95035c6edd8d0086a092ae1caa1c8496f1880cec0cf96c710487e3d59d71a8a7

Sharing

Copy URL Twitter E-mail

General

Target

95035c6edd8d0086a092ae1caa1c8496f1880cec0cf96c710487e3d59d71a8a7
Size

9.7MB
MD5

ca5442e03ccedbdf4effffad95dad8a1
SHA1

cafe8ebb111b4c66400acfc26b46b6c8c1b1bb1c
SHA256

95035c6edd8d0086a092ae1caa1c8496f1880cec0cf96c710487e3d59d71a8a7
SHA512

c155e5d25463e7a2ff92dff42164da7b28b684cb4b43ad0726c2512e1d68d24f0e656562b21c6fcc3412ff107f9739b2198cabe03581b1190271407cc6c20722
SSDEEP

98304:CQ7JGsjbAWF6BXk96d7YyZ4dlbLdmkJqpr/Rsh6VlKXh+RjHcgG5lIM8Rya4E6A/:p6BXk96myZ6rmksprGoVlKO8b5l7tMT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
95035c6edd8d0086a092ae1caa1c8496f1880cec0cf96c710487e3d59d71a8a7

Files

95035c6edd8d0086a092ae1caa1c8496f1880cec0cf96c710487e3d59d71a8a7
.exe windows:6 windows x86 arch:x86

18216c9c32f168198cce335bd86e9804

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeGetTime

ws2_32

inet_ntoa
__WSAFDIsSet
bind
inet_addr
WSACleanup
closesocket
connect
gethostbyname
WSAStartup
ioctlsocket
socket
select
htons
setsockopt
ntohs
recv
getsockname
send
sendto
WSAGetLastError

shlwapi

PathFindFileNameA
PathFindExtensionA
StrToIntW
PathFileExistsA

wininet

InternetConnectA
InternetOpenUrlW
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetReadFile
HttpQueryInfoA
InternetOpenA
InternetCloseHandle

imm32

ImmSetCompositionWindow
ImmNotifyIME
ImmIsIME
ImmGetCompositionStringW
ImmAssociateContext
ImmReleaseContext
ImmGetContext
ImmGetProperty
ImmGetDescriptionW
ImmGetCandidateListW
ImmSetCandidateWindow

ddraw

DirectDrawCreate

d3d9

Direct3DCreate9

d3dx9_43

D3DXSaveSurfaceToFileA
D3DXGetImageInfoFromFileInMemory
D3DXCreateTextureFromFileInMemoryEx
D3DXSaveTextureToFileA
D3DXMatrixPerspectiveFovLH
D3DXMatrixLookAtLH
D3DXCreateBuffer
D3DXMatrixOrthoOffCenterLH
D3DXMatrixMultiply
D3DXPlaneTransform
D3DXLoadSurfaceFromSurface
D3DXGetImageInfoFromFileA
D3DXVec3TransformCoord
D3DXLoadSurfaceFromFileInMemory
D3DXQuaternionRotationMatrix
D3DXMatrixRotationQuaternion
D3DXMatrixRotationAxis
D3DXAssembleShader
D3DXMatrixShadow

speedtreert

?LoadTree@CSpeedTreeRT@@QAE_NPBEI@Z
?MakeInstance@CSpeedTreeRT@@QAEPAV1@XZ
?Compute@CSpeedTreeRT@@QAE_NPBMI_N@Z
??3CSpeedTreeRT@@SAXPAX@Z
??2CSpeedTreeRT@@SAPAXI@Z
?SetTreeSize@CSpeedTreeRT@@QAEXMM@Z
?SetLeafRockingState@CSpeedTreeRT@@QAEX_N@Z
?SetNumLeafRockingGroups@CSpeedTreeRT@@QAEXI@Z
?SetLeafWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetBranchWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetFrondWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetTreePosition@CSpeedTreeRT@@QAEXMMM@Z
?GetTreeSize@CSpeedTreeRT@@QBEXAAM0@Z
?SetBranchLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetLeafLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
??1CSpeedTreeRT@@QAE@XZ
?SetLightState@CSpeedTreeRT@@SAXI_N@Z
?SetLightAttributes@CSpeedTreeRT@@SAXIPBM@Z
?SetCamera@CSpeedTreeRT@@SAXPBM0@Z
??0CSpeedTreeRT@@QAE@XZ
??1STextures@CSpeedTreeRT@@QAE@XZ
??0STextures@CSpeedTreeRT@@QAE@XZ
??1SGeometry@CSpeedTreeRT@@QAE@XZ
?GetBoundingBox@CSpeedTreeRT@@QBEXPAM@Z
?SetTime@CSpeedTreeRT@@SAXM@Z
?Authorize@CSpeedTreeRT@@SAXPBD@Z
??0SGeometry@CSpeedTreeRT@@QAE@XZ
?SetWindStrength@CSpeedTreeRT@@QAEMMMM@Z
?ComputeLodLevel@CSpeedTreeRT@@QAEXXZ
?SetLodLevel@CSpeedTreeRT@@QAEXM@Z
?SetDropToBillboard@CSpeedTreeRT@@SAX_N@Z
?SetLodLimits@CSpeedTreeRT@@QAEXMM@Z
?GetDiscreteLeafLodLevel@CSpeedTreeRT@@QBEGM@Z
?GetNumBranchLodLevels@CSpeedTreeRT@@QBEGXZ
?GetNumLeafLodLevels@CSpeedTreeRT@@QBEGXZ
?GetNumFrondLodLevels@CSpeedTreeRT@@QBEGXZ
?GetGeometry@CSpeedTreeRT@@QAEXAAUSGeometry@1@KFFF@Z
?GetTextures@CSpeedTreeRT@@QBEXAAUSTextures@1@@Z
?SetTextureFlip@CSpeedTreeRT@@SAX_N@Z
?SetFrondLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z

kernel32

LoadLibraryA
TerminateProcess
OpenProcess
VirtualQueryEx
ReadProcessMemory
CreateToolhelp32Snapshot
Process32First
Process32Next
CreateFileA
DeviceIoControl
GlobalMemoryStatusEx
GetComputerNameW
Sleep
GetSystemInfo
GetVersionExW
GlobalMemoryStatus
lstrlenA
HeapAlloc
HeapFree
GetProcessHeap
GetSystemTime
SystemTimeToFileTime
GetModuleHandleW
FlushInstructionCache
ReleaseMutex
CreateMutexW
IsBadWritePtr
GlobalAlloc
GlobalUnlock
GlobalLock
WideCharToMultiByte
DeleteFileA
MultiByteToWideChar
GetCurrentDirectoryW
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
SetEvent
CreateEventW
ExitThread
CreateDirectoryA
FindFirstFileA
FindNextFileA
GetFileSize
ResetEvent
WaitForMultipleObjects
GetExitCodeThread
GetLocalTime
CopyFileA
VirtualProtect
GetCommandLineW
OutputDebugStringA
WaitForSingleObject
ResumeThread
FindClose
WriteFile
ConnectNamedPipe
CreateNamedPipeW
CreateMutexA
CreateProcessW
GetDiskFreeSpaceA
OutputDebugStringW
SignalObjectAndWait
SetThreadPriority
SetThreadPriorityBoost
GetPrivateProfileStringW
WritePrivateProfileStringW
SetCurrentDirectoryA
GetCurrentDirectoryA
IsDebuggerPresent
GetVersion
DuplicateHandle
SuspendThread
GetPrivateProfileIntA
OpenFile
ReleaseSemaphore
CreateSemaphoreW
SetLastError
QueueUserAPC
LoadLibraryExW
LoadResource
SizeofResource
FindResourceW
MulDiv
lstrcmpW
lstrcmpiW
QueryPerformanceCounter
QueryPerformanceFrequency
SetFilePointer
IsDBCSLeadByteEx
WinExec
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
DeleteCriticalSection
InitializeCriticalSection
IsBadReadPtr
lstrcpyW
LoadLibraryW
GetProcAddress
GetModuleFileNameW
GetModuleHandleA
ReadFile
FormatMessageA
LoadLibraryExA
VirtualFree
VirtualAlloc
GetModuleFileNameA
CreateThread
InterlockedPushEntrySList
InterlockedPopEntrySList
EncodePointer
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeLibrary
GetCurrentThreadId
ExitProcess
GetCurrentThread
LocalAlloc
GlobalFree
GetWindowsDirectoryA
IsDBCSLeadByte
GlobalReAlloc
GlobalSize
WaitForSingleObjectEx
GetTickCount
GetCommandLineA
GetFileAttributesA
CreateFileW
CloseHandle
GetLastError
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
GetCurrentProcessId

