General

Malware Config

Signatures

Files

• 178e5ea183a8c4ed7dcced6389c6de06

  .exe windows:4 windows x86 arch:x86

  4df066fb88fc31de75c022454ab3fc54

  
  

  Code Sign

  04

  Certificate

  Issuer

  CN=KISA RootCA 1,OU=Korea Certification Authority Central,O=KISA,C=KR

  Not Before

  24-08-2005 08:05

  Not After

  24-08-2025 08:05

  Subject

  CN=KISA RootCA 1,OU=Korea Certification Authority Central,O=KISA,C=KR

  05:6f:31:ff:e0:58:cc:7d:70:8c

  Certificate

  Issuer

  CN=yessignCA General Class 2,OU=AccreditedCA,O=yessign,C=kr

  Not Before

  27-03-2011 15:00

  Not After

  27-07-2011 14:59

  Subject

  CN=게임한판,OU=code-sign+OU=02201007270001,O=yessign,C=kr

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  27:72

  Certificate

  Issuer

  CN=KISA RootCA 1,OU=Korea Certification Authority Central,O=KISA,C=KR

  Not Before

  02-02-2007 09:32

  Not After

  02-02-2017 09:32

  Subject

  CN=yessignTSA,OU=AccreditedCA,O=yessign,C=kr

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  27:84

  Certificate

  Issuer

  CN=KISA RootCA 1,OU=Korea Certification Authority Central,O=KISA,C=KR

  Not Before

  30-04-2010 01:50

  Not After

  30-04-2020 01:50

  Subject

  CN=yessignCA General Class 2,OU=AccreditedCA,O=yessign,C=kr

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  Signer

  Actual PE Digest

  Digest Algorithm

  PE Digest Matches

  false

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  mfc80

  ord4749

  ord5715

  ord784

  ord556

  ord744

  ord380

  ord2703

  ord2702

  ord3201

  ord5097

  ord5493

  ord5346

  ord4353

  ord6310

  ord1452

  ord1903

  ord1185

  ord3182

  ord4262

  ord4486

  ord2862

  ord5200

  ord1599

  ord1655

  ord1656

  ord1964

  ord5175

  ord1362

  ord4967

  ord3345

  ord6277

  ord3802

  ord6279

  ord1522

  ord2172

  ord2178

  ord2405

  ord2387

  ord2385

  ord2403

  ord2415

  ord2392

  ord2408

  ord2413

  ord2396

  ord2398

  ord2400

  ord2394

  ord2410

  ord2390

  ord934

  ord930

  ord932

  ord928

  ord923

  ord5233

  ord5235

  ord5960

  ord1600

  ord4282

  ord4722

  ord3403

  ord709

  ord4185

  ord6275

  ord5073

  ord1908

  ord5152

  ord4244

  ord1401

  ord3946

  ord1617

  ord1620

  ord5912

  ord6724

  ord1551

  ord1670

  ord1671

  ord4890

  ord4735

  ord4212

  ord5182

  ord1482

  ord6703

  ord299

  ord1489

  ord4109

  ord4081

  ord5529

  ord2272

  ord5491

  ord911

  ord907

  ord1614

  ord762

  ord572

  ord760

  ord3596

  ord2991

  ord5214

  ord1402

  ord5915

  ord6725

  ord3908

  ord3441

  ord1794

  ord2657

  ord265

  ord266

  ord3204

  ord3210

  ord3161

  ord1161

  ord1934

  ord1728

  ord1280

  ord6065

  ord4125

  ord3684

  ord347

  ord602

  ord1279

  ord5637

  ord6037

  ord5642

  ord5731

  ord501

  ord2280

  ord631

  ord386

  ord781

  ord2322

  ord304

  ord6090

  ord4035

  ord2371

  ord4580

  ord1084

  ord1063

  ord557

  ord3641

  ord354

  ord297

  ord310

  ord1207

  ord4038

  ord4014

  ord6278

  ord3801

  ord6276

  ord4326

  ord2063

  ord2018

  ord5583

  ord3806

  ord1010

  ord5102

  ord6219

  ord5382

  ord3832

  ord1920

  ord2931

  ord5224

  ord5226

  ord2248

  ord3948

  ord4568

  ord5230

  ord5213

