00a819ae10dc6b0e8ab5ec95e267452e

Sharing

Copy URL Twitter E-mail

General

Target

00a819ae10dc6b0e8ab5ec95e267452e
Size

1.8MB
MD5

00a819ae10dc6b0e8ab5ec95e267452e
SHA1

40fc4bd1adbfbe02ca8c34313f4242f9e7d21c84
SHA256

b4a50c4bcc76498f8b5822cf0aad9339176d3a207e73aa4ffd097a5868fc5cb6
SHA512

9a1d98f0ef2ee468d05a1d83b422200fb4f18cee61b885eee12d286aa4e624aa9b53b3be6d55e0b0533d771bb729df97b3596726f450c20b8d955f961bb35b6e
SSDEEP

49152:nBgYR7Fc+EQNpu8bv8TMqobGzSf8/Si+zY:Br7u+EQNpuOUGbB86iMY

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Rivals RP/pawno/pawno.exe	upx

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Rivals RP/announce.exe
unpack001/Rivals RP/pawno/libpawnc.dll
unpack001/Rivals RP/pawno/pawnc.dll
unpack001/Rivals RP/pawno/pawncc.exe
unpack001/Rivals RP/pawno/pawno.exe
unpack001/Rivals RP/plugins/streamer.dll
unpack001/Rivals RP/samp-npc.exe
unpack001/Rivals RP/samp-server.exe

Files

00a819ae10dc6b0e8ab5ec95e267452e
.rar
Rivals RP/announce.exe
.exe windows:4 windows x86 arch:x86

5df40cb9994dcacb42f25de3fe7d92db

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostbyname
htons
socket
bind
connect
recv
send
closesocket
WSACleanup
WSAStartup

kernel32

GetFileType
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualProtect
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapFree
HeapAlloc
GetLastError
CloseHandle
GetProcAddress
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetFilePointer
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
GetACP
GetOEMCP
GetCPInfo
SetStdHandle
FlushFileBuffers
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
QueryPerformanceCounter
GetTickCount

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Rivals RP/gamemodes/rivals.amx
Rivals RP/gamemodes/rivals.pwn
Rivals RP/include/gl_common.inc
Rivals RP/include/gl_spawns.inc
Rivals RP/include/vehicleutil.inc
Rivals RP/pawno/include/Dini.inc
Rivals RP/pawno/include/MidoStream.inc
Rivals RP/pawno/include/Rich.inc
Rivals RP/pawno/include/a_http.inc
Rivals RP/pawno/include/a_mysql.inc
Rivals RP/pawno/include/a_npc.inc
Rivals RP/pawno/include/a_objects.inc
.vbs
Rivals RP/pawno/include/a_players.inc
Rivals RP/pawno/include/a_samp.inc
Rivals RP/pawno/include/a_sampdb.inc
Rivals RP/pawno/include/a_vehicles.inc
Rivals RP/pawno/include/antiattack.inc
Rivals RP/pawno/include/core.inc
Rivals RP/pawno/include/datagram.inc
Rivals RP/pawno/include/dutils.inc
Rivals RP/pawno/include/file.inc
Rivals RP/pawno/include/float.inc
Rivals RP/pawno/include/foreach.inc
Rivals RP/pawno/include/foreach2.inc
Rivals RP/pawno/include/gl_common.inc
Rivals RP/pawno/include/inc.inc
Rivals RP/pawno/include/md5.inc
Rivals RP/pawno/include/morphinc.inc
Rivals RP/pawno/include/mxINI.inc
Rivals RP/pawno/include/mxdate.inc
Rivals RP/pawno/include/reallife.inc
Rivals RP/pawno/include/streamer.inc
Rivals RP/pawno/include/string.inc
Rivals RP/pawno/include/time.inc
Rivals RP/pawno/include/utils.inc
Rivals RP/pawno/libpawnc.dll
.dll windows:1 windows x86 arch:x86

5d97e0c7cc1b418f5235da489d10a039

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

CharUpperA
IsWindow
MessageBoxA
PostMessageA
RegisterWindowMessageA

kernel32

CloseHandle
CreateEventA
CreateFileA
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
ExitProcess
ExitThread
FlushFileBuffers
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetCurrentDirectoryA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentThread
GetEnvironmentStrings
GetFileAttributesA
GetFileType
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetOEMCP
GetProcAddress
GetStdHandle
GetVersion
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
OutputDebugStringA
ReadConsoleInputA
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetConsoleMode
SetCurrentDirectoryA
SetEnvironmentVariableA
SetEnvironmentVariableW
SetEvent
SetFilePointer
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteFile

Exports

Exports

Compile
_Compile@16
pc_addconstant
pc_addtag
pc_compile
pc_enablewarning

Sections

AUTO
Size: 212KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DGROUP
Size: 36KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 10KB - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Rivals RP/pawno/new.pwn
Rivals RP/pawno/pawn.ico
Rivals RP/pawno/pawnc.dll
.dll windows:4 windows x86 arch:x86

4eff41a005fb149247033c4b1aa53f8e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetCurrentProcessId

user32

PostMessageA
IsWindow
RegisterWindowMessageA

msvcr80

memset
isupper
isalpha
memmove
fputs
fprintf
_chdrive
toupper
atoi
strtok
fclose
fread
ftell
fseek
fopen
memcpy
realloc
__iob_func
_tempnam
remove
_setjmp3
_CIpow
tolower
vfprintf
strncmp
fgetc
sscanf
fwrite
vprintf
fflush
fsetpos
fgets
fgetpos
feof
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
strtol
sprintf
isdigit
malloc
free
longjmp
strrchr
strchr
_access
_chdir
_stricmp
isspace
_strdup

Exports

Exports

Compile
pc_addconstant
pc_addtag
pc_compile
pc_enablewarning

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rivals RP/pawno/pawncc.exe
.exe windows:4 windows x86 arch:x86

f9d74702f53af8e6e0298f886652b43b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

pawnc

pc_compile

msvcr80

__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_adjust_fdiv
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
exit
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_lock

kernel32

IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
InterlockedExchange
SetUnhandledExceptionFilter

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Rivals RP/pawno/pawno.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 540KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 287KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Rivals RP/pawno/settings.ini
Rivals RP/plugins/streamer.dll
.dll windows:5 windows x86 arch:x86

cb94c0dc48ef68eef9d21bc5fb572aaa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FormatMessageA
LocalFree
VirtualQuery
VirtualProtect
GetTickCount
QueryPerformanceFrequency
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
IsProcessorFeaturePresent

msvcp100

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
_FInf
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?_BADOFF@std@@3_JB
?uncaught_exception@std@@YA_NXZ

msvcr100

??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
memchr
_unlock
__dllonexit
_lock
_onexit
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_except_handler4_common
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_crt_debugger_hook
??1bad_cast@std@@UAE@XZ
malloc
free
ceil
??0exception@std@@QAE@ABQBDH@Z
??0exception@std@@QAE@XZ
??2@YAPAXI@Z
??3@YAXPAX@Z
_purecall
strerror
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
__CxxFrameHandler3
floor
_CxxThrowException
memcpy
memmove

Exports

Exports

AmxLoad
AmxUnload
Load
ProcessTick
Supports
Unload

Sections

.text
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rivals RP/plugins/streamer.so
.elf linux x86
Rivals RP/samp-license.txt
Rivals RP/samp-npc.exe
.exe windows:4 windows x86 arch:x86

e3571dd5a9e9b81772c8cabcd924caff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharUpperA
CharLowerA

kernel32

CreateThread
QueryPerformanceCounter
QueryPerformanceFrequency
CloseHandle
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTickCount
GetProcAddress
LoadLibraryA
FreeLibrary
SetConsoleMode
GetStdHandle
SetConsoleCursorPosition
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetConsoleWindowInfo
SetConsoleScreenBufferSize
AllocConsole
GetEnvironmentVariableA
SetLocalTime
GetLocalTime
OutputDebugStringA
GetConsoleMode
ReadConsoleInputA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetSystemInfo
VirtualProtect
SetEndOfFile
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetCPInfo
LCMapStringW
MultiByteToWideChar
LCMapStringA
VirtualQuery
HeapAlloc
HeapFree
HeapReAlloc
RtlUnwind
GetLastError
DeleteFileA
ExitThread
GetCurrentThreadId
ExitProcess
GetModuleHandleA
TerminateProcess
GetCurrentProcess
RaiseException
GetSystemTimeAsFileTime
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
ReadFile
SetHandleCount
GetFileType
GetStartupInfoA
SetFilePointer
WriteFile
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlushFileBuffers
GetCurrentProcessId
GetFileAttributesA
CreateFileA
WideCharToMultiByte
GetTimeZoneInformation
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
InterlockedExchange

wsock32

getsockname
gethostname
sendto
WSAGetLastError
recvfrom
gethostbyname
socket
setsockopt
inet_ntoa
bind
htons
WSACleanup
WSAStartup
closesocket
ioctlsocket
inet_addr
htonl
ntohs

winmm

timeGetTime
timeBeginPeriod

Sections

.text
Size: 212KB - Virtual size: 210KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Rivals RP/samp-server.exe
.exe windows:4 windows x86 arch:x86

