planearcade[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

planearcade.exe
Size

4.5MB
MD5

567fe99ec613689918772da8eab120cf
SHA1

2fdb858d7b2b0025c07571f49dcfc4e512376ffe
SHA256

137643d574d64297c6acfad2db73f0cccc8ddc83b450f1625a04baadfb3b6501
SHA512

3581738234be75e883e0705d0a3ecf6511e1ff9be7d8a7b4c30629e9e6536906e8858b7b9607be0052a5ac391aef2dd4f3ffbf850e10086382ff3eee3b298408
SSDEEP

98304:gn46Xz64ZRPwnqEkdaLmyjXKT8aEZtV/cdPlmStBPpdGrULInuD+Ls0swuPa:Z6D64ZenqJdaSyjN5V/YPBPPpgrGIuD0

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
planearcade.exe
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$SYSDIR/OpenAL32.dll
unpack001/$SYSDIR/wrap_oal.dll
unpack001/OpenAL32.dll
unpack001/Plane Arcade.exe
unpack001/pa.exe
unpack001/wrap_oal.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

planearcade.exe
.exe windows:4 windows x86 arch:x86

9632e80596371cfa7f563f680f3c4498

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

kernel32

SetErrorMode
GetExitCodeProcess
WaitForSingleObject
ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcmpiA
FindNextFileA
DeleteFileA
FindFirstFileA
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetModuleHandleA
ExitProcess
lstrcpynA
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GetVersion
GlobalUnlock
GlobalLock
GlobalAlloc
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
EnterCriticalSection
Sleep
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
GlobalFree
LoadLibraryA
GetProcAddress
CreateThread
FreeLibrary
MultiByteToWideChar
GetCurrentProcess
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
MulDiv
CopyFileA

user32

CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
ExitWindowsEx
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
PostQuitMessage

gdi32

GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateBrushIndirect
CreateFontA
SetBkMode
SetTextColor
SetBkColor
SelectObject

advapi32

RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

3764e6c387ce3c76b39936a24d523dce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileIntA
MultiByteToWideChar
GetPrivateProfileStringA
MulDiv
lstrcmpiA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GetModuleHandleA
GlobalAlloc

user32

PtInRect
MapWindowPoints
GetDlgCtrlID
LoadIconA
LoadImageA
LoadCursorA
CreateWindowExA
GetDC
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
EnableWindow
SendMessageA
SetWindowTextA
GetWindowTextA
wsprintfA
CharNextA
SetWindowLongA

gdi32

SetTextColor
CreateCompatibleDC
SelectObject
GetTextMetricsA
GetTextExtentPoint32A
DeleteDC
DeleteObject

comdlg32

GetOpenFileNameA
CommDlgExtendedError
GetSaveFileNameA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

ee01c5cc33cdb3294484fc93e41c14ad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
GlobalAlloc
GetModuleHandleA
lstrcpynA
lstrcmpA
MulDiv
lstrcpyA
GlobalFree

user32

LoadIconA
SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
DialogBoxParamA
GetDC
ShowWindow
EndDialog
SendMessageA

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 681B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 242B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
.ps1
$SYSDIR/OpenAL32.dll
.dll windows:4 windows x86 arch:x86

a2aaff1db01b2c29d7ab20370a8b5270

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

waveOutMessage
waveOutGetDevCapsA

kernel32

VirtualFree
LeaveCriticalSection
EnterCriticalSection
FindClose
GetLastError
FindNextFileA
FreeLibrary
LoadLibraryA
FindFirstFileA
GetProcAddress
GetSystemDirectoryA
GetModuleFileNameA
GetCurrentDirectoryA
IsBadReadPtr
DeleteCriticalSection
InitializeCriticalSection
IsBadWritePtr
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
GetModuleHandleA
ExitProcess
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualAlloc
HeapReAlloc
RtlUnwind
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
InterlockedDecrement
InterlockedIncrement
GetStringTypeA
GetStringTypeW

