009df44ab81fe2c46cab81e728191627

Sharing

Copy URL Twitter E-mail

General

Target

009df44ab81fe2c46cab81e728191627
Size

1.2MB
MD5

009df44ab81fe2c46cab81e728191627
SHA1

12ab9fb5c87c79ae1ac1f23b9c9a7c2aef7e39ac
SHA256

c9949ed9676d0ddfef575e7c80fd19f8108286386b621e5d1fee2fa21eb7d619
SHA512

c0d83959e7b17d41084aace3fcad69fe775b1fc9a5cf726eaa6212a14ae527e4f4e6d84dd35c15cd7f38f2b7d8afedd5ac66109cd820d351b9ff4ab9140b5408
SSDEEP

24576:5g1rh4O+bpFHl7qoJdsPsCicb3w+OlVhxqZSideAjQUxy7:5tO+bn+PdB5sXUxy7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
009df44ab81fe2c46cab81e728191627

Files

009df44ab81fe2c46cab81e728191627
.dll windows:5 windows x86 arch:x86

3e164171be3675a0d4e4df99bc620868

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

nedmalloc

?nedfree@nedalloc@@YAXPAX@Z
?nedmalloc@nedalloc@@YAPAXI@Z

kernel32

GetLastError
GetProcAddress
LoadLibraryA
GetTickCount
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
WideCharToMultiByte
DeleteCriticalSection
FreeLibrary
GetLocalTime
GetCurrentProcessId
EncodePointer
DecodePointer
InterlockedExchange
Sleep
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange

h3dxmllib

?CreateXMLDOMImplementation@dom@parse@xml@h3d@com@@YAPAVIXMLDOMImplementation@12345@XZ
?ReleaseXMLDOMImplementation@dom@parse@xml@h3d@com@@YAXPAVIXMLDOMImplementation@12345@@Z

stlport.5.2

??0runtime_error@stlp_std@@QAE@ABV01@@Z
??0runtime_error@stlp_std@@QAE@ABV?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@1@@Z
??0?$basic_ostringstream@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAE@H@Z
?str@?$basic_ostringstream@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QBE?AV?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@2@XZ
??_D?$basic_ostringstream@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEXXZ
?append@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEAAV12@PBDI@Z
?reserve@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEXI@Z
?get@?$basic_istream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEHXZ
?peek@?$basic_istream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEHXZ
?at@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEAADI@Z
?find_last_of@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QBEIDI@Z
??0__Named_exception@stlp_std@@QAE@ABV01@@Z
?what@__Named_exception@stlp_std@@UBEPBDXZ
??1runtime_error@stlp_std@@UAE@XZ
??Y?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEAAV01@ABV01@@Z
?compare@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QBEHABV12@@Z
?append@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEAAV12@PBD@Z
?replace@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEAAV12@IIABV12@@Z
?find@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QBEIABV12@I@Z
?rfind@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QBEIPBDI@Z
?find_last_of@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QBEIPBDI@Z
??_D?$basic_ofstream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEXXZ
??0?$basic_ofstream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAE@XZ
?open@?$basic_ofstream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEXPBDH@Z
??0?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAE@IDABV?$allocator@D@1@@Z
?resize@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEXI@Z
?find@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QBEIDI@Z
?find_first_of@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QBEIPBDI@Z
?substr@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QBE?AV12@II@Z
??Y?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEAAV01@PBD@Z
??_F?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEXXZ
?find@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QBEIPBDI@Z
??6?$basic_ostream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEAAV01@H@Z
?str@?$basic_stringstream@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QBE?AV?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@2@XZ
??Y?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEAAV01@D@Z
?_M_append@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@AAEAAV12@PBD0@Z
?_M_assign@?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@AAEAAV12@PB_W0@Z
??0?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@QAE@ABV?$allocator@_W@1@@Z
??0?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@QAE@PB_WABV?$allocator@_W@1@@Z
??1?$allocator@_W@stlp_std@@QAE@XZ
??0?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@QAE@ABV01@@Z
??1?$basic_string@_WV?$char_traits@_W@stlp_std@@V?$allocator@_W@2@@stlp_std@@QAE@XZ
?compare@?$char_traits@_W@stlp_std@@SAHPB_W0I@Z
?_M_assign@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@AAEAAV12@PBD0@Z
?_M_compare@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@SAHPBD000@Z
??5?$basic_istream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??0?$_Isentry@DV?$char_traits@D@stlp_std@@@stlp_std@@QAE@AAV?$basic_istream@DV?$char_traits@D@stlp_std@@@1@U_No_Skip_WS@1@@Z
?sputn@?$basic_streambuf@DV?$char_traits@D@stlp_std@@@stlp_std@@QAE_JPBD_J@Z
??0?$_Osentry@DV?$char_traits@D@stlp_std@@@stlp_std@@QAE@AAV?$basic_ostream@DV?$char_traits@D@stlp_std@@@1@@Z
??1?$_Osentry@DV?$char_traits@D@stlp_std@@@stlp_std@@QAE@XZ
?sputc@?$basic_streambuf@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEHD@Z
?setstate@?$basic_ios@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEXH@Z
??5?$basic_istream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEAAV01@AAN@Z
??5?$basic_istream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEAAV01@AAM@Z
??5?$basic_istream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEAAV01@AA_J@Z
??5?$basic_istream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEAAV01@AA_K@Z
??5?$basic_istream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEAAV01@AAI@Z
??5?$basic_istream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEAAV01@AAF@Z
??5?$basic_istream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEAAV01@AAG@Z
?_M_skip_whitespace@?$basic_istream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEX_N@Z
??1?$_Isentry@DV?$char_traits@D@stlp_std@@@stlp_std@@QAE@XZ
??5?$basic_istream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEAAV01@AAH@Z
??_D?$basic_stringstream@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEXXZ
??0?$basic_stringstream@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAE@H@Z
?__stl_throw_overflow_error@stlp_std@@YAXPBD@Z
?_Transfer@?$_List_global@_N@priv@stlp_std@@SAXPAU_List_node_base@23@00@Z
?compare@?$char_traits@D@stlp_std@@SAHPBD0I@Z
??4?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEAAV01@PBD@Z
??0?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAE@U_String_reserve_t@priv@1@IABV?$allocator@D@1@@Z
?get_allocator@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QBE?AV?$allocator@D@2@XZ
?append@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEAAV12@ABV12@@Z
?_M_rest@?$_String_base@DV?$allocator@D@stlp_std@@@priv@stlp_std@@IBEIXZ
?_M_compute_next_size@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@AAEII@Z
?allocate@?$_STLP_alloc_proxy@PADDV?$allocator@D@stlp_std@@@priv@stlp_std@@QAEPADIAAI@Z
?_M_construct_null@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@ABEXPAD@Z
?flush@?$basic_ostream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEAAV12@XZ
?put@?$basic_ostream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEAAV12@D@Z
?cout@stlp_std@@3V?$basic_ostream@DV?$char_traits@D@stlp_std@@@1@A
?_M_put_nowiden@?$basic_ostream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEXPBD@Z
??6?$basic_ostream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEAAV01@K@Z
??6?$basic_ostream@DV?$char_traits@D@stlp_std@@@stlp_std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?deallocate@__node_alloc@stlp_std@@SAXPAXI@Z
??1?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAE@XZ
?_M_deallocate_block@?$_String_base@DV?$allocator@D@stlp_std@@@priv@stlp_std@@IAEXXZ
??0?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAE@PBDABV?$allocator@D@1@@Z
?_Rebalance@?$_Rb_global@_N@priv@stlp_std@@SAXPAU_Rb_tree_node_base@23@AAPAU423@@Z
?_M_decrement@?$_Rb_global@_N@priv@stlp_std@@SAPAU_Rb_tree_node_base@23@PAU423@@Z
?_Rebalance_for_erase@?$_Rb_global@_N@priv@stlp_std@@SAPAU_Rb_tree_node_base@23@PAU423@AAPAU423@11@Z
?_M_increment@?$_Rb_global@_N@priv@stlp_std@@SAPAU_Rb_tree_node_base@23@PAU423@@Z
??0?$allocator@D@stlp_std@@QAE@XZ
??0?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAE@ABV?$allocator@D@1@@Z
??4?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEAAV01@ABV01@@Z
?size@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QBEIXZ
?__stl_throw_length_error@stlp_std@@YAXPBD@Z
?allocate@__node_alloc@stlp_std@@SAPAXAAI@Z
??0?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAE@ABV01@@Z
??0?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAE@V?$__move_source@V?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@@1@@Z
??1?$allocator@D@stlp_std@@QAE@XZ
?clear@?$basic_string@DV?$char_traits@D@stlp_std@@V?$allocator@D@2@@stlp_std@@QAEXXZ

