490c573b0304377e0d4c207172fb6843

Sharing

Copy URL Twitter E-mail

General

Target

490c573b0304377e0d4c207172fb6843
Size

910KB
MD5

490c573b0304377e0d4c207172fb6843
SHA1

abfef9cb395938abc8bbcf34779d7ea673f8d5ed
SHA256

3a3b8fe73af0408541c04b6c940c61658deb18871b1f6f5485b16e66ea6e83de
SHA512

9e2700a27e00aa0dfc16acaf456d0691d6315a2abeab87c220933da329fc11287da35397f1146f3de0c770822c921989f04b9976f3a310cfec46c889abbe6b41
SSDEEP

24576:sozNVdzpqouF3evdDO7Lcafn0crTrCR4jyvjnbReQISmb:sSNXpqjQFDQPr04QbvQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/EG.dll
unpack001/Sango2src.exe
unpack001/exhook.dll
unpack001/sg2dbg.dll
unpack001/sg2loader.exe
unpack001/sghook.dll

Files

490c573b0304377e0d4c207172fb6843
.rar
Config.ini
DropItem1.ini
EG.dll
.dll windows:4 windows x86 arch:x86

13e21611bffaaa0af5388074f208443a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RtlUnwind
GetCommandLineA
HeapAlloc
HeapFree
RaiseException
ExitProcess
TerminateProcess
HeapSize
HeapReAlloc
GetACP
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
GetOEMCP
GetCPInfo
GetProcessVersion
WritePrivateProfileStringA
GlobalFlags
MulDiv
GetLastError
SetLastError
lstrcpynA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
DeleteFileA
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcpyA
GetModuleHandleA
GetProcAddress
GlobalFree
LockResource
FindResourceA
LoadResource
CloseHandle
GetModuleFileNameA
GlobalDeleteAtom
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
lstrcmpA
LocalFree
lstrlenA
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GetPrivateProfileStringA
GetTickCount
GetTempPathA
GetFullPathNameA
GetEnvironmentStrings

user32

GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
SendDlgItemMessageA
UpdateWindow
LoadIconA
IsDialogMessageA
SetWindowTextA
ShowWindow
wvsprintfA
UnregisterClassA
LoadStringA
GetClassNameA
ClientToScreen
GetDC
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
LoadCursorA
GetSysColorBrush
DestroyMenu
GetTopWindow
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
EndDialog
SetActiveWindow
IsWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
SetCursor
MessageBoxA
CopyRect
GetMenuItemCount
SendMessageA
LoadImageA
PostMessageA
PostQuitMessage
PtInRect
EnableWindow
IsIconic

gdi32

GetClipBox
SetTextColor
SaveDC
RestoreDC
GetStockObject
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
SelectObject
CreateBitmap
SetBkColor
DeleteObject
DeleteDC

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA

comctl32

ord17

Exports

Exports

_EditUserGeneral@8

Sections

.text
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sango.ini
Sango2src.exe
.exe windows:4 windows x86 arch:x86

5d9386e32e3701a69e1139de2f32e0e2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DispatchMessageA
SetCursorPos
OffsetRect
ClientToScreen
TranslateMessage
wsprintfA
GetDC
ReleaseDC
GetMessageA
SetCursor
DefWindowProcA
SetWindowLongA
LoadCursorA
PostQuitMessage
MessageBoxA
GetWindowLongA
SetFocus
PeekMessageA
ShowWindow
CreateWindowExA
SetRect
WaitMessage
SetWindowPos
GetWindowRect
GetClientRect
RegisterClassA
GetSystemMetrics
LoadIconA

gdi32

GetDeviceCaps
GetStockObject

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

ole32

CoInitialize
CoCreateInstance
CLSIDFromString
CoUninitialize

kernel32

WaitForSingleObject
SetEvent
MapViewOfFile
CreateFileMappingA
CloseHandle
OpenEventA
GetVersionExA
OutputDebugStringA
GetTickCount
GetTempPathA
GetDriveTypeA
_lcreat
_lopen
_lclose
_llseek
_lread
_lwrite
DeleteFileA
FindFirstFileA
FindNextFileA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetWindowsDirectoryA
GetSystemDirectoryA
RemoveDirectoryA
CreateDirectoryA
ExitProcess
TerminateProcess
GetCurrentProcess
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
HeapAlloc
HeapFree
HeapReAlloc
RaiseException
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
LCMapStringW
HeapSize
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
SetUnhandledExceptionFilter
GetLastError
SetFilePointer
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
LoadLibraryA
SetStdHandle
FlushFileBuffers
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
EnterCriticalSection
GetCurrentProcessId

