1c973ddd74f1922be40d0eeea6d6e1e96f58d9b758d0eaed2f2e9136655f252f

Sharing

Copy URL Twitter E-mail

General

Target

1c973ddd74f1922be40d0eeea6d6e1e96f58d9b758d0eaed2f2e9136655f252f
Size

766KB
MD5

2342930f12d3ad8e9cc45117c2502444
SHA1

4d1d216dd94536b73c957a5fbf656745f55c1cc4
SHA256

1c973ddd74f1922be40d0eeea6d6e1e96f58d9b758d0eaed2f2e9136655f252f
SHA512

40721385ff0d314c4276570c5ff86cc534e2a4dae7f8f776b93de0e771ae96ed3b00242468ed2faeae9685fe6ec181d799cc2ea6493b3fa6c6ee5806336e64a1
SSDEEP

12288:dpa/a4mEoy8crF6Jr88WTv7yqVDlPq2Lg7HAARRrztLqAey3aPHMI5B2VjgX8wbT:dpa/ayH+ztlqnB2TwjwzQ9CDMp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c973ddd74f1922be40d0eeea6d6e1e96f58d9b758d0eaed2f2e9136655f252f

Files

1c973ddd74f1922be40d0eeea6d6e1e96f58d9b758d0eaed2f2e9136655f252f
.dll windows:5 windows x86 arch:x86

cd0a1ef224f4647b80a6c696a9a04dfb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileTime
GetCurrentDirectoryW
GetUserDefaultLCID
GetCPInfo
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetFileType
GetConsoleCP
GetConsoleMode
SetFilePointerEx
IsDebuggerPresent
IsProcessorFeaturePresent
VirtualAlloc
VirtualProtect
VirtualQuery
GetCommandLineA
RtlUnwind
ExitThread
ExitProcess
HeapQueryInformation
GetFileAttributesW
GetStdHandle
IsValidCodePage
GetFileSizeEx
GetStringTypeW
GetStartupInfoW
SetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WriteConsoleW
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringW
GetDriveTypeW
SetEnvironmentVariableA
GlobalFlags
GetLocaleInfoW
CompareStringW
GetOEMCP
GetFileAttributesExW
lstrcmpA
SetErrorMode
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
FileTimeToSystemTime
FindNextFileW
FileTimeToLocalFileTime
GetThreadLocale
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
SuspendThread
SetThreadPriority
CreateEventW
WaitForSingleObject
SetEvent
FormatMessageW
LocalFree
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
FreeLibrary
GetSystemDirectoryW
EncodePointer
GetModuleHandleA
SetLastError
OutputDebugStringA
GetACP
DecodePointer
HeapSize
RaiseException
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
InitializeCriticalSectionAndSpinCount
LoadLibraryW
InterlockedDecrement
GetPrivateProfileStringW
GetModuleHandleExW
CreateFileW
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
CreateDirectoryW
GetModuleFileNameW
MoveFileW
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GlobalFree
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetVersionExW
GetSystemInfo
DeleteFileW
GetLastError
TerminateProcess
OpenProcess
GetCurrentProcessId
ResumeThread
Sleep
GetTickCount
CloseHandle
CreateThread
MultiByteToWideChar
FreeResource
LockResource
SizeofResource
LoadResource
FindResourceW
ReadConsoleW
WideCharToMultiByte

