8918f20c8f3a1a463b10e33d6e192272

Sharing

Copy URL

Twitter E-mail

General

Target

8918f20c8f3a1a463b10e33d6e192272
Size

711KB
MD5

8918f20c8f3a1a463b10e33d6e192272
SHA1

6f491c791c2e16dd5ff6b32ab2e085feb30b493b
SHA256

fedd1ddfc4ef6042164530c3a5da59d3d0cb2516683a1a546c3cc8559dae578e
SHA512

fc3d51f30f45512e01b8d67043abebdfb6eb2072639080681813be596b0f7bbf42d7328c0e17ab06299787a116d45fa00bd4a1047aca7e06f39f704a8efc70c4
SSDEEP

12288:gegPdAkwuuVxYVkbFq/Zc1Pn4mMK511rKkpKrfaNgNNXxfY/bwj+X6y/j2yl1M2u:9gPOkGIGyc1Pn4wQLFNXhYsj+XHj42hQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FarCry 5 Promo Trainer.exe

Files

8918f20c8f3a1a463b10e33d6e192272
.rar
2018年全部热门单机游戏及汉化下载.url
.url
FarCry 5 Promo Trainer.exe
.exe windows:4 windows x64 arch:x64

0148b04ef489c65ed4ce97f452e86c70

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memset
fseek
fread
fclose
ftell
memcpy
log10
_wfopen
wcslen
wcscpy
wcsncpy
wcscmp
memmove
wcscat
memcmp
_strdup
sprintf
free
longjmp
_setjmp
_wcsdup
strcpy
wcsncmp
_snwprintf
_wcsicmp
tolower
fabs
malloc
ceil
floor
pow
??3@YAXPEAX@Z
setlocale
swscanf
wcsstr
_wcsnicmp
realloc
_errno
calloc
fopen
toupper
perror
atan
fprintf
log
cos
sin
ldexp
qsort
exp
sqrt
exit
acos
frexp
memchr
modf
strerror
abort
atof
_gmtime64
fflush
ferror
remove
fwrite
__iob_func
getenv
sscanf
strchr
strstr
isxdigit
strncmp
isalpha
strtol
strncpy
strrchr
strpbrk
strtoul
_time64
_strtoi64
fgets
fputs
atoi
isspace
isdigit
_stricmp
_strnicmp
_read
_write
fputc
isalnum
_stat64
isupper
_vsnwprintf

kernel32

GetModuleHandleW
HeapCreate
OpenProcess
TerminateProcess
ReadProcessMemory
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
GetExitCodeThread
VirtualFreeEx
CloseHandle
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
VirtualProtectEx
HeapDestroy
ExitProcess
FormatMessageW
LocalFree
LoadLibraryW
GetProcAddress
GetNativeSystemInfo
GetCurrentProcess
VirtualQueryEx
Process32FirstW
Process32NextW
GetLastError
HeapFree
TlsGetValue
HeapAlloc
TlsSetValue
TlsAlloc
UnregisterWait
EnterCriticalSection
LeaveCriticalSection
TlsFree
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThread
DuplicateHandle
RegisterWaitForSingleObject
Sleep
FreeLibrary
CreateThread
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
CreatePipe
GetStdHandle
CreateProcessW
GetCommandLineW
PeekNamedPipe
ReadFile
HeapReAlloc
RtlLookupFunctionEntry
RtlVirtualUnwind
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
WideCharToMultiByte
CreateFileW
DeleteFileW
WriteFile
GlobalLock
GlobalSize
MultiByteToWideChar
GlobalUnlock
GlobalAlloc
GlobalFree
GetVersionExW
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
SetLastError
CreateDirectoryW
SetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
MoveFileW
CopyFileW
GetDriveTypeW
GetFileAttributesW
SetFilePointer
GetFileSize
HeapSize
MulDiv
VerSetConditionMask
VerifyVersionInfoA
LoadLibraryA
SleepEx
ExpandEnvironmentStringsA
FormatMessageA