dsound

DirectSoundCreate

ddraw

DirectDrawCreate

winmm

timeGetTime
auxGetVolume
mciSendCommandA
timeKillEvent
waveOutGetNumDevs
auxGetDevCapsA
auxGetNumDevs
waveOutGetDevCapsA
auxSetVolume
waveOutGetVolume
timeSetEvent
waveOutSetVolume

avifil32

AVIStreamInfoA
AVIStreamStart
AVIStreamRead
AVIStreamReadFormat
AVIFileGetStream
AVIFileRelease
AVIStreamRelease
AVIFileExit
AVIFileInit
AVIFileOpenA
AVIStreamLength
AVIStreamSampleToTime
AVIStreamTimeToSample

msvfw32

ICLocate
ICDecompress
ICClose
ICSendMessage

Sections

.text
Size: 501KB - Virtual size: 500KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 148KB - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Script/scene.so
Script/system.so
Shape/scene/cg1.shp
Shape/scene/cg1s.shp
exhook.dll
.dll windows:4 windows x86 arch:x86

13c6e9b93cd6587bb4a3efb4847aa101

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
Sleep
GetTickCount
OutputDebugStringA
GetCurrentDirectoryA
TerminateThread
GetExitCodeThread
CreateThread
CloseHandle
UnmapViewOfFile
GetCurrentProcess
MapViewOfFile
CreateFileMappingA
GetFileSize
_lread
SetFilePointer
DeleteFileA
GetFullPathNameA
MultiByteToWideChar
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
RtlUnwind
GetCommandLineA
GetVersion
DebugBreak
GetStdHandle
WriteFile
InterlockedDecrement
InterlockedIncrement
IsBadWritePtr
IsBadReadPtr
HeapValidate
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
FatalAppExitA
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetCurrentThread
ReadFile
SetHandleCount
GetFileType
GetStartupInfoA
TerminateProcess
GetModuleHandleA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapFree
VirtualFree
SetConsoleCtrlHandler
HeapAlloc
HeapReAlloc
VirtualAlloc
SetUnhandledExceptionFilter
IsBadCodePtr
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
CreateFileA
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
LCMapStringA
LCMapStringW
GetACP
GetOEMCP
SetEndOfFile
SetEnvironmentVariableA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