0eed331a13471baad6960f2d6a40f2de

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteA

kernel32

GetTimeZoneInformation
SetConsoleMode
GetStdHandle
SetConsoleCursorPosition
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetConsoleWindowInfo
SetConsoleScreenBufferSize
AllocConsole
GetEnvironmentVariableA
SetLocalTime
GetLocalTime
Sleep
InitializeCriticalSection
InterlockedCompareExchange
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
AreFileApisANSI
CloseHandle
ReadFile
GetLastError
SetFilePointer
WriteFile
SetEndOfFile
FlushFileBuffers
GetFileSize
UnlockFile
LockFile
LockFileEx
UnlockFileEx
GetFileAttributesA
DeleteFileA
GetFileAttributesW
DeleteFileW
GetFileAttributesExW
LoadLibraryA
LoadLibraryW
GetProcAddress
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTime
GetSystemTimeAsFileTime
UnmapViewOfFile
GetTempPathA
GetTempPathW
LocalFree
FormatMessageA
FormatMessageW
GetFullPathNameA
GetFullPathNameW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
CreateFileA
CreateFileW
MapViewOfFile
CreateFileMappingA
QueryPerformanceFrequency
Module32Next
Module32First
CreateToolhelp32Snapshot
CreateThread
SetEvent
ReadConsoleA
WaitForSingleObject
TerminateThread
SetUnhandledExceptionFilter
CreateEventA
SetConsoleCtrlHandler
SetEnvironmentVariableA
GetCurrentDirectoryA
GetConsoleMode
ReadConsoleInputA
CompareStringW
CompareStringA
IsBadCodePtr
IsBadReadPtr
TlsGetValue
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetLocaleInfoA
GetCPInfo
GetStringTypeW
GetStringTypeA
InterlockedExchange
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
VirtualQuery
GetSystemInfo
VirtualProtect
UnhandledExceptionFilter
HeapAlloc
HeapFree
HeapReAlloc
RtlUnwind
ExitThread
GetCurrentThreadId
RaiseException
ExitProcess
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetTimeFormatA
GetDateFormatA
MoveFileA
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
TlsAlloc
SetLastError
TlsFree
TlsSetValue
HeapSize

user32

CharToOemA
CharUpperA
CharLowerA

wsock32

recv
getsockname
gethostname
WSAGetLastError
inet_ntoa
connect
bind
ntohs
inet_addr
htons
htonl
sendto
closesocket
WSAStartup
socket
setsockopt
ioctlsocket
gethostbyname
send
recvfrom
WSACleanup

