7009339693bbe9ddf147ee376d187607

Sharing

Copy URL Twitter E-mail

General

Target

7009339693bbe9ddf147ee376d187607
Size

11.8MB
MD5

7009339693bbe9ddf147ee376d187607
SHA1

b7c510925689b068b0e2b478018190fe4b074a05
SHA256

5bef7037b8c762d76797cb48b3a1fceb595d066717008d9f2a390940ea9ba47b
SHA512

7eb73d2850f9ee2f4af5d43040ca93c553a4bdd90e07d8bd7d034b7828acc8db410cb90a691e4efc2adb8988f11af463e403c3ee4dc2a04bfefb70daf9a5874b
SSDEEP

196608:xg3X4ldOxwszc1kWtq/V0AooAFQevolmVP7Nq6o7E18OoKF1+90uoMJkQLinAcNb:xgH2dO6JSloseQlGzNq6n1l1BrMZUAU

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Black Longju GF edition/2010ClientHelper.dll
unpack001/Black Longju GF edition/artpclnt.dll

Files

7009339693bbe9ddf147ee376d187607
.rar
Black Longju GF edition/2010ClientHelper.dll
.dll windows:4 windows x86 arch:x86

f7bd87ba8e997422dabf9fb4f09dfaf0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AllocConsole

Exports

Exports

LdrInitialize

Sections

zzsldeun
Size: 46KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jodzxbmr
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fkcazxbn
Size: 2.0MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jnvfssto
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Black Longju GF edition/BGM/a_rhapsody_of_war.mp3
Black Longju GF edition/BGM/back_to_back.mp3
Black Longju GF edition/artpclnt.dll
.dll windows:4 windows x86 arch:x86

e26f88728550c5f484811b7e404a9a7d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetAutodial
InternetOpenUrlA
InternetOpenA
InternetGetConnectedState
InternetGetLastResponseInfoA
InternetQueryDataAvailable
InternetReadFile
InternetCloseHandle
InternetDial
InternetAutodialHangup
InternetCanonicalizeUrlA
HttpQueryInfoA

kernel32

GetExitCodeProcess
SetCurrentDirectoryA
CloseHandle
CreateProcessA
lstrcpynA
GetCurrentDirectoryA
CreateDirectoryA
WaitForSingleObject
lstrlenA
GetLastError
ReleaseMutex
ReadFile
SetEvent
CreateMutexA
UnmapViewOfFile
MapViewOfFile
WriteFile
SetFilePointer
CreateFileA
GetFileAttributesA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcatA
lstrcpyA
InterlockedExchange
CreateEventA
RemoveDirectoryA
DeleteFileA
TerminateThread
MoveFileA
MultiByteToWideChar
CreateThread
GetTempFileNameA
SearchPathA
GlobalFree
GlobalAlloc
GetPrivateProfileStringA
CreateFileMappingA
GetFileSize
GetLocalTime
HeapCreate
VirtualFree
GetFileType
SetEnvironmentVariableA
CompareStringW
GetExitCodeThread
GetCurrentProcess
FindClose
FindNextFileA
FindFirstFileA
lstrcmpiA
GetVersionExA
RtlUnwind
RaiseException
GetCommandLineA
GetVersion
GetTimeZoneInformation
GetSystemTime
CompareStringA
HeapFree
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetUnhandledExceptionFilter
ExitProcess
TerminateProcess
SetHandleCount
GetStdHandle
SetEndOfFile
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
IsBadCodePtr
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
VirtualAlloc
HeapReAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
IsBadReadPtr
FlushFileBuffers
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
LCMapStringW
InterlockedIncrement
LCMapStringA

user32

wsprintfA
MessageBoxA

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCreateKeyExA
RegSetValueExA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

Exports

Exports

AutoRTPatch32
FormatSchedule

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Black Longju GF edition/atlasinfo.txt

Sharing

General

Malware Config

Signatures

Files

f7bd87ba8e997422dabf9fb4f09dfaf0

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

zzsldeun Size: 46KB - Virtual size: 144KB

.rsrc Size: 1024B - Virtual size: 1KB

jodzxbmr Size: 512B - Virtual size: 4KB

fkcazxbn Size: 2.0MB - Virtual size: 4.1MB

jnvfssto Size: 4KB - Virtual size: 4KB

e26f88728550c5f484811b7e404a9a7d

Headers

File Characteristics

Imports

wininet

kernel32

user32

advapi32

version

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 60KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 22KB

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 8KB - Virtual size: 5KB

zzsldeun
Size: 46KB - Virtual size: 144KB

.rsrc
Size: 1024B - Virtual size: 1KB

jodzxbmr
Size: 512B - Virtual size: 4KB

fkcazxbn
Size: 2.0MB - Virtual size: 4.1MB

jnvfssto
Size: 4KB - Virtual size: 4KB

.text
Size: 64KB - Virtual size: 60KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 22KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 8KB - Virtual size: 5KB