Exports

Exports

AdjustExploitSubWindowSeq
AdjustSearchSubWindowSeq
AdjustShootObjectFlyingSpeed_0
AfterDrawBigmapTimer
AllocateCityNodes
AllocateGeneralNodes
AllocateKingNodes
AllocateTroopNodes
AutoUseItem
BattleAI
BattleComputerAI_1
BeforeBattleCVC
BeforeBattlePVC
CalcBattleExp
CalcComputerArmyStart
CalcGatheringTick
CalcMajorAttackValue
CalcPlayerArmyStart
CalcSoldierAttackValue
ChangeTroopStatus_0
CheckLengthMap_0
CityAI
ComputerSelectAI_1
ComputerSelectGeneral
CopyOneLine_0
DeleteCityNodes
DeleteGeneralNodes
DeleteKingNodes
DeleteTroopNodes
DoAllWise
DoNextInst
DoZhanShou_0
EachSoldierType
ExtraFunc1
ExtraFunc2
ExtraFunc3
ExtraFunc4
ExtraFunc5
ExtraFunc6
ExtraFunc7
ExtraFunc8
ExtraMagicMenu_1
ExtraMagicMenu_2
ExtraResumeWise
ExtraWiseMagic
FindItemByName
ForceSoldier_OnShootObject
FreeCityNode
FreeGeneralNode
FreeKingNode
FreeTroopNode
GenenralZhanShouDisp_0
GeneralLevelupMagic
GeneralLevelupWise
GeneralZhanShou_0
GeneralZhaoXiang_0
GetAttackRangeMajor_0
GetCityIndexByName
GetCityNameByIndex
GetCityNodeByIndex
GetCityNodeIndex
GetExtraMagicIndex_0
GetExtraMagicIndex_1
GetForceMaskFromAbbr
GetGeneralNodeByIndex
GetGeneralNodeIndex
GetItemAttrib
GetItemAttrib_0
GetItemByIndex
GetItemByIndex_0
GetItemDescription
GetItemOwner
GetItemShape
GetItemWeaponObject
GetItemWeaponType
GetKingNodeByIndex
GetKingNodeIndex
GetLongAttackSequenceMajor_0
GetNextCityNode
GetNextGeneralNode
GetNextKingNode
GetNextTroopNode
GetSelectedKing
GetTroopByIndex
GetTroopIndex
GetTroopNodeByIndex
GetTroopNodeIndex
GetTroopSpeed_0
HookCheckMagickMP
HookDrawMagicMP
HookPlayMagic
InitScript_0
InitializeItem
ItemCanUse_0
LoadAllTroops
LoadBigmap_0
LoadCityImage_0
LoadCitySize_0
LoadExtraInfo
LoadGeneralExtra
LoadPeriodExtra_0
LoadUserGeneral
LongAttackOnSoldier_0
MajorExtraOMInitAttack_0
MajorExtraOMProcess_0
MoreSaverFileCheck
NewReadFile
NewReadFile1
NewSearchItem
OnBattleEnd
OnBigMapTimer_1
OnCalcForceCityX
OnCalcForceCityY
OnDrawForceMap
OnDrawGeneralExtra_1
OnDraw_ExtraWise
OnDraw_ExtraWise1
OnDraw_GeneralDetail_MagicItem
OnDraw_GeneralDetail_WiseItem
OnForce
OnForceNext
OnForcePrev
OnGameStart_0
OnLoadSaverComplete0
OnMainMenuItem_Save
OnMajorDeath
OnResetClock0
OnSoldierTypeNext
OnSoldierTypePrev
OnTroopMove_1
PlaySound_0
ReadAllExtra
ReadCity0
ReadCityExtra
ReadGeneralExtra
ReadItemWise
ReadKingExtra
ReadTroopExtra
ReloadKingItem_0
SaveExtraInfo
SearchItem
SelectAI
SetCityNameATOM
SetItemOwner
SetVolume_0
ShowItemDescription
StopSound_0
Test
UnloadBook
UnloadWeapon
UseBook
UseForceItem
UseItem
UseWeapon
UserDefinedMagic
UserDefinedWise
VolumeOff_0
VolumeOn_0
WriteAllExtra
WriteAllTroops
WriteCity0
WriteCityExtra
WriteGeneralExtra
WriteKingExtra
WriteTroopExtra

Sections

.text
Size: 428KB - Virtual size: 425KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
five.ini
histroy.txt
sg2dbg.dll
.dll windows:4 windows x86 arch:x86

23815d96f014c8faffa031b68d196a27

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
FlushFileBuffers
LCMapStringW
LCMapStringA
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
Sleep
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
UnhandledExceptionFilter
VirtualAlloc
GetLocaleInfoW
CompareStringA
CompareStringW
MultiByteToWideChar
ReadFile
WideCharToMultiByte
GetCommandLineA
GetVersion
DebugBreak
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
GetProcAddress
LoadLibraryA
InterlockedIncrement
GetModuleFileNameA
IsBadWritePtr
IsBadReadPtr
HeapValidate
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
FatalAppExitA
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetCurrentThread
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapFree
VirtualFree
SetFilePointer
SetConsoleCtrlHandler
RtlUnwind
HeapAlloc
HeapReAlloc
SetEnvironmentVariableA

user32

DestroyWindow
PeekMessageA
TranslateMessage
DispatchMessageA
RegisterClassA
GetWindowRect
CreateWindowExA
ShowWindow
DialogBoxParamA
DefWindowProcA
SendMessageA
SetFocus
GetDlgItem
GetWindowTextA
EndDialog
SetWindowTextA
InvalidateRect
BeginPaint
GetClientRect
FillRect
EndPaint
MessageBoxA

gdi32

SetBkMode
SetTextColor
CreateSolidBrush
DeleteObject
TextOutA
GetStockObject

Exports

Exports

DestroyDebugger
InitializeDebugger
OnDebug

Sections

.text
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sg2loader.exe
.exe windows:4 windows x86 arch:x86