user32

GetClientRect
SetWindowPos
IsIconic
IsZoomed
IsWindowEnabled
PostMessageW
ClientToScreen
GetKeyState
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
ScreenToClient
GetCursorPos
PostQuitMessage
WindowFromDC
EnumWindows
CreateWindowExA
EnumThreadWindows
GetWindowDC
IsWindowUnicode
SetCaretPos
SendMessageW
GetWindowTextW
GetWindowLongW
FindWindowW
GetWindowTextA
GetClassNameW
IsWindowVisible
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
FindWindowA
CreateCaret
GetKeyboardLayout
GetClipboardData
UnregisterClassW
IsWindow
GetActiveWindow
SetActiveWindow
EnumChildWindows
GetMenuBarInfo
GetAsyncKeyState
InvalidateRect
AdjustWindowRectEx
RegisterClipboardFormatW
DestroyCursor
LoadCursorFromFileA
IntersectRect
SetRect
GetAncestor
GetParent
GetDesktopWindow
SetWindowLongA
FillRect
GetSysColor
GetWindowTextLengthW
RedrawWindow
InvalidateRgn
ReleaseDC
GetDC
DestroyAcceleratorTable
CreateAcceleratorTableW
KillTimer
SetTimer
keybd_event
GetFocus
SetFocus
CharNextW
GetDlgItem
DestroyWindow
IsChild
GetClassInfoExW
CallWindowProcW
GetMessageW
RegisterWindowMessageW
MessageBoxW
LoadCursorW
AdjustWindowRect
SetForegroundWindow
UpdateWindow
GetSystemMetrics
MoveWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
wsprintfW
ReleaseCapture
SetWindowLongW
GetCapture
GetGUIThreadInfo
ChangeDisplaySettingsW
LoadIconW
SetCursor
MessageBoxA
EndPaint
BeginPaint
GetForegroundWindow
PeekMessageW
DispatchMessageW
TranslateMessage
SetWindowTextW
ShowWindow
SetCursorPos
PtInRect
IsRectEmpty
GetWindowRect
GetWindow
GetClassNameA
GetTopWindow
GetWindowThreadProcessId
SetCapture

gdi32

GetStockObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
DeleteDC
DeleteObject
GetDeviceCaps
GetDIBits
CreateFontIndirectW
PtInRegion
CreatePolygonRgn
EnumFontFamiliesExW
GetGlyphOutlineW
CreateEllipticRgn
SelectObject
GetObjectW
TextOutA
SetMapMode
GetTextExtentPoint32W
CreateFontW
ExtTextOutW
CreateDIBSection
SetTextAlign
SetTextColor
SetBkColor
BitBlt

advapi32

RegSetValueExW
OpenProcessToken
OpenThreadToken
AdjustTokenPrivileges
LookupPrivilegeValueW
GetUserNameW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW

shell32

SHOpenFolderAndSelectItems
ShellExecuteExA
Shell_NotifyIconW
ShellExecuteA
ShellExecuteW

ole32

CoTaskMemAlloc
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoTaskMemRealloc
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
OleInitialize
OleUninitialize
OleLockRunning
CoGetClassObject
CoTaskMemFree

oleaut32

VariantCopy
OleCreateFontIndirect
DispCallFunc
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysFreeString
VariantClear
VariantInit
SysStringLen
SysAllocStringLen
SysAllocString

