de43b1f13d401c88e4eef6a4b8a72f4c658177eee89f745263baddecc1e54b16

Sharing

Copy URL Twitter E-mail

General

Target

de43b1f13d401c88e4eef6a4b8a72f4c658177eee89f745263baddecc1e54b16
Size

2.0MB
MD5

5c7538ad709c5a2cb8a836b17af390df
SHA1

4873b48a651e87af88ca88a5911b70383e1ab6cd
SHA256

de43b1f13d401c88e4eef6a4b8a72f4c658177eee89f745263baddecc1e54b16
SHA512

7aa3b046f406b54746653fe5eed12f8b58f1776d664bced6daf6e02c0a3b1093558b2c19a436d22aecfe856d75f17c7920fa88e7f4685c9c26dde33b5da4cd0e
SSDEEP

12288:Hu2PNNu0P8VbAL96X1lD9r2IFeyPJoXBdvR/bXTHYSCl:HZPNNu0PAbAL0xzFeyJ6zTH8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de43b1f13d401c88e4eef6a4b8a72f4c658177eee89f745263baddecc1e54b16

Files

de43b1f13d401c88e4eef6a4b8a72f4c658177eee89f745263baddecc1e54b16
.exe windows:5 windows x86 arch:x86

93720664d0322a82de0f39395213c763

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\dailybuild_fix_5.4\wegame_client\build\bin\Release\wegameservice.pdb

Imports

common

?name@Shared_mem_obj@common@ierd_tgp@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?extract_op_from_cmd@Sys_wrapper@common@ierd_tgp@@SA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PAV45@@Z
?file_exists@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?is_shared_mem_exist@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?size@Shared_mem_obj@common@ierd_tgp@@QAEIXZ
??1Shared_mem_obj@common@ierd_tgp@@QAE@XZ
?close@Shared_mem_obj@common@ierd_tgp@@QAEXXZ
?open@Shared_mem_obj@common@ierd_tgp@@QAEPAXW4mode_t@interprocess@boost@@_N@Z
??0Shared_mem_obj@common@ierd_tgp@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I0_N@Z
?get_log_instance@base@@YAPAVILogger@1@XZ

kernel32

QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetProcAddress
Sleep
GetSystemInfo
GetModuleHandleA
GlobalAddAtomA
GetCurrentProcessId
CloseHandle
GetTickCount
OpenMutexW
GetModuleFileNameW
GetCurrentThreadId
GetCommandLineW
OutputDebugStringA
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitializeSListHead
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
IsDebuggerPresent
GetSystemTimeAsFileTime
CreateProcessW

user32

LoadIconA
GetCursorPos
SetForegroundWindow
GetClassInfoA
AppendMenuW
DestroyMenu
CreatePopupMenu
IsMenu
IsWindow
CreateWindowExA
TrackPopupMenu
RegisterClassA
DefWindowProcA
UnregisterHotKey
RegisterHotKey
RegisterWindowMessageA
PeekMessageA
DispatchMessageA
TranslateMessage

shell32

Shell_NotifyIconW
ShellExecuteExW

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

msvcp140

?id@?$ctype@D@std@@2V0locale@2@A
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Xlength_error@std@@YAXPBD@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPBD@Z
??Bid@locale@std@@QAEIXZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?is@?$ctype@D@std@@QBE_NFD@Z
?widen@?$ctype@D@std@@QBEDD@Z
?narrow@?$ctype@D@std@@QBEDDD@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?good@ios_base@std@@QBE_NXZ
?exceptions@ios_base@std@@QAEXH@Z
?flags@ios_base@std@@QBEHXZ
?flags@ios_base@std@@QAEHH@Z
?precision@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ

vcruntime140

memchr
_except_handler4_common
_purecall
__std_type_info_compare
__std_exception_destroy
__std_exception_copy
wcsrchr
_CxxThrowException
memmove
memset
memcpy
__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_initialize_onexit_table
_get_initial_narrow_environment
_initterm
_initialize_narrow_environment
exit
_exit
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn
terminate
_controlfp_s
_initterm_e
_register_onexit_function

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode
__stdio_common_vsprintf

api-ms-win-crt-string-l1-1-0

wcslen
wcscpy_s

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 830KB - Virtual size: 832KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

93720664d0322a82de0f39395213c763

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

common

kernel32

user32

shell32

advapi32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 46KB - Virtual size: 46KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 830KB - Virtual size: 832KB

.text
Size: 46KB - Virtual size: 46KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 830KB - Virtual size: 832KB