Exports

Exports

alBufferData
alDeleteBuffers
alDeleteSources
alDisable
alDistanceModel
alDopplerFactor
alDopplerVelocity
alEnable
alGenBuffers
alGenSources
alGetBoolean
alGetBooleanv
alGetBufferf
alGetBufferi
alGetDouble
alGetDoublev
alGetEnumValue
alGetError
alGetFloat
alGetFloatv
alGetInteger
alGetIntegerv
alGetListener3f
alGetListenerf
alGetListenerfv
alGetListeneri
alGetProcAddress
alGetSource3f
alGetSourcef
alGetSourcefv
alGetSourcei
alGetString
alIsBuffer
alIsEnabled
alIsExtensionPresent
alIsSource
alListener3f
alListenerf
alListenerfv
alListeneri
alSource3f
alSourcePause
alSourcePausev
alSourcePlay
alSourcePlayv
alSourceQueueBuffers
alSourceRewind
alSourceRewindv
alSourceStop
alSourceStopv
alSourceUnqueueBuffers
alSourcef
alSourcefv
alSourcei
alcCloseDevice
alcCreateContext
alcDestroyContext
alcGetContextsDevice
alcGetCurrentContext
alcGetEnumValue
alcGetError
alcGetIntegerv
alcGetProcAddress
alcGetString
alcIsExtensionPresent
alcMakeContextCurrent
alcOpenDevice
alcProcessContext
alcSuspendContext

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/wrap_oal.dll
.dll windows:4 windows x86 arch:x86

5abb70a2e412ebc554b03bc7abf9c0e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

IsBadWritePtr
GetProcAddress
LoadLibraryA
FreeLibrary
RtlUnwind
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
GetOEMCP
GetACP
GetCPInfo
RaiseException
WriteFile
GetEnvironmentStringsW
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringA
CloseHandle
CreateThread
CreateEventA
InitializeCriticalSection
SetEvent
DeleteCriticalSection
WaitForSingleObjectEx
Sleep
ExitThread
HeapAlloc
HeapFree
HeapReAlloc
GetCommandLineA
GetVersion
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings

winmm

waveOutWrite
waveOutUnprepareHeader
waveOutClose
timeSetEvent
waveOutPrepareHeader
timeKillEvent
timeEndPeriod
timeGetDevCaps
timeBeginPeriod
waveOutOpen
waveOutReset
timeGetTime

user32

PostThreadMessageA
GetForegroundWindow
GetMessageA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

Exports

Exports

EAXGet
EAXSet
alBufferData
alDeleteBuffers
alDeleteSources
alDisable
alDistanceModel
alDopplerFactor
alDopplerVelocity
alEAXAC3GetFunctionTable
alEnable
alGenBuffers
alGenSources
alGetBoolean
alGetBooleanv
alGetBufferf
alGetBufferi
alGetDouble
alGetDoublev
alGetEnumValue
alGetError
alGetFloat
alGetFloatv
alGetInteger
alGetIntegerv
alGetListener3f
alGetListenerf
alGetListenerfv
alGetListeneri
alGetProcAddress
alGetSource3f
alGetSourcef
alGetSourcefv
alGetSourcei
alGetString
alIsBuffer
alIsEnabled
alIsExtensionPresent
alIsSource
alListener3f
alListenerf
alListenerfv
alListeneri
alSource3f
alSourcePause
alSourcePausev
alSourcePlay
alSourcePlayv
alSourceQueueBuffers
alSourceRewind
alSourceRewindv
alSourceStop
alSourceStopv
alSourceUnqueueBuffers
alSourcef
alSourcefv
alSourcei
alcCloseDevice
alcCreateContext
alcDestroyContext
alcGetContextsDevice
alcGetCurrentContext
alcGetEnumValue
alcGetError
alcGetIntegerv
alcGetProcAddress
alcGetString
alcIsExtensionPresent
alcMakeContextCurrent
alcOpenDevice
alcProcessContext
alcSuspendContext

Sections

.text
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 768KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExplodeLarge.wav
ExplodeSmall.wav
Fire.wav
MesserSchmitt.wav
OpenAL32.dll
.dll windows:4 windows x86 arch:x86

a2aaff1db01b2c29d7ab20370a8b5270

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

waveOutMessage
waveOutGetDevCapsA

kernel32

VirtualFree
LeaveCriticalSection
EnterCriticalSection
FindClose
GetLastError
FindNextFileA
FreeLibrary
LoadLibraryA
FindFirstFileA
GetProcAddress
GetSystemDirectoryA
GetModuleFileNameA
GetCurrentDirectoryA
IsBadReadPtr
DeleteCriticalSection
InitializeCriticalSection
IsBadWritePtr
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
GetModuleHandleA
ExitProcess
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualAlloc
HeapReAlloc
RtlUnwind
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
InterlockedDecrement
InterlockedIncrement
GetStringTypeA
GetStringTypeW

