87fdb4a7117ce2a782d4aef5794d92b8

Sharing

Copy URL Twitter E-mail

General

Target

87fdb4a7117ce2a782d4aef5794d92b8
Size

1.4MB
MD5

87fdb4a7117ce2a782d4aef5794d92b8
SHA1

58c34a16229534055b841823ccdf7aa65f16a29b
SHA256

4c093ae7287cca3d4dce6827c3ffd31086aa7c03ebe9c2541e0e94ba18f50f0f
SHA512

55b9bfdebef669a381ec63b33a97a3d81825f70a177aa8286da2b12516738c02bb571f9ac383fb89eece88b99ff648ac615254a9f02d499f90209b4ef4b2a249
SSDEEP

6144:G1c02RF3L2p+Yhqr6EmtmEgd4C5jPPnhrqaDU/RqwnuecMo:G+xL2pthqrjmwEgd4CBV69nuio

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87fdb4a7117ce2a782d4aef5794d92b8

Files

87fdb4a7117ce2a782d4aef5794d92b8
.exe windows:5 windows x86 arch:x86

bf11383207c2a7adba9cfc1928118a9c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Build\onlinetech\GameConsoleService\Build\Release\GamesAppService.pdb

Imports

kernel32

FileTimeToLocalFileTime
SystemTimeToFileTime
GetSystemTime
LocalFileTimeToFileTime
FindClose
GetFileAttributesW
GetCurrentDirectoryW
GetFileAttributesExW
CreateDirectoryW
SetFileAttributesW
ReleaseMutex
CreateMutexA
FlushFileBuffers
ReadFile
SetEndOfFile
CompareStringW
WriteConsoleW
GetTimeZoneInformation
SetStdHandle
GetStringTypeW
GetConsoleMode
GetConsoleCP
PeekNamedPipe
LoadLibraryW
LCMapStringW
SetFilePointer
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
VirtualQuery
VirtualProtect
DebugBreak
GetFullPathNameW
DeleteFileW
CreateFileW
WriteFile
InitializeCriticalSection
FormatMessageA
GetCurrentProcessId
lstrlenA
WideCharToMultiByte
Sleep
GetCommandLineW
SetErrorMode
Process32NextW
ProcessIdToSessionId
Process32FirstW
CreateToolhelp32Snapshot
WTSGetActiveConsoleSessionId
CreateProcessW
ResumeThread
GetSystemDirectoryW
TerminateProcess
GetLastError
SetLastError
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
RaiseException
lstrcmpiW
GetModuleHandleW
GetProcAddress
lstrlenW
FreeLibrary
OutputDebugStringW
GetCurrentProcess
DuplicateHandle
OpenProcess
CreateThread
SetEvent
LeaveCriticalSection
EnterCriticalSection
CreateEventW
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapCreate
GetStdHandle
ExitProcess
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FindFirstFileExW
GetDriveTypeW
FileTimeToSystemTime
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetSystemInfo
VirtualAlloc
EncodePointer
DecodePointer
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetExitCodeProcess
WaitForSingleObject
CloseHandle
GetFileInformationByHandle
SetEnvironmentVariableA

user32

GetThreadDesktop
GetProcessWindowStation
CharNextW
OpenWindowStationW
SetProcessWindowStation
EnumDesktopsW
CloseWindowStation
OpenDesktopW
MessageBoxW
SetThreadDesktop
EnumDesktopWindows
GetWindowThreadProcessId
CharUpperW
wsprintfW
PostThreadMessageW
LoadStringW
GetMessageW
TranslateMessage
EnumWindowStationsW
DispatchMessageW

advapi32

OpenSCManagerW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
DeleteService
ControlService
RegisterServiceCtrlHandlerW
SetServiceStatus
StartServiceCtrlDispatcherW
RegQueryValueExW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
CloseServiceHandle
ChangeServiceConfig2W
OpenServiceW
CreateServiceW
CreateProcessAsUserW
OpenProcessToken
DuplicateTokenEx
SetTokenInformation
GetTokenInformation
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
LookupAccountSidW
IsValidSid
GetLengthSid
CopySid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyW

shell32

SHGetSpecialFolderPathW

ole32

CoTaskMemAlloc
CoInitializeSecurity
CoReleaseServerProcess
CoAddRefServerProcess
CoTaskMemRealloc
CoRevokeClassObject
StringFromGUID2
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoResumeClassObjects
CoInitializeEx
CoRegisterClassObject

oleaut32

VarUI4FromStr
SysStringLen
SysFreeString
LoadRegTypeLi
LoadTypeLi
SysAllocStringLen
SysAllocString
VariantClear
VariantInit
RegisterTypeLi
UnRegisterTypeLi

shlwapi

PathFileExistsW
PathQuoteSpacesW
PathUnquoteSpacesW

wtsapi32

WTSQueryUserToken

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock
LoadUserProfileW
UnloadUserProfile

crypt32

CertFreeCertificateContext
CertNameToStrA
CryptMsgGetAndVerifySigner
CryptMsgClose
CryptQueryObject

wintrust

WinVerifyTrust

psapi

GetModuleFileNameExW

Sections

.text
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bf11383207c2a7adba9cfc1928118a9c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

wtsapi32

userenv

crypt32

wintrust

psapi

Sections

.text Size: 175KB - Virtual size: 175KB

.rdata Size: 60KB - Virtual size: 60KB

.data Size: 9KB - Virtual size: 18KB

.rsrc Size: 72KB - Virtual size: 72KB

.text
Size: 175KB - Virtual size: 175KB

.rdata
Size: 60KB - Virtual size: 60KB

.data
Size: 9KB - Virtual size: 18KB

.rsrc
Size: 72KB - Virtual size: 72KB