureObject@@QAE@XZ
?SetData_t@CTextureObject@@QAEXABVCTFileName@@@Z
??0CTextureObject@@QAE@XZ
?Force@CTextureData@@QAEXK@Z
?Benchmark@CGfxLibrary@@QAEXPAVCViewPort@@PAVCDrawPort@@@Z
?DestroyWindowCanvas@CGfxLibrary@@QAEXPAVCViewPort@@@Z
?CreateWindowCanvas@CGfxLibrary@@QAEXPAXPAPAVCViewPort@@PAPAVCDrawPort@@@Z
?ResetDisplayMode@CGfxLibrary@@QAEHW4GfxAPIType@@@Z
?LerpColor@@YAKKKM@Z
?IsWideScreen@CDisplayMode@@QAEHXZ
?IsTripleHead@CDisplayMode@@QAEHXZ
?IsDualHead@CDisplayMode@@QAEHXZ
?DepthString@CDisplayMode@@QBE?AVCTString@@XZ
??0CDisplayMode@@QAE@XZ
?GetHighPrecisionTimer@CTimer@@QAE?AVCTimerValue@@XZ
?GetRealTimeTick@CTimer@@QBEMXZ
?ExpandFilePath@@YAJKABVCTFileName@@AAV1@@Z
?ExceptionFatalError@CTStream@@SAXXZ
?ExceptionFilter@CTStream@@SAHKPAU_EXCEPTION_POINTERS@@@Z
?ClearStreamHandling@CTStream@@SAXXZ
?DisableStreamHandling@CTStream@@SAXXZ
?EnableStreamHandling@CTStream@@SAXXZ
?FileName@CTFileName@@QBE?AV1@XZ
??0CTString@@QAE@XZ
??0CTString@@QAA@JPBDZZ
??1CTString@@QAE@XZ
?TrimSpacesLeft@CTString@@QAEJXZ
??8CTString@@QBEHPBD@Z
??9CTString@@QBEHPBD@Z
??HCTString@@QBE?AV0@ABV0@@Z
??YCTString@@QAEAAV0@ABV0@@Z
??H@YA?AVCTString@@PBDABV0@@Z
?Split@CTString@@QAEXJAAV1@0@Z
?DeleteChar@CTString@@QAEXJ@Z
?ScanF@CTString@@QAAJPBDZZ
?StringDuplicate@@YAPADPBD@Z
?StringFree@@YAXPAD@Z
?Translate@@YAPADPADJ@Z
?_fnmMod@@3VCTFileName@@A
?_fnmCDPath@@3VCTFileName@@A
?_strLogFile@@3VCTString@@A
?cmd_iWindowLeft@@3JA
?cmd_iWindowTop@@3JA
??8CTString@@QBEHABV0@@Z
?Matches@CTString@@QBEHABV1@@Z
?PrintF@CTString@@QAAJPBDZZ
?CPrintF@@YAXPBDZZ
?WarningMessage@@YAXPBDZZ
??1CListNode@@QAE@XZ
?Clear@CListHead@@QAEXXZ
?AddTail@CListHead@@QAEXAAVCListNode@@@Z
??0CTFileName@@QAE@XZ
??0CTFileName@@QAE@ABVCTString@@@Z
??1CTFileName@@QAE@XZ
?AtEOF@CTStream@@QAEHXZ
?GetLine_t@CTStream@@QAEXPADJD@Z
??0CTFileStream@@QAE@XZ
??1CTFileStream@@UAE@XZ
?Open_t@CTFileStream@@QAEXABVCTFileName@@W4OpenMode@CTStream@@@Z
?DeclareSymbol@CShell@@QAEXABVCTString@@PAX@Z
?Execute@CShell@@QAEXABVCTString@@@Z
?_pShell@@3PAVCShell@@A
?_pGfx@@3PAVCGfxLibrary@@A
?FatalError@@YAXPBDZZ
?SE_UpdateWindowHandle@@YAXPAUHWND__@@0@Z
?OpenWebPage@cWeb@@QAEHPAUHWND__@@@Z
?CloseWebPage@cWeb@@QAEHPAUHWND__@@@Z
?UpdatePos@cWeb@@QAEXXZ
?_bWindowChanging@@3HA
?_hInstanceMain@@3PAUHINSTANCE__@@A
?sam_bFullScreenActive@@3JA
?_pGameState@@3PAVCGameState@@A
?_hwndMain@@3PAUHWND__@@A
?_hDlgWeb@@3PAUHWND__@@A
?g_web@@3VcWeb@@A
?FindSubstr@CTString@@QAEJABV1@@Z
?TrimRight@CTString@@QAEJJ@Z
?IsEqualCaseSensitive@CTString@@QBEHABV1@@Z
?DeleteChars@CTString@@QAEXJJ@Z
?ThrowF_t@@YAXPADZZ
?GetWindowsError@@YA?BVCTString@@K@Z
?InitTranslation@@YAXXZ
?AddTranslationTablesDir_t@@YAXABVCTFileName@@0@Z
?FileDir@CTFileName@@QBE?AV1@XZ

version

GetFileVersionInfoA
GetFileVersionInfoSizeA

wtsapi32

WTSEnumerateProcessesW
WTSFreeMemory

vcruntime140

__current_exception_context
__current_exception
_purecall
memmove
memcpy
_except_handler4_common
__std_exception_destroy
__std_exception_copy
__std_terminate
memset
__CxxFrameHandler3
strchr
_CxxThrowException
__std_type_info_destroy_list

api-ms-win-crt-string-l1-1-0

strncpy
_strnicmp
_stricmp
strtok
isspace
_strdup

api-ms-win-crt-stdio-l1-1-0

ungetc
setvbuf
fwrite
_fseeki64
fsetpos
fread
fputc
fopen
fgetpos
fgetc
fflush
_set_fmode
_get_stream_buffer_pointers
fclose
__stdio_common_vsscanf
__p__commode

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_exit
terminate
_cexit
exit
_c_exit
_controlfp_s
_initterm_e
_register_thread_local_exe_atexit_callback
_initterm
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
strerror
_get_narrow_winmain_command_line
_seh_filter_exe
_controlfp
_invalid_parameter_noinfo_noreturn
_crt_at_quick_exit
_crt_atexit

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-process-l1-1-0

_execv

api-ms-win-crt-heap-l1-1-0

free
malloc
calloc
_callnewh
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr
_except1

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

shlwapi

PathAppendA
PathFileExistsA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
SetFileSecurityA
OpenProcessToken

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 259KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

00de9d2244e7948d2d71d81ecd92eb82

Headers

DLL Characteristics

File Characteristics

Imports

entitiesmp

kernel32

user32

gdi32

msvcp140

engine

version

wtsapi32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-process-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

shlwapi

advapi32

Sections

.text Size: 64KB - Virtual size: 64KB

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 259KB - Virtual size: 258KB

.text
Size: 64KB - Virtual size: 64KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 259KB - Virtual size: 258KB