Exports

Exports

alBufferData
alDeleteBuffers
alDeleteSources
alDisable
alDistanceModel
alDopplerFactor
alDopplerVelocity
alEnable
alGenBuffers
alGenSources
alGetBoolean
alGetBooleanv
alGetBufferf
alGetBufferi
alGetDouble
alGetDoublev
alGetEnumValue
alGetError
alGetFloat
alGetFloatv
alGetInteger
alGetIntegerv
alGetListener3f
alGetListenerf
alGetListenerfv
alGetListeneri
alGetProcAddress
alGetSource3f
alGetSourcef
alGetSourcefv
alGetSourcei
alGetString
alIsBuffer
alIsEnabled
alIsExtensionPresent
alIsSource
alListener3f
alListenerf
alListenerfv
alListeneri
alSource3f
alSourcePause
alSourcePausev
alSourcePlay
alSourcePlayv
alSourceQueueBuffers
alSourceRewind
alSourceRewindv
alSourceStop
alSourceStopv
alSourceUnqueueBuffers
alSourcef
alSourcefv
alSourcei
alcCloseDevice
alcCreateContext
alcDestroyContext
alcGetContextsDevice
alcGetCurrentContext
alcGetEnumValue
alcGetError
alcGetIntegerv
alcGetProcAddress
alcGetString
alcIsExtensionPresent
alcMakeContextCurrent
alcOpenDevice
alcProcessContext
alcSuspendContext

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plane Arcade.exe
.exe windows:4 windows x86 arch:x86

aa83244b7e0e7f9a870874b597ee144c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaFreeVar
__vbaEnd
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaPrintFile
__vbaInputFile
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaFpI4
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SpitFire.wav
Tank3.bmp
.rar
2Dpanel.h
2dpanel.cpp
bombarder.cpp
bombarder.h
bombs.cpp
bombs.h
bsp.cpp
bsp.h
bspclass.h
bspstruct.h
bullets.cpp
bullets.h
camera.cpp
camera.h
config.cpp
config.h
debug.cpp
debug.h
dxfont.cpp
dxfont.h
editor.cpp
editor.h
engine.cpp
engine.h
explo.cpp
explo.h
fireball.cpp
fireball.h
font2D.cpp
font2D.h
input.cpp
input.h
level.cpp
level.h
light.cpp
light.h
log.cpp
log.h
log.txt
main.cpp
main.h
md2.h
menu.cpp
menu.h
messerschmitt.cpp
messerschmitt.h
model.cpp
model.h
modellib.cpp
modellib.h
occlass.h
ocstruct.h
octree.cpp
octree.h
offscreen.cpp
offscreen.h
particleclass.h
particleenums.h
particles.cpp
particles.h
particlestruct.h
particlesystem.cpp
particlesystem.h
q3bitset.h
q3bsp.cpp
q3bsp.h
q3enums.h
q3structs.h
rbspstruct.h
resource.h
score.cpp
score.h
shd.h
skydome.cpp
skydome.h
sound.cpp
sound.h
soundlib.cpp
soundlib.h
spitfire.cpp
spitfire.h
stencil.cpp
stencil.h
structures.cpp
structures.h
truck.cpp
truck.h
types.cpp
types.h
volker.cpp
volker.h
Volker.wav
Vrtula.bmp
billboard.ASE
billboard.bmp
bomb.ASE
bomb.bmp
bomb.gif
.gif
bombarder.ASE
bombarder.wav
bombarderdestroy.bmp
bombardernormal.bmp
budova.ASE
budova.bmp
budovadestroy.bmp
bullet.bmp
config.ini
conv1.ASE
conv1.bmp
conv1destroy.bmp
conv2.ASE
conv2.bmp
conv2destroy.bmp
default.ini
dom1.ASE
dom1.bmp
dom1destroy.bmp
dom2.ASE
dom2.bmp
dom2destroy.bmp
ex0001.jpg
.jpg
ex0002.jpg
.jpg
ex0003.jpg
.jpg
ex0004.jpg
.jpg
ex0005.jpg
.jpg
ex0006.jpg
.jpg
ex0007.jpg
.jpg
ex0008.jpg
.jpg
ex0009.jpg
.jpg
ex000zal.jpg
.jpg
ex0010.jpg
.jpg
fire.bmp
fireball1.ASE
fireball1.jpg
.jpg
fireball2.ASE
fireball2.jpg
.jpg
frag1.gif
.gif
frag2.gif
.gif
frag3.gif
.gif
frag4.gif
.gif
frag5.gif
.gif
frag6.gif
.gif
gamemusic.mp3
hangar.ASE
hangar.bmp
hangardestroy.bmp
hit.bmp
komin.ASE
komin.bmp
komindestroy.bmp
kostol.ASE
kostol.bmp
kostoldestroy.bmp
letisko.ASE
letisko.bmp
letiskodestroy.bmp
logopilot.gif
.gif
manual.htm
.html
menumusic.mp3
messerdestroy.bmp
messernormal.bmp
messerschmitt.ASE
mesto.bmp
mesto1.ASE
mesto2.ASE
mesto3.ASE
mesto4.ASE
mestodestroy.bmp
pa.exe
.exe windows:4 windows x86 arch:x86

