0202423653fa8c9df652b025ea0deaea

Sharing

Copy URL Twitter E-mail

General

Target

0202423653fa8c9df652b025ea0deaea
Size

444KB
MD5

0202423653fa8c9df652b025ea0deaea
SHA1

8a44405ee78c8e77c8a5e33fb0edcd9aee1417fe
SHA256

42d18deb3c6f8536517b2abed980c8de2c2870c35cdfa0b03537ae1fbd714c76
SHA512

3d7d68b100998bc5ee1518f781647a0ec7e086f5bf3452c0cbe3979e3c91916c30c8c82693380be26695c7bf3aae3ef18a4d087e779dd876b95421f3f42dc3da
SSDEEP

6144:cxIx2Pw7yEuWnNDapvN8zMi3G+csLW+kMlOz/ikKwNr6j4qbFcwKGfbCwlDfB/kt:DOWnNDapGdLVyrKawKyC458NOSh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0202423653fa8c9df652b025ea0deaea

Files

0202423653fa8c9df652b025ea0deaea
.exe windows:4 windows x86 arch:x86

cc701c3dcbf47a19637a9932baf1d365

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
CreateEventA
GetModuleHandleA
OpenEventA
MultiByteToWideChar
VirtualProtect
VerLanguageNameA
CreateProcessA
SetFileAttributesA
GetTempFileNameA
FindFirstChangeNotificationA
FindCloseChangeNotification
FindNextChangeNotification
ReleaseMutex
CreateMutexA
WritePrivateProfileStringA
GetCurrentProcess
GetTickCount
GlobalMemoryStatus
GetSystemInfo
CreateThread
CreateFileA
SetErrorMode
DeviceIoControl
CreateDirectoryA
WriteFile
ReadFile
SetFileTime
GetFileTime
SetFilePointer
GetFileSize
GetFileType
MoveFileExA
SetEndOfFile
GetCurrentDirectoryA
GetDriveTypeA
DeleteFileA
GetModuleFileNameA
GetDiskFreeSpaceA
SetCurrentDirectoryA
GetLogicalDrives
FindFirstFileA
FindNextFileA
GetSystemDefaultLangID
GetPrivateProfileStringA
ResumeThread
SetPriorityClass
GetCurrentThread
SetThreadPriority
GetFileAttributesA
FlushFileBuffers
QueryPerformanceCounter
GetThreadPriority
GetPriorityClass
QueryPerformanceFrequency
WideCharToMultiByte
GetExitCodeThread
GetFullPathNameA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
SuspendThread
IsBadWritePtr
IsBadReadPtr
InterlockedIncrement
InterlockedDecrement
WaitForMultipleObjects
GetStartupInfoA
GetCommandLineA
GetVersion
GetShortPathNameA
HeapFree
HeapAlloc
TlsSetValue
FileTimeToSystemTime
FileTimeToLocalFileTime
RaiseException
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
TlsAlloc
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
HeapReAlloc
HeapSize
VirtualAlloc
LCMapStringA
LCMapStringW
GetCPInfo
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
SetStdHandle
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
GetTimeZoneInformation
lstrcatA
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
lstrlenA
RemoveDirectoryA
lstrcmpA
FindClose
GetExitCodeProcess
FormatMessageA
LocalFree
SizeofResource
LoadResource
LockResource
SetLastError
GetLastError
CloseHandle
GetTempPathA
IsDBCSLeadByte
lstrcpynA
GetProcAddress
LoadLibraryA
FreeLibrary
GetLocaleInfoA
GetUserDefaultLCID
FindResourceA
GetSystemDirectoryA
GetWindowsDirectoryA
lstrcpyA
SetEvent
ResetEvent
WaitForSingleObject
Sleep
lstrcmpiA
GetVolumeInformationA
GetVersionExA
ExitThread
GetEnvironmentVariableA
IsBadCodePtr