user32

RegisterClipboardFormatW
OffsetRect
ReleaseCapture
RealChildWindowFromPoint
GetSysColorBrush
DestroyMenu
MapDialogRect
SetWindowContextHelpId
CharUpperW
TranslateMessage
GetMessageW
GetDesktopWindow
GetActiveWindow
GetNextDlgTabItem
CreateDialogIndirectParamW
IntersectRect
ClientToScreen
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
GetCursorPos
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
LoadIconW
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongW
EqualRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
GetWindowTextW
RemovePropW
GetPropW
SetPropW
RedrawWindow
ValidateRect
GetForegroundWindow
SetActiveWindow
UpdateWindow
GetMenuItemCount
GetMenuItemID
SetMenu
GetMenu
LoadBitmapW
GetDC
ReleaseDC
GetCapture
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
DestroyWindow
IsChild
CreateWindowExW
GetClassInfoExW
GetClassInfoW
MessageBeep
GetNextDlgGroupItem
IsRectEmpty
SetRect
InvalidateRgn
CopyAcceleratorTableW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
SetCapture
CharNextW
EnableWindow
GetWindowRect
InvalidateRect
SendMessageW
SetCursor
LoadCursorW
GetParent
GetSysColor
GetClientRect
ScreenToClient
PostMessageW
FindWindowW
PostThreadMessageW
EndDialog
SetForegroundWindow
wsprintfW
GetWindowThreadProcessId
GetWindowTextA
IsWindowVisible
MessageBoxW
EnumWindows
IsIconic
SetWindowPos
GetSystemMetrics
GetWindowLongW
SetWindowLongW
KillTimer
SetTimer
IsWindow
PostQuitMessage
UpdateLayeredWindow
PtInRect
MessageBoxA
UnregisterClassW
GetKeyState
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetLayeredWindowAttributes
SendDlgItemMessageA
GetSubMenu
RegisterWindowMessageW
DispatchMessageW
PeekMessageW

gdi32

TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetBkColor
GetTextColor
GetRgnBox
SetMapMode
GetMapMode
CreateCompatibleDC
ExtSelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetClipBox
Escape
CreateRectRgnIndirect
CreateBitmap
SetTextColor
SetBkColor
GetDeviceCaps
CreateCompatibleBitmap
GetObjectW
DeleteObject
DeleteDC
GetStockObject
SelectObject

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

shell32

ShellExecuteW
ShellExecuteA

shlwapi

PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathFindFileNameW

ole32

CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoUninitialize
CoCreateInstance
CoInitialize
CoGetClassObject
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
CreateStreamOnHGlobal

oleaut32

VariantInit
VariantClear
VariantChangeType
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SysAllocStringLen
SysAllocString
VariantCopy
OleCreateFontIndirect
SysFreeString

oledlg

OleUIBusyW

gdiplus

GdipDrawString
GdipSetTextRenderingHint
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipFree
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdiplusStartup
GdiplusShutdown
GdipDeleteStringFormat
GdipLoadImageFromStream
GdipSetSmoothingMode
GdipDrawImageRect
GdipCreateSolidFill
GdipDeleteBrush
GdipFillRectangleI
GdipCreatePath
GdipDeletePath
GdipAddPathLine
ord1
GdipFillPath
GdipCreateFontFamilyFromName
GdipCreateFont
GdipDeleteFont
GdipMeasureString
GdipCreateStringFormat

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

winhttp

WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpWriteData
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpQueryDataAvailable
WinHttpOpenRequest
WinHttpConnect
WinHttpCrackUrl
WinHttpSetTimeouts
WinHttpOpen
WinHttpCloseHandle
WinHttpReadData
WinHttpSetOption

oleacc

LresultFromObject
CreateStdAccessibleObject

Exports

Exports

DoMGLogin
DoMGLogout
DoMGPay
GetMGVersion
InitZzMGSDK
SetGameProcessId

Sections

.text
Size: 561KB - Virtual size: 561KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd0a1ef224f4647b80a6c696a9a04dfb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

oledlg

gdiplus

wininet

iphlpapi

winhttp

oleacc

Exports

Exports

Sections

.text Size: 561KB - Virtual size: 561KB

.rdata Size: 136KB - Virtual size: 135KB

.data Size: 17KB - Virtual size: 36KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 37KB - Virtual size: 37KB

.text
Size: 561KB - Virtual size: 561KB

.rdata
Size: 136KB - Virtual size: 135KB

.data
Size: 17KB - Virtual size: 36KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 37KB - Virtual size: 37KB