msvcr100

_itoa
_CIsin
_CIcos
_CIatan2
_CIasin
strncpy_s
strcat_s
_CIacos
__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
isalpha
isalnum
strchr
isspace
__iob_func
strstr
fputs
fputc
fseek
ftell
fwrite
fread
sscanf_s
strcpy_s
rand
pow
acos
_vscprintf
_localtime64
strftime
strncat_s
atan
sin
tan
cos
sqrt
atan2
sscanf
_CIsqrt
tolower
sprintf
atof
fopen
_CxxThrowException
__RTDynamicCast
__CxxFrameHandler3
fclose
fprintf
fopen_s
strncmp
vsprintf_s
wcslen
sprintf_s
_stricmp
memset
fabs
malloc
free
memmove
strcmp
atoi
memcpy
_purecall
_time64
_vsnprintf_s
??0exception@std@@QAE@ABQBDH@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
strlen
printf

vfsdllproj

?Hfread@VFS@@YAIPAXIIPAVIFile@1@@Z
?Hfopen@VFS@@YAPAVIFile@1@PBD00@Z
?Hfclose@VFS@@YAHPAVIFile@1@@Z
?FileNeedToUpdate@VFS@@YA_NPBD@Z
?CreateDownload@VFS@@YAPAVIDownLoad@1@PAVIDownloadNotifier@1@II@Z

Exports

Exports

_InitMiniGameSys
create_mini_game_mng_client

Sections

.text
Size: 754KB - Virtual size: 754KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3e164171be3675a0d4e4df99bc620868

Headers

DLL Characteristics

File Characteristics

Imports

nedmalloc

kernel32

h3dxmllib

stlport.5.2

msvcr100

vfsdllproj

Exports

Exports

Sections

.text Size: 754KB - Virtual size: 754KB

.rdata Size: 241KB - Virtual size: 241KB

.data Size: 71KB - Virtual size: 84KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 148KB - Virtual size: 148KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 754KB - Virtual size: 754KB

.rdata
Size: 241KB - Virtual size: 241KB

.data
Size: 71KB - Virtual size: 84KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 148KB - Virtual size: 148KB

.rmnet
Size: 56KB - Virtual size: 60KB