  ord5566

  ord2537

  ord2731

  ord2835

  ord4307

  ord2714

  ord2838

  ord2540

  ord2646

  ord2533

  ord3718

  ord3719

  ord3709

  ord2644

  ord3949

  ord4481

  ord4261

  ord3333

  ord745

  ord605

  ord2020

  ord5975

  ord1054

  ord3830

  ord757

  ord566

  ord3683

  ord4541

  ord578

  ord5203

  ord764

  msvcr80

  __set_app_type

  __p__fmode

  __p__commode

  _adjust_fdiv

  __setusermatherr

  _configthreadlocale

  _initterm_e

  _initterm

  _acmdln

  exit

  _ismbblead

  _XcptFilter

  _exit

  _cexit

  __getmainargs

  _amsg_exit

  _decode_pointer

  _onexit

  _lock

  _except_handler4_common

  _encode_pointer

  _unlock

  __CxxFrameHandler3

  ?what@exception@std@@UBEPBDXZ

  ??0exception@std@@QAE@ABQBD@Z

  ??0exception@std@@QAE@ABV01@@Z

  _invalid_parameter_noinfo

  strtoul

  strncpy

  _CxxThrowException

  _strnicmp

  _vsnprintf

  _setmbcp

  _stricmp

  ?terminate@@YAXXZ

  _crt_debugger_hook

  ?_type_info_dtor_internal_method@type_info@@QAEXXZ

  _invoke_watson

  __dllonexit

  ??1exception@std@@UAE@XZ

  ??0exception@std@@QAE@XZ

  malloc

  free

  sprintf

  strrchr

  _localtime64_s

  _time64

  atoi

  _controlfp_s

  memset

  kernel32

  InterlockedExchange

  GetLastError

  CloseHandle

  GetFileSize

  ReadFile

  IsDBCSLeadByteEx

  MultiByteToWideChar

  Sleep

  InterlockedCompareExchange

  GetStartupInfoA

  TerminateProcess

  GetCurrentProcess

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  QueryPerformanceCounter

  GetTickCount

  GetCurrentThreadId

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  GetThreadLocale

  GetLocaleInfoA

  GetACP

  lstrcmpA

  lstrcpyA

  CreateDirectoryA

  GetModuleFileNameA

  LoadLibraryA

  GetProcAddress

  FreeLibrary

  WritePrivateProfileStringA

  GetModuleHandleA

  CopyFileA

  GetVersionExA

  WideCharToMultiByte

  user32

  CopyRect

  LoadImageA

  GetSysColorBrush

  SetRect

  SystemParametersInfoA

  RedrawWindow

  PostMessageA

  LoadIconA

  GetSystemMenu

  AppendMenuA

  GetWindowLongA

  LoadCursorA

  DrawTextA

  SetWindowLongA

  SetTimer

  PostQuitMessage

  EnableWindow

  KillTimer

  DrawIcon

  GetClientRect

  GetSystemMetrics

  SendMessageA

  IsIconic

  SetCursor

  gdi32

  BitBlt

  CreateCompatibleDC

  CreateFontIndirectA

  GetObjectA

  advapi32

  RegSetValueExA

  RegCloseKey

  RegCreateKeyA

  shell32

  SHGetSpecialFolderPathA

  ShellExecuteA

  comctl32

  InitCommonControlsEx

  _TrackMouseEvent

  ole32

  CoCreateGuid

  urlmon

  URLDownloadToFileA

  msvcp80

  ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

  ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

  ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

  wininet

  InternetOpenA

  InternetCloseHandle

  InternetConnectA

  HttpOpenRequestA

  HttpAddRequestHeadersA

  HttpSendRequestExA

  InternetWriteFile

  HttpEndRequestA

  InternetSetOptionA

  InternetReadFile

  DeleteUrlCacheEntry

  Sections

  .text

  Size: 44KB - Virtual size: 40KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 28KB - Virtual size: 24KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 4KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 12KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