0ef6bee2ae459507dea08f7148bcafd8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
ResumeThread
Sleep
CreateRemoteThread
GlobalFree
VirtualProtectEx
GlobalAlloc
WriteProcessMemory
ReadProcessMemory
VirtualAllocEx
GetLastError
CreateProcessA
LoadLibraryA
GetModuleFileNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
LCMapStringA
SetEndOfFile
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
MultiByteToWideChar
CreateFileA
GetCurrentDirectoryA
GetProcAddress
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
IsBadWritePtr
IsBadReadPtr
HeapValidate
CloseHandle
DebugBreak
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
InterlockedIncrement
ReadFile
TerminateProcess
GetCurrentProcess
SetHandleCount
GetFileType
SetFilePointer
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapFree
VirtualFree
RtlUnwind
HeapAlloc
HeapReAlloc
VirtualAlloc
SetStdHandle
FlushFileBuffers
SetConsoleCtrlHandler
LCMapStringW

user32

GetDC
ReleaseDC
DialogBoxParamA
GetWindowRect
GetSystemMetrics
SetWindowPos
MessageBoxA
EndDialog

gdi32

GetDeviceCaps

Sections

.text
Size: 220KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 236KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sghook.dll
.dll windows:4 windows x86 arch:x86

07940ad727d92ebd43221859f5efee62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteFileA
GetPrivateProfileIntA
GetTempPathA
GetPrivateProfileStringA
GetFullPathNameA
OutputDebugStringA
GetTickCount
VirtualProtect
CompareStringW
CompareStringA
GetCommandLineA
GetVersion
DebugBreak
GetStdHandle
WriteFile
InterlockedDecrement
GetProcAddress
LoadLibraryA
InterlockedIncrement
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
GetLastError
ReadFile
IsBadWritePtr
IsBadReadPtr
HeapValidate
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
SetFilePointer
CloseHandle
InitializeCriticalSection
ExitProcess
FatalAppExitA
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
TerminateProcess
GetCurrentProcess
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapFree
VirtualFree
SetConsoleCtrlHandler
SetStdHandle
FlushFileBuffers
RtlUnwind
HeapAlloc
HeapReAlloc
VirtualAlloc
CreateFileA
UnhandledExceptionFilter
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
SetEndOfFile
Sleep
LCMapStringA
LCMapStringW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeZoneInformation
GetLocaleInfoW
SetEnvironmentVariableA

user32

MessageBoxA

Sections

.text
Size: 200KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ug.ini

Sharing

General

Malware Config

Signatures

Files

13e21611bffaaa0af5388074f208443a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 116KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 16KB - Virtual size: 30KB

.rsrc Size: 16KB - Virtual size: 12KB

.reloc Size: 16KB - Virtual size: 15KB

5d9386e32e3701a69e1139de2f32e0e2

Headers

File Characteristics

Imports

user32

gdi32

advapi32

ole32

kernel32

dsound

ddraw

winmm

avifil32

msvfw32

Sections

.text Size: 501KB - Virtual size: 500KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 148KB - Virtual size: 330KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 5KB - Virtual size: 4KB

13c6e9b93cd6587bb4a3efb4847aa101

Headers

File Characteristics

Imports

kernel32

ole32

Exports

Exports

Sections

.text Size: 428KB - Virtual size: 425KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 28KB - Virtual size: 1.3MB

.idata Size: 4KB - Virtual size: 3KB

.reloc Size: 20KB - Virtual size: 16KB

23815d96f014c8faffa031b68d196a27

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 192KB - Virtual size: 191KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 24KB - Virtual size: 29KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 8KB - Virtual size: 7KB

0ef6bee2ae459507dea08f7148bcafd8

Headers

File Characteristics

Imports

kernel32

user32

gdi32

.text
Size: 120KB - Virtual size: 116KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 16KB - Virtual size: 30KB

.rsrc
Size: 16KB - Virtual size: 12KB

.reloc
Size: 16KB - Virtual size: 15KB

.text
Size: 501KB - Virtual size: 500KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 148KB - Virtual size: 330KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 5KB - Virtual size: 4KB

.text
Size: 428KB - Virtual size: 425KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 28KB - Virtual size: 1.3MB

.idata
Size: 4KB - Virtual size: 3KB

.reloc
Size: 20KB - Virtual size: 16KB

.text
Size: 192KB - Virtual size: 191KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 24KB - Virtual size: 29KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 220KB - Virtual size: 216KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 16KB - Virtual size: 205KB

.idata
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 236KB - Virtual size: 232KB

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 200KB - Virtual size: 198KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 20KB - Virtual size: 36KB

.idata
Size: 4KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 7KB