be1fd846fc1e5d45379f579ae59ecdf5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

d3d9

Direct3DCreate9

dinput8

DirectInput8Create

kernel32

MapViewOfFile
GetFileSize
CreateFileMappingA
CreateFileA
CreateFileW
WideCharToMultiByte
GetVersionExA
CloseHandle
UnmapViewOfFile
GetSystemInfo
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
MultiByteToWideChar
GetLastError
HeapFree
SetEndOfFile
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetCurrentProcessId
LCMapStringW
LCMapStringA
FormatMessageA
LocalFree
WriteFile
LoadLibraryA
GetProcAddress
FatalAppExitA
DebugBreak
GetProfileIntA
OutputDebugStringA
QueryPerformanceFrequency
GetProcessHeap
QueryPerformanceCounter
GetModuleHandleA
HeapAlloc
GetCPInfo
IsBadWritePtr
RaiseException
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
HeapSize
HeapReAlloc
ReadFile
SetFilePointer
GetCurrentProcess
TerminateProcess
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess

user32

MessageBoxA
PostQuitMessage
GetCursorPos
ShowCursor
DrawTextW
DrawTextA
RegisterClassExA
CreateWindowExA
GetDesktopWindow
ShowWindow
UpdateWindow
PeekMessageA
TranslateMessage
DispatchMessageA
UnregisterClassA
DefWindowProcA
SetCursorPos
ScreenToClient

gdi32

CreateDIBSection
SetBkMode
SetBkColor
SetTextColor
SelectObject
DeleteDC
CreateFontIndirectA
GetObjectA
CreateFontA
DeleteObject
CreateCompatibleDC

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey

ole32

CoCreateInstance
CoUninitialize
CoInitialize

openal32

alListener3f
alListenerfv
alSource3f
alSourceStop
alSourcePlay
alGenSources
alGenBuffers
alBufferData
alSourcef
alSourcei
alDeleteSources
alDeleteBuffers
alcGetCurrentContext
alcGetContextsDevice
alcDestroyContext
alcCloseDevice
alcOpenDevice
alcCreateContext
alcMakeContextCurrent

Sections

.text
Size: 476KB - Virtual size: 474KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 988KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
pa.ico
palma1.ASE
palma1.bmp
palma2.ASE
palma2.bmp
particle.bmp
pilot1.gif
.gif
pilot2.gif
.gif
pilot3.gif
.gif
pilotdeath.gif
.gif
plane.ASE
sklad.ASE
sklad.bmp
skladdestroy.bmp
smoke.bmp
speed.gif
.gif
stan.ASE
stan.bmp
standestroy.bmp
strom1.ASE
strom1.bmp
strom2.ASE
strom2.bmp
strom3.ASE
strom3.bmp
strom4.ASE
strom4.bmp
style.css
tank1.ASE
tank1.bmp
tank1destroy.bmp
tank2.ASE
tank2.bmp
tank2destroy.bmp
tank3destroy.bmp
tovaren.ASE
tovaren.bmp
tovarendestroy.bmp
truckback.ASE
truckcannon.ASE
truckdestroy.bmp
truckdestroyed.ASE
trucknormal.bmp
upload score.htm
volker.ASE
volkerdestroy.bmp
volkernormal.bmp
vrtula.ASE
wrap_oal.dll
.dll windows:4 windows x86 arch:x86

