0aa7cafcc90c0d1b78659d40969b2188

Sharing

Copy URL Twitter E-mail

General

Target

0aa7cafcc90c0d1b78659d40969b2188
Size

1.3MB
MD5

0aa7cafcc90c0d1b78659d40969b2188
SHA1

1c75b5a44485a5ed55accbbcfc54a4342990a293
SHA256

4913e698ef488c97b90652f503a39327acb8de9ce659835e38980835398db004
SHA512

075efe748817cd5c8796c218280948e6f6bc9faa3d8d863c2138095498357f6a5568c421434372a2bcea8cfd04310da4fd95e892cc5511531d2436a30c2c8432
SSDEEP

24576:7EZQ9SjDADctIdkeeI4zGOyQeXodAg6WZ1Jt/r0+D7zPiIo6rXj5X3da/qd0:YG9oHtEDOyqdd6EN0+D7biIo2j5ndaSe

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Monster_Editor_V3.exe
unpack001/lpk.dll

Files

0aa7cafcc90c0d1b78659d40969b2188
.rar
Monster_Editor_V3.exe
.exe windows:4 windows x86 arch:x86

d761daa504ad89b77abd37ce1a8936ed

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
ord690
__vbaStrI2
ord691
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaAryMove
__vbaFreeVar
__vbaLenBstr
__vbaLineInputStr
__vbaLateIdCall
__vbaStrVarMove
__vbaPut3
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
ord518
ord626
__vbaForEachCollAd
__vbaStrCat
__vbaSetSystemError
__vbaLenBstrB
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
ord593
__vbaExitProc
ord300
ord594
ord301
__vbaObjSet
ord595
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
ord306
ord307
__vbaFPFix
__vbaBoolVarNull
__vbaFpR8
_CIsin
ord709
__vbaErase
ord632
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord528
__vbaExitEachColl
ord529
__vbaGet3
__vbaStrCmp
__vbaAryConstruct2
__vbaPutOwner3
__vbaR4Str
__vbaObjVar
__vbaI2I4
ord561
DllFunctionCall
__vbaFpUI1
__vbaRedimPreserve
_adj_fpatan
__vbaLateIdCallLd
__vbaRedim
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord712
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
ord607
__vbaI2Str
ord608
__vbaFPException
ord717
__vbaInStrVar
__vbaGetOwner3
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaFileSeek
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
ord570
__vbaVar2Vec
__vbaNew2
__vbaInStr
__vbaR8Str
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord578
ord100
__vbaI4Var
ord689
__vbaAryLock
__vbaStrComp
__vbaStrToAnsi
__vbaVarDup
__vbaFpI4
__vbaLateMemCallLd
_CIatan
__vbaStrMove
__vbaAryCopy
__vbaStrVarCopy
ord619
_allmul
__vbaLateIdSt
__vbaAryRecCopy
_CItan
__vbaNextEachCollAd
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
__vbaRecAssign
ord581

Sections

.text
Size: 180KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lpk.dll
.dll windows:5 windows x86 arch:x86

78e397a561f0c355666a0cce61d5c812

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetProcAddress
LoadLibraryW
lstrcatW
GetSystemDirectoryW
FreeLibrary
lstrcpynA
LockResource
LoadResource
SizeofResource
FindResourceW
CreateProcessW
CloseHandle
WriteFile
CreateFileW
GetTempFileNameW
GetTempPathW
GetLastError
CreateMutexA
lstrcmpiW
GetModuleFileNameW
GetExitCodeProcess
TerminateProcess
WaitForSingleObject
GetCurrentThreadId
GetFileAttributesW
lstrcpyW
GetTickCount
GetLogicalDrives
FindNextFileW
SetFileAttributesW
CopyFileW
FindClose
FindFirstFileW
WaitForMultipleObjects
TerminateThread
ResumeThread
SetThreadPriority
CreateThread
SetEvent
CreateEventW
DisableThreadLibraryCalls
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
IsDebuggerPresent

user32

wsprintfW

shell32

ord92
ord64

shlwapi

PathRemoveFileSpecW
StrStrIW
PathAppendW
PathFindExtensionW
PathFindFileNameW
SHRegGetValueW

Exports

Exports

LpkDllInitialize
LpkDrawTextEx
LpkEditControl
LpkExtTextOut
LpkGetCharacterPlacement
LpkGetTextExtentExPoint
LpkInitialize
LpkPSMTextOut
LpkTabbedTextOut
LpkUseGDIWidthCache
ftsWordBreak

Sections

111
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mon.dat
monster.edt
monster.scr
monsterUSA.edt
monster_edit_V3.ini
monster_edit_V3.ini.chi
monster_edit_V3.ini.eng

Sharing

General

Malware Config

Signatures

Files

d761daa504ad89b77abd37ce1a8936ed

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 180KB - Virtual size: 176KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 3KB

78e397a561f0c355666a0cce61d5c812

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

shlwapi

Exports

Exports

Sections

111 Size: 3KB - Virtual size: 3KB

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 4B

.rsrc Size: 59KB - Virtual size: 58KB

.reloc Size: 1024B - Virtual size: 700B

.text
Size: 180KB - Virtual size: 176KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 3KB

111
Size: 3KB - Virtual size: 3KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 4B

.rsrc
Size: 59KB - Virtual size: 58KB

.reloc
Size: 1024B - Virtual size: 700B