elementskill

?GetAbilityPercent@ElementSkill@GNET@@SAHI@Z
?PetLearn@ElementSkill@GNET@@SAHIAAUPetRequirement@2@H@Z
?Condition@ElementSkill@GNET@@SAHIAAUUseRequirement@2@H@Z
?LearnCondition@ElementSkill@GNET@@SAHIAAULearnRequirement@2@H@Z
?LoadSkillData@ElementSkill@GNET@@SAXPAX@Z
?Query@VisibleState@GNET@@SAPBV12@HH@Z
?SetAbility@ElementSkill@GNET@@SAHIH@Z
?GetComboSkActivated@ElementSkill@GNET@@SAXABUComboSkillState@2@AAV?$vector@U?$pair@IH@std@@V?$allocator@U?$pair@IH@std@@@2@@std@@@Z
?GoblinCondition@ElementSkill@GNET@@SAHIAAUGoblinUseRequirement@2@H@Z
?GetVersion@ElementSkill@GNET@@SAHXZ
?GetExecuteTime@ElementSkill@GNET@@SAHIH@Z
?GetRequiredBook@ElementSkill@GNET@@SAHIH@Z
?InitStaticData@ElementSkill@GNET@@SAXXZ
?Create@ElementSkill@GNET@@SAPAV12@IH@Z
?Destroy@ElementSkill@GNET@@QAEXXZ
?GetComboSkPreSkill@ElementSkill@GNET@@SAHI@Z
?GetInherentSkills@ElementSkill@GNET@@SAABV?$vector@IV?$allocator@I@std@@@std@@H@Z
?NextSkill@ElementSkill@GNET@@SAII@Z
?IsMovingSkill@ElementSkill@GNET@@SA_NI@Z
?GetMaxAbility@ElementSkill@GNET@@SAHIH@Z
?GetAbility@ElementSkill@GNET@@SAHI@Z
?GetRequiredRealmLevel@ElementSkill@GNET@@SAHIH@Z
?GetRequiredLevel@ElementSkill@GNET@@SAHIH@Z
?IsOverridden@ElementSkill@GNET@@SA_NI@Z
?GetType@ElementSkill@GNET@@SADI@Z
?IsGoblinSkill@ElementSkill@GNET@@SA_NI@Z
?Query@TeamState@GNET@@SAPBV12@H@Z
?GetRequiredMoney@ElementSkill@GNET@@SAHIH@Z
?GetRequiredSp@ElementSkill@GNET@@SAHIH@Z
?GetIcon@ElementSkill@GNET@@SAPBDI@Z
?GoblinLearn@ElementSkill@GNET@@SAHIAAUGoblinRequirement@2@H@Z
?GetEffect@ElementSkill@GNET@@SAPBDI@Z
?GetName@ElementSkill@GNET@@SAPB_WI@Z
?GetCommonCoolDown@ElementSkill@GNET@@SAHI@Z
?SetLevel@ElementSkill@GNET@@SAHIH@Z
?GetNativeName@ElementSkill@GNET@@SAPBDI@Z

msvcp140

?id@?$ctype@_W@std@@2V0locale@2@A
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Xlength_error@std@@YAXPBD@Z

iphlpapi

GetAdaptersAddresses

urlmon

URLDownloadToFileW

vcruntime140

_purecall
strstr
strchr
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memmove
__RTDynamicCast
memchr
_local_unwind4
wcsstr
memset
wcschr
__std_type_info_name
longjmp
__current_exception
__current_exception_context
_except_handler4_common
_setjmp3
__CxxFrameHandler3
strrchr
__std_terminate
wcsrchr
memcpy

api-ms-win-crt-utility-l1-1-0

qsort
srand
rand

api-ms-win-crt-math-l1-1-0

_CItanh
_CIfmod
ceil
floor
_libm_sse2_sin_precise
_CIsinh
_CIcosh
_CIatan2
__libm_sse2_asin
__libm_sse2_atan2
__libm_sse2_cos
__libm_sse2_sinf
__libm_sse2_exp
__libm_sse2_pow
_libm_sse2_asin_precise
_libm_sse2_cos_precise
__libm_sse2_acos
__libm_sse2_acosf
__libm_sse2_sin
__libm_sse2_log
__libm_sse2_atan
__libm_sse2_tan
__libm_sse2_cosf
__libm_sse2_tanf
_libm_sse2_log10_precise
_libm_sse2_acos_precise
__setusermatherr
frexp
_libm_sse2_sqrt_precise
ldexp
_libm_sse2_pow_precise
_isnan
_libm_sse2_tan_precise
__libm_sse2_log10
_libm_sse2_exp_precise
modf