user32

GetForegroundWindow
GetWindowThreadProcessId
GetWindowLongPtrW
GetAsyncKeyState
GetKeyboardState
ShowWindow
SendMessageW
SetClassLongPtrW
RedrawWindow
GetDesktopWindow
GetWindow
GetWindowTextLengthW
GetWindowTextW
WindowFromPoint
FindWindowW
GetKeyNameTextW
MapVirtualKeyW
PeekMessageW
RegisterHotKey
UnregisterHotKey
MessageBoxW
DefWindowProcW
EnableWindow
DestroyWindow
UnregisterClassW
LoadIconW
LoadCursorW
RegisterClassExW
IsWindowEnabled
GetSystemMetrics
CreateWindowExW
SetWindowLongPtrW
SetFocus
CreateAcceleratorTableW
SetForegroundWindow
BringWindowToTop
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DestroyAcceleratorTable
PostMessageW
IsWindowVisible
EnumWindows
SetWindowPos
BeginPaint
EndPaint
SetWindowTextW
CallWindowProcW
RemovePropW
GetPropW
SetPropW
SetScrollPos
GetParent
GetDC
InflateRect
ReleaseDC
GetWindowDC
GetWindowRect
GetIconInfo
InvalidateRect
UpdateWindow
ReleaseCapture
DrawStateW
SetCapture
ScreenToClient
GetClientRect
FillRect
GetSysColor
GetSysColorBrush
SetRect
DrawTextW
GetWindowLongW
SetScrollInfo
GetScrollPos
MoveWindow
GetScrollRange
MapWindowPoints
ClientToScreen
GetFocus
GetClassNameW
EnumPropsExW
SetActiveWindow
DestroyIcon
RegisterClassW
AdjustWindowRectEx
GetMenu
IsZoomed
DefFrameProcW
EnumChildWindows
GetActiveWindow
MsgWaitForMultipleObjects
GetKeyState
IsChild
RegisterWindowMessageW
EnumDisplaySettingsW
GetCursorPos
CreateIconFromResourceEx
CreateIconFromResource
CharUpperW
CharLowerW

gdi32

CreatePatternBrush
GetStockObject
ExcludeClipRect
GetObjectType
GetObjectW
DeleteObject
SetTextColor
SetBkColor
SelectObject
GetTextExtentPoint32W
CreateSolidBrush
GetDeviceCaps
CreateDCW
DeleteDC
CreateCompatibleDC
CreateDIBSection
SetStretchBltMode
SetBrushOrgEx
StretchBlt
CreateBitmap
SetPixel
GetDIBits
BitBlt
CreateFontW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegSetValueExW
RegCreateKeyW
RegDeleteKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenSCManagerW
CloseServiceHandle
RegCreateKeyExW
RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyW
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash

ole32

CoInitialize
CoTaskMemFree
OleInitialize
CreateStreamOnHGlobal
GetHGlobalFromStream
RevokeDragDrop
OleCreate
OleSetContainedObject

shell32

ShellExecuteExW
SHGetFolderLocation
SHGetPathFromIDListW

ws2_32

WSAIoctl
getaddrinfo
freeaddrinfo

wsock32

closesocket
WSACleanup
WSAStartup
socket
inet_addr
gethostbyname
htons
bind
ioctlsocket
connect
select
__WSAFDIsSet
recv
WSAGetLastError
send
WSASetLastError
getsockopt
setsockopt
getpeername
getsockname
ntohs
gethostname
ntohl
htonl

winmm

timeBeginPeriod

gdiplus

GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeleteMatrix
GdipDeletePen
GdipDeleteStringFormat
GdipFree
GdipGetDpiX
GdipGetDpiY

uxtheme

SetWindowTheme

comctl32

InitCommonControlsEx

oleaut32

SysFreeString
SysAllocString
VariantInit
DispGetParam
VariantClear
SysStringLen

Sections

.code
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 681KB - Virtual size: 681KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 307KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fc5promo-readme.txt
www.3dmgame.com.url
.url
说明.txt

Sharing

General

Malware Config

Signatures

Files

0148b04ef489c65ed4ce97f452e86c70

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

advapi32

ole32

shell32

ws2_32

wsock32

winmm

gdiplus

uxtheme

comctl32

oleaut32

Sections

.code Size: 161KB - Virtual size: 160KB

.text Size: 681KB - Virtual size: 681KB

.rdata Size: 124KB - Virtual size: 124KB

.pdata Size: 36KB - Virtual size: 36KB

_RDATA Size: 512B - Virtual size: 48B

.data Size: 307KB - Virtual size: 321KB

.rsrc Size: 73KB - Virtual size: 73KB

.code
Size: 161KB - Virtual size: 160KB

.text
Size: 681KB - Virtual size: 681KB

.rdata
Size: 124KB - Virtual size: 124KB

.pdata
Size: 36KB - Virtual size: 36KB

_RDATA
Size: 512B - Virtual size: 48B

.data
Size: 307KB - Virtual size: 321KB

.rsrc
Size: 73KB - Virtual size: 73KB