55839bf2631591a58075bc3928d9e389

Sharing

Copy URL Twitter E-mail

General

Target

55839bf2631591a58075bc3928d9e389
Size

1.1MB
MD5

55839bf2631591a58075bc3928d9e389
SHA1

3c88f2e342bf5119557ca4cf507034bcda9835ef
SHA256

55e4209e88b7bf3c5b709d3771e9514efcbf6b99b40e2f50638038f3a76000d0
SHA512

876e4ad4c261c60684454bf13471acdcd56b5c6e36fb880c58c5f80a7a8c3c15981c6f45721bd5d38b5a54176b58f5004bdefbead8a8039caa71ac4462c3f654
SSDEEP

24576:d7bSdS3PFN0TaeCHaLOoIGhuHlpfwpotwsuGkgg59Nq9:VeaTHaLOoT+lpDtwYHyb0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/GameModule_64BitPatch.elb

Files

55839bf2631591a58075bc3928d9e389
.rar
GameModule_64BitPatch.elb
.exe windows:4 windows x86 arch:x86

bfb7051eaeb6d9c5459852f94c5738b0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetDeviceGammaRamp
DeleteObject
GetDeviceGammaRamp

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA

user32

PeekMessageA
GetKeyState
SetTimer
DispatchMessageA
MessageBoxA
ReleaseDC
GetDC
GetWindowRect
FindWindowA
GetMessageA
UnregisterClassA
GetClientRect
DestroyWindow
RegisterClassA
LoadIconA
LoadCursorA
CreateWindowExA
PostQuitMessage
AdjustWindowRect
SetWindowPos
ShowCursor
SetWindowLongA
SetWindowTextA
ShowWindow
UpdateWindow
ExitWindowsEx
keybd_event
DefWindowProcA
GetFocus
GetForegroundWindow
IsIconic
GetWindowLongA
GetMenu
AdjustWindowRectEx
TranslateMessage

d3d9

Direct3DCreate9

dinput8

DirectInput8Create

winmm

timeKillEvent
timeGetTime

ole32

CoUninitialize
CoCreateGuid
CoInitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc

dsound

ord11

kernel32

GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
LoadLibraryA
WideCharToMultiByte
GetEnvironmentStrings
LCMapStringA
FreeEnvironmentStringsA
FlushFileBuffers
FreeEnvironmentStringsW
RaiseException
GetVersion
InterlockedDecrement
CreateFileW
InterlockedIncrement
lstrcmpiA
IsProcessorFeaturePresent
GetFileAttributesA
GetFullPathNameA
GetFileSize
OpenSemaphoreA
GetStringTypeW
GetOverlappedResult
GetLocaleInfoW
SetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidCodePage
IsValidLocale
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
HeapFree
GetProcessHeap
HeapAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
Sleep
GetDiskFreeSpaceExA
GetLastError
CreateDirectoryA
RemoveDirectoryA
SetThreadPriority
GetCurrentThread
CloseHandle
ResumeThread
CreateThread
CreateSemaphoreA
WaitForSingleObject
ReleaseSemaphore
CreateMutexA
ReleaseMutex
GetCommandLineA
FreeResource
DeviceIoControl
CreateFileA
LockResource
LoadResource
FindResourceA
GetModuleHandleA
GetSystemDefaultLangID
GetVersionExA
GetSystemInfo
VirtualProtect
HeapDestroy
GetCurrentProcessId
HeapSize
LCMapStringW
DeleteCriticalSection
GetSystemDirectoryA
SetEvent
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
ReadFile
CreateEventA
SetHandleCount
GetStdHandle
InitializeCriticalSection
VirtualQuery
InterlockedExchange
GetCPInfo
GetOEMCP
GetACP
IsBadWritePtr
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
HeapCreate
TlsSetValue
GetModuleFileNameA
TlsFree
GetStartupInfoA
GetFileType
GetCurrentProcess
GetTickCount
UnhandledExceptionFilter
TerminateProcess
ExitProcess
GetProcAddress
TlsGetValue
ExitThread
SetEndOfFile
SetLastError
TlsAlloc
RtlUnwind
GetCurrentThreadId
CreateFileMappingA
WriteFile
SetFilePointer
UnmapViewOfFile
MapViewOfFile

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_rwcseg
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_rwdseg
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

IDR_RCP
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

IDR_RCP1
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.patch
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Read me.txt

Sharing

General

Malware Config

Signatures

Files

bfb7051eaeb6d9c5459852f94c5738b0

Headers

File Characteristics

Imports

gdi32

advapi32

user32

d3d9

dinput8

winmm

ole32

dsound

kernel32

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

_rwcseg Size: 4KB - Virtual size: 1KB

.rdata Size: 140KB - Virtual size: 136KB

.data Size: 120KB - Virtual size: 181KB

_rwdseg Size: 4KB - Virtual size: 8B

.rsrc Size: 132KB - Virtual size: 131KB

IDR_RCP Size: 96KB - Virtual size: 96KB

IDR_RCP1 Size: 104KB - Virtual size: 104KB

.patch Size: 64KB - Virtual size: 64KB

.text
Size: 2.1MB - Virtual size: 2.1MB

_rwcseg
Size: 4KB - Virtual size: 1KB

.rdata
Size: 140KB - Virtual size: 136KB

.data
Size: 120KB - Virtual size: 181KB

_rwdseg
Size: 4KB - Virtual size: 8B

.rsrc
Size: 132KB - Virtual size: 131KB

IDR_RCP
Size: 96KB - Virtual size: 96KB

IDR_RCP1
Size: 104KB - Virtual size: 104KB

.patch
Size: 64KB - Virtual size: 64KB