winmm

timeGetTime
timeBeginPeriod

Sections

.text
Size: 664KB - Virtual size: 660KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 160KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Rivals RP/scriptfiles/Morrowind_Player.ini
Rivals RP/scriptfiles/gangzones.ini
Rivals RP/scriptfiles/logs/FracBank.cfg
Rivals RP/scriptfiles/logs/LoadBankMafia.cfg
Rivals RP/scriptfiles/logs/avtomas.cfg
Rivals RP/scriptfiles/logs/bankband.cfg
Rivals RP/scriptfiles/logs/bizz.cfg
Rivals RP/scriptfiles/logs/logi/banlist.log
Rivals RP/scriptfiles/logs/logi/leaders.ini
Rivals RP/scriptfiles/logs/materials.ini
Rivals RP/scriptfiles/logs/property.cfg
Rivals RP/scriptfiles/logs/rezerv/FracBank.cfg
Rivals RP/scriptfiles/logs/rezerv/LoadBankMafia.cfg
Rivals RP/scriptfiles/logs/rezerv/avtomas.cfg
Rivals RP/scriptfiles/logs/rezerv/bankband.cfg
Rivals RP/scriptfiles/logs/rezerv/bizz.cfg
Rivals RP/scriptfiles/logs/rezerv/materials.ini
Rivals RP/scriptfiles/logs/rezerv/property.cfg
Rivals RP/scriptfiles/logs/rezerv/sbizz.cfg
Rivals RP/scriptfiles/logs/sbizz.cfg
Rivals RP/scriptfiles/properties/banks.txt
Rivals RP/scriptfiles/properties/businesses.txt
Rivals RP/scriptfiles/properties/houses.txt
Rivals RP/scriptfiles/properties/interiors.txt
Rivals RP/scriptfiles/properties/police.txt
Rivals RP/scriptfiles/vehicles/bone.txt
Rivals RP/scriptfiles/vehicles/flint.txt
Rivals RP/scriptfiles/vehicles/ls_airport.txt
Rivals RP/scriptfiles/vehicles/ls_gen_inner.txt
Rivals RP/scriptfiles/vehicles/ls_gen_outer.txt
Rivals RP/scriptfiles/vehicles/ls_law.txt
Rivals RP/scriptfiles/vehicles/lv_airport.txt
Rivals RP/scriptfiles/vehicles/lv_gen.txt
Rivals RP/scriptfiles/vehicles/lv_law.txt
Rivals RP/scriptfiles/vehicles/pilots.txt
Rivals RP/scriptfiles/vehicles/red_county.txt
Rivals RP/scriptfiles/vehicles/sf_airport.txt
Rivals RP/scriptfiles/vehicles/sf_gen.txt
Rivals RP/scriptfiles/vehicles/sf_law.txt
Rivals RP/scriptfiles/vehicles/sf_train.txt
Rivals RP/scriptfiles/vehicles/tierra.txt
Rivals RP/scriptfiles/vehicles/trains.txt
Rivals RP/scriptfiles/vehicles/trains_platform.txt
Rivals RP/scriptfiles/vehicles/whetstone.txt
Rivals RP/server.cfg
Rivals RP/server_log.txt

Sharing

General

Malware Config

Signatures

Files

5df40cb9994dcacb42f25de3fe7d92db

Headers

File Characteristics

Imports

wsock32

kernel32

Sections

.text Size: 24KB - Virtual size: 22KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 7KB

5d97e0c7cc1b418f5235da489d10a039

Headers

File Characteristics

Imports

user32

kernel32

Exports

Exports

Sections

AUTO Size: 212KB - Virtual size:

.idata Size: 2KB - Virtual size:

DGROUP Size: 36KB - Virtual size:

.bss Size: 10KB - Virtual size:

.edata Size: 512B - Virtual size:

.reloc Size: 13KB - Virtual size:

.rsrc Size: 9KB - Virtual size:

4eff41a005fb149247033c4b1aa53f8e

Headers

File Characteristics

Imports

kernel32

user32

msvcr80

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 106KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 12KB - Virtual size: 9KB

.reloc Size: 12KB - Virtual size: 8KB

f9d74702f53af8e6e0298f886652b43b

Headers

File Characteristics

Imports

pawnc

msvcr80

kernel32

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 900B

.rsrc Size: 10KB - Virtual size: 9KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 540KB

UPX1 Size: 287KB - Virtual size: 288KB

.rsrc Size: 9KB - Virtual size: 12KB

cb94c0dc48ef68eef9d21bc5fb572aaa

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp100

msvcr100

Exports

Exports

Sections

.text Size: 185KB - Virtual size: 185KB

.rdata Size: 25KB - Virtual size: 24KB

.data Size: 3KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 7KB

AUTO
Size: 212KB - Virtual size:

.idata
Size: 2KB - Virtual size:

DGROUP
Size: 36KB - Virtual size:

.bss
Size: 10KB - Virtual size:

.edata
Size: 512B - Virtual size:

.reloc
Size: 13KB - Virtual size:

.rsrc
Size: 9KB - Virtual size:

.text
Size: 108KB - Virtual size: 106KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 12KB - Virtual size: 9KB

.reloc
Size: 12KB - Virtual size: 8KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 900B

.rsrc
Size: 10KB - Virtual size: 9KB

UPX0
Size: - Virtual size: 540KB

UPX1
Size: 287KB - Virtual size: 288KB

.rsrc
Size: 9KB - Virtual size: 12KB

.text
Size: 185KB - Virtual size: 185KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 17KB - Virtual size: 16KB

.text
Size: 212KB - Virtual size: 210KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 24KB - Virtual size: 233KB

.rsrc
Size: 4KB - Virtual size: 760B

.text
Size: 664KB - Virtual size: 660KB

.rdata
Size: 84KB - Virtual size: 83KB

.data
Size: 160KB - Virtual size: 223KB

.rsrc
Size: 4KB - Virtual size: 880B