user32

EndPaint
SetActiveWindow
GetPropA
GetWindowTextA
DestroyCursor
IsDialogMessageA
GetMessageA
SetCursor
UnregisterClassA
ReleaseCapture
GetCapture
EnableWindow
SetCapture
ScreenToClient
CallWindowProcA
GetClassInfoA
OffsetRect
GetParent
GetNextDlgGroupItem
GrayStringA
DrawTextA
DrawTextExA
EndDialog
MessageBeep
DialogBoxIndirectParamA
CreateDialogIndirectParamA
EqualRect
SetWindowLongA
InvalidateRect
GetNextDlgTabItem
GetAsyncKeyState
GetSystemMetrics
GetWindowPlacement
RegisterWindowMessageA
LoadIconA
PostQuitMessage
EnableMenuItem
FillRect
LoadCursorA
RegisterClassA
SetPropA
GetUpdateRect
BeginPaint
IsRectEmpty
IntersectRect
GetWindowRect
SetWindowTextA
RemovePropA
SystemParametersInfoA
GetClassNameA
CharToOemA
FindWindowExA
UnionRect
EnumDisplaySettingsA
GetDC
ReleaseDC
IsWindow
ExitWindowsEx
MsgWaitForMultipleObjects
CharUpperA
CreateWindowExA
LoadImageA
CharPrevA
GetDesktopWindow
WaitForInputIdle
GetKeyboardType
LoadStringA
PeekMessageA
TranslateMessage
DispatchMessageA
SetWindowPos
wvsprintfA
MessageBoxA
GetFocus
SetFocus
FindWindowA
IsIconic
SetForegroundWindow
SetRectEmpty
SetTimer
CharNextA
KillTimer
wsprintfA
DefWindowProcA
GetMessagePos
MapWindowPoints
ShowWindow
DestroyWindow
SendMessageA
GetWindowLongA
RedrawWindow
IsChild
IsWindowVisible
CopyRect
EnumWindows
IsWindowEnabled
PostMessageA

gdi32

GetDeviceCaps
GetDIBColorTable
CreateCompatibleDC
DeleteObject
SetDIBits
CreateDIBSection
GetNearestPaletteIndex
RealizePalette
SelectPalette
GetStockObject
SetTextColor
SetBkMode
SetBkColor
SelectObject
GetTextMetricsA
GetSystemPaletteEntries
CreatePalette
DeleteDC
RemoveFontResourceA
SetDIBColorTable
GetObjectA
BitBlt
CreateBrushIndirect
CreateFontA
GetPaletteEntries
AddFontResourceA

comctl32

ImageList_LoadImageA
ImageList_Destroy

advapi32

RegSetValueExA
LookupPrivilegeValueA
RegCreateKeyExA
RegDeleteKeyA
CloseServiceHandle
OpenSCManagerA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
OpenProcessToken
RegDeleteValueA
AdjustTokenPrivileges
RegQueryInfoKeyA

shell32

SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteExA
SHChangeNotify
SHGetPathFromIDListA

ole32

CoCreateInstance
OleUninitialize
CoInitialize
CoUninitialize
OleInitialize

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

winmm

mmioInstallIOProcA
waveOutGetDevCapsA
waveOutGetNumDevs
joyGetNumDevs
PlaySoundA
mciSendStringA
timeGetTime

imm32

ImmGetContext

Exports

Exports

?DialogProc@CAppAlert@@SGHPAUHWND__@@IIJ@Z
?DialogProc@CAppMessage@@SGHPAUHWND__@@IIJ@Z
?DialogProc@CDirBrowser@@SGHPAUHWND__@@IIJ@Z
?HotsetupCallback@@YG?AW4EBURETCODE@@PAX@Z
LaunchGame

Sections

.text
Size: 344KB - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cc701c3dcbf47a19637a9932baf1d365

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comctl32

advapi32

shell32

ole32

version

winmm

imm32

Exports

Exports

Sections

.text Size: 344KB - Virtual size: 340KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 36KB - Virtual size: 70KB

.rsrc Size: 40KB - Virtual size: 40KB

.text
Size: 344KB - Virtual size: 340KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 36KB - Virtual size: 70KB

.rsrc
Size: 40KB - Virtual size: 40KB