5abb70a2e412ebc554b03bc7abf9c0e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

IsBadWritePtr
GetProcAddress
LoadLibraryA
FreeLibrary
RtlUnwind
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
GetOEMCP
GetACP
GetCPInfo
RaiseException
WriteFile
GetEnvironmentStringsW
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringA
CloseHandle
CreateThread
CreateEventA
InitializeCriticalSection
SetEvent
DeleteCriticalSection
WaitForSingleObjectEx
Sleep
ExitThread
HeapAlloc
HeapFree
HeapReAlloc
GetCommandLineA
GetVersion
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings

winmm

waveOutWrite
waveOutUnprepareHeader
waveOutClose
timeSetEvent
waveOutPrepareHeader
timeKillEvent
timeEndPeriod
timeGetDevCaps
timeBeginPeriod
waveOutOpen
waveOutReset
timeGetTime

user32

PostThreadMessageA
GetForegroundWindow
GetMessageA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

Exports

Exports

EAXGet
EAXSet
alBufferData
alDeleteBuffers
alDeleteSources
alDisable
alDistanceModel
alDopplerFactor
alDopplerVelocity
alEAXAC3GetFunctionTable
alEnable
alGenBuffers
alGenSources
alGetBoolean
alGetBooleanv
alGetBufferf
alGetBufferi
alGetDouble
alGetDoublev
alGetEnumValue
alGetError
alGetFloat
alGetFloatv
alGetInteger
alGetIntegerv
alGetListener3f
alGetListenerf
alGetListenerfv
alGetListeneri
alGetProcAddress
alGetSource3f
alGetSourcef
alGetSourcefv
alGetSourcei
alGetString
alIsBuffer
alIsEnabled
alIsExtensionPresent
alIsSource
alListener3f
alListenerf
alListenerfv
alListeneri
alSource3f
alSourcePause
alSourcePausev
alSourcePlay
alSourcePlayv
alSourceQueueBuffers
alSourceRewind
alSourceRewindv
alSourceStop
alSourceStopv
alSourceUnqueueBuffers
alSourcef
alSourcefv
alSourcei
alcCloseDevice
alcCreateContext
alcDestroyContext
alcGetContextsDevice
alcGetCurrentContext
alcGetEnumValue
alcGetError
alcGetIntegerv
alcGetProcAddress
alcGetString
alcIsExtensionPresent
alcMakeContextCurrent
alcOpenDevice
alcProcessContext
alcSuspendContext

Sections

.text
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 768KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9632e80596371cfa7f563f680f3c4498

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 19KB - Virtual size: 20KB

3764e6c387ce3c76b39936a24d523dce

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 924B

ee01c5cc33cdb3294484fc93e41c14ad

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 681B

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 242B

a2aaff1db01b2c29d7ab20370a8b5270

Headers

File Characteristics

Imports

winmm

kernel32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 38KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 15KB

.rsrc Size: 4KB - Virtual size: 896B

.reloc Size: 8KB - Virtual size: 4KB

5abb70a2e412ebc554b03bc7abf9c0e0

Headers

File Characteristics

Imports

kernel32

winmm

user32

ole32

Exports

Exports

Sections

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 19KB - Virtual size: 20KB

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 924B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 681B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 242B

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 896B

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 168KB - Virtual size: 165KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 20KB - Virtual size: 768KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 8KB

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 896B

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 24KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 476KB - Virtual size: 474KB

.rdata
Size: 68KB - Virtual size: 64KB

.data
Size: 56KB - Virtual size: 988KB

.text
Size: 168KB - Virtual size: 165KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 20KB - Virtual size: 768KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 8KB