api-ms-win-crt-stdio-l1-1-0

tmpfile
__p__commode
fputs
_pclose
_set_fmode
clearerr
_fileno
fgets
freopen
__acrt_iob_func
setvbuf
__stdio_common_vfprintf
fseek
ftell
ferror
__stdio_common_vswprintf
_popen
fflush
ungetc
__stdio_common_vfwprintf
__stdio_common_vswprintf_s
__stdio_common_vswscanf
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
fwrite
fopen
fclose
tmpnam
getc
fgetwc
feof
__stdio_common_vfscanf
fgetws

api-ms-win-crt-time-l1-1-0

_gmtime64
strftime
_mktime64
clock
_difftime64
asctime
_time32
_time64
_mktime32
_localtime32
_localtime64
_gmtime32

api-ms-win-crt-string-l1-1-0

wcsncat
iswdigit
strcspn
strcpy_s
wcsncmp
_wcslwr
_wcsupr
strcoll
islower
ispunct
isxdigit
isupper
wcsncpy_s
strpbrk
strncat
isalpha
isalnum
iscntrl
isspace
_strlwr
tolower
isdigit
_wcsicmp
_strupr
_stricmp
_strnicmp
toupper
wcsncpy
strncmp
strncpy

api-ms-win-crt-filesystem-l1-1-0

_findfirst32
_stat64i32
remove
_findnext32
_access
_wremove
_findclose
_fstat64i32
rename
_rmdir
_mkdir
_findfirst64i32
_splitpath
_findnext64i32
_stat32

api-ms-win-crt-convert-l1-1-0

atoi
strtod
_wtoi
_itoa
strtoul
atol
_itow
atof

api-ms-win-crt-runtime-l1-1-0

_errno
exit
_resetstkoflw
system
_invalid_parameter_noinfo
strerror
_invalid_parameter_noinfo_noreturn
_controlfp_s
_beginthread
_beginthreadex
_crt_atexit
_seh_filter_exe
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
_exit
_register_onexit_function
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
terminate

api-ms-win-crt-heap-l1-1-0

_callnewh
calloc
realloc
_recalloc
malloc
free
_set_new_mode

api-ms-win-crt-locale-l1-1-0

setlocale
_configthreadlocale
localeconv

glu32

gluTessBeginContour
gluTessVertex
gluDeleteTess
gluTessEndPolygon
gluTessProperty
gluTessCallback
gluTessEndContour
gluTessBeginPolygon
gluNewTess

dsound

ord11

ftdriver

?CreateFTManager@@YAPAVIFTManager@@HHH@Z

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: 7.6MB - Virtual size: 7.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1018KB - Virtual size: 1017KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 210KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 491KB - Virtual size: 491KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

18216c9c32f168198cce335bd86e9804

Headers

DLL Characteristics

File Characteristics

Imports

winmm

ws2_32

shlwapi

wininet

imm32

ddraw

d3d9

d3dx9_43

speedtreert

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

elementskill

msvcp140

iphlpapi

urlmon

vcruntime140

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

glu32

dsound

ftdriver

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 7.6MB - Virtual size: 7.6MB

.rdata Size: 1018KB - Virtual size: 1017KB

.data Size: 210KB - Virtual size: 411KB

_RDATA Size: 146KB - Virtual size: 146KB

.rsrc Size: 282KB - Virtual size: 281KB

.reloc Size: 491KB - Virtual size: 491KB

.text
Size: 7.6MB - Virtual size: 7.6MB

.rdata
Size: 1018KB - Virtual size: 1017KB

.data
Size: 210KB - Virtual size: 411KB

_RDATA
Size: 146KB - Virtual size: 146KB

.rsrc
Size: 282KB - Virtual size: 281KB

.reloc
Size: 491KB - Virtual size: 491KB