661a4c00825cee7ee2693eafbe77e6876e70147b47bc6c62e53e7c97136937b4

Sharing

Copy URL

Twitter E-mail

General

Target

661a4c00825cee7ee2693eafbe77e6876e70147b47bc6c62e53e7c97136937b4
Size

661KB
MD5

82cebe3925b4b668c4da7a937ce4f9d9
SHA1

c3e474d6660e342564c6f1eeacb230db3772cd8f
SHA256

661a4c00825cee7ee2693eafbe77e6876e70147b47bc6c62e53e7c97136937b4
SHA512

b611b6a9d41b7e71018b5039d6b0af2887732087ba04200bb7d645a5fe41f2d2583beaa0fda306a29e3fa0d972c130ebb2c87fd40f4e2723c31900b73fbd1d0a
SSDEEP

12288:YwHiKIEtDSmTYYaLn1x4LviBAnkp+ft+AeFmVgroRNF6m3KY2xXAJU/qC0:YwHiKnDa3VJ+Ed6gsRNomV2tAaQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/3DM4.83/3DM NBA2K12 MOD工具.exe
unpack001/3DM4.83/3DM NBA2K12 MOD工具.net4.exe
unpack001/3DM4.83/DXRender.dll
unpack001/3DM4.83/DXRender_4.dll
unpack001/3DM4.83/zlib.dll
unpack001/DDSFileTypePlus/DdsFileTypePlus.dll
unpack001/DDSFileTypePlus/DdsFileTypePlusIO_x64.dll

Files

661a4c00825cee7ee2693eafbe77e6876e70147b47bc6c62e53e7c97136937b4
.zip
3DM4.83/3DM NBA2K12 MOD工具.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
3DM4.83/3DM NBA2K12 MOD工具.net4.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
3DM4.83/3DMGAME_中国第一单机游戏门户.URL
3DM4.83/3DMGAME论坛.URL
3DM4.83/DXRender.dll
.dll windows:5 windows x86 arch:x86

7500fade0566767efbe2102f0841822a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

d3dx9_43

D3DXMatrixRotationX
D3DXVec3Normalize
D3DXMatrixRotationY
D3DXVec3TransformCoord
D3DXMatrixLookAtLH
D3DXMatrixPerspectiveFovLH

kernel32

Sleep
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
IsDebuggerPresent
SetUnhandledExceptionFilter
GetTickCount
GetCurrentThreadId
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
UnhandledExceptionFilter
InterlockedExchange
GetCurrentProcess

msvcr90

_amsg_exit
_adjust_fdiv
__CppXcptFilter
_initterm_e
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_crt_debugger_hook
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
??3@YAXPAX@Z
??2@YAPAXI@Z
_cexit
__clean_type_info_names_internal
__FrameUnwindFilter

d3d9

Direct3DCreate9

msvcm90

?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXP$AAVEventHandler@System@@@Z
?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@P$AAVException@3@@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@@Z
?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVException@System@@0@Z
?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6GJPAX@Z0@Z

mscoree

_CorDllMain

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 714B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
3DM4.83/DXRender_4.dll
.dll windows:5 windows x86 arch:x86

baeecaf2ec4fc69e90906bec578fba25

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

d3dx9_43

D3DXMatrixRotationX
D3DXVec3Normalize
D3DXMatrixRotationY
D3DXVec3TransformCoord
D3DXMatrixLookAtLH
D3DXMatrixPerspectiveFovLH

kernel32

EncodePointer
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
GetCurrentThreadId
QueryPerformanceCounter

msvcr100

__clean_type_info_names_internal
__dllonexit
_lock
_onexit
_except_handler4_common
_crt_debugger_hook
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
??3@YAXPAX@Z
??2@YAPAXI@Z
_cexit
_unlock
__FrameUnwindFilter

d3d9

Direct3DCreate9

mscoree

_CorDllMain

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 738B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
3DM4.83/zlib.dll
.dll windows:5 windows x86 arch:x86

7bbc4070a651e156ee0892eb84385a6a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr90

_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
_initterm_e
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
_vsnprintf
memchr
_errno
strerror
sprintf
free
malloc
memset
__clean_type_info_names_internal
memcpy
_lseek
_open
_read
_close
_write

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

Exports

Exports

adler32
adler32_combine
compress
compress2
compressBound
crc32
crc32_combine
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePrime
deflateReset
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzoffset
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzungetc
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
uncompress
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
3DM4.83/工具说明.jpg
.jpg
3DM4.83/工具说明.txt
3DM4.83/巴布游戏社区.URL
DDSFileTypePlus/DdsFileTypePlus.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DDSFileTypePlus/DdsFileTypePlusIO_ARM64.dll
DDSFileTypePlus/DdsFileTypePlusIO_x64.dll
.dll windows:6 windows x64 arch:x64

e1fb1d8b28067ab5dc791d414ba0c9de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryExW
GetProcAddress
FreeLibrary
HeapAlloc
GetProcessHeap
HeapFree
InitOnceExecuteOnce
SetFilePointerEx
WriteFile
CloseHandle
GetLastError
CreateFileW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetStdHandle
GetStringTypeW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlUnwind
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapReAlloc
HeapSize
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetStdHandle
GetFileType
WriteConsoleW

ole32

CoCreateInstance

vcomp140

_vcomp_for_static_end
_vcomp_flush
_vcomp_atomic_add_i8
_vcomp_for_static_simple_init
_vcomp_fork

Exports

Exports

FreeLoadInfo
Load
Save

Sections

.text
Size: 230KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 308KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 99KB - Virtual size: 99KB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 102KB - Virtual size: 101KB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 12B

7500fade0566767efbe2102f0841822a

Headers

DLL Characteristics

File Characteristics

Imports

d3dx9_43

kernel32

msvcr90

d3d9

msvcm90

mscoree

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 42KB - Virtual size: 42KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 714B

baeecaf2ec4fc69e90906bec578fba25

Headers

DLL Characteristics

File Characteristics

Imports

d3dx9_43

kernel32

msvcr100

d3d9

mscoree

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 50KB - Virtual size: 50KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 738B

7bbc4070a651e156ee0892eb84385a6a

Headers

File Characteristics

Imports

msvcr90

kernel32

Exports

Exports

Sections

.text Size: 39KB - Virtual size: 38KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 512B - Virtual size: 928B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 39KB - Virtual size: 39KB

.text
Size: 99KB - Virtual size: 99KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 102KB - Virtual size: 101KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 42KB - Virtual size: 42KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 714B

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 50KB - Virtual size: 50KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 738B

.text
Size: 39KB - Virtual size: 38KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 512B - Virtual size: 928B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 39KB - Virtual size: 39KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 230KB - Virtual size: 230KB

.rdata
Size: 308KB - Virtual size: 308KB

.data
Size: 5KB - Virtual size: 9KB

.pdata
Size: 8KB - Virtual size: 7KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB