f82b20ce68b59ac9811a8490890e47d0080eccaf7a3a3e4d99df105a4128c9ce

Sharing

Copy URL Twitter E-mail

General

Target

f82b20ce68b59ac9811a8490890e47d0080eccaf7a3a3e4d99df105a4128c9ce
Size

968KB
MD5

dad4ba479e7ed6403bd3b03c4ef925f2
SHA1

8f887fc1d1417ee75414693582a8bc1e11227842
SHA256

f82b20ce68b59ac9811a8490890e47d0080eccaf7a3a3e4d99df105a4128c9ce
SHA512

cd453207ceb2d56fcb1706bf3e9eece44b8893b1404b98e79857af60c9244e759f72f908e3c7970b72494047fee01d801e78deb67189c9d7ee298bc8827e7d88
SSDEEP

12288:utyUAo4loYJ/tOvHuSjjZHMRanmIToXduK06g2q07ZH0AtcBENiqsxml:uteo4pGOSjlRnmIToNVZg2b0AtcBiXs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f82b20ce68b59ac9811a8490890e47d0080eccaf7a3a3e4d99df105a4128c9ce

Files

f82b20ce68b59ac9811a8490890e47d0080eccaf7a3a3e4d99df105a4128c9ce
.exe windows:4 windows x86 arch:x86

1831cd494572bccc015ff4bc5c7e20c9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\=Developing\IMBA_Server_2 - Setelah Alpha\_RBuildData\AutoPatchMan\Release\AutoPatchMan.pdb

Imports

dsound

ord11

d3dx9_30

D3DXCreateTextureFromFileExA
D3DXGetFVFVertexSize
D3DXCreateTextureFromFileInMemoryEx
D3DXCreateCubeTextureFromFileExA
D3DXCreateCubeTextureFromFileInMemoryEx
D3DXVec3Normalize
D3DXMatrixScaling
D3DXMatrixTranslation
D3DXMatrixMultiply
D3DXVec3Project
D3DXMatrixLookAtLH

d3d9

Direct3DCreate9

mfc71

ord2372
ord1903
ord745
ord4104
ord2322
ord907
ord310
ord557
ord2168
ord2164
ord3641
ord5182
ord4212
ord4735
ord4890
ord1671
ord1670
ord1551
ord5912
ord1620
ord1617
ord3946
ord1401
ord4244
ord5152
ord1908
ord5073
ord6275
ord4185
ord5203
ord3403
ord4722
ord4282
ord1600
ord5960
ord5235
ord5233
ord923
ord928
ord932
ord930
ord934
ord2390
ord2410
ord2394
ord2400
ord2398
ord2396
ord2413
ord2408
ord2392
ord2415
ord2403
ord2385
ord2387
ord2405
ord2178
ord2172
ord1522
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord5175
ord1964
ord1656
ord1655
ord1599
ord5200
ord2862
ord4486
ord4262
ord3182
ord354
ord5807
ord6067
ord5915
ord1402
ord5214
ord2991
ord572
ord1614
ord266
ord2371
ord2086
ord1545
ord4232
ord4125
ord1397
ord6266
ord1933
ord1484
ord4099
ord2091
ord1570
ord4237
ord3229
ord1063
ord1643
ord1581
ord3292
ord4580
ord1794
ord4749
ord709
ord501
ord3997
ord5529
ord5315
ord1320
ord1312
ord2146
ord5832
ord5831
ord2163
ord3988
ord6089
ord6064
ord4124
ord5802
ord2653
ord3759
ord6066
ord4117
ord4114
ord2718
ord3399
ord5571
ord5944
ord3114
ord3906
ord5947
ord3909
ord2058
ord1950
ord1612
ord1613
ord2942
ord3169
ord454
ord686
ord6090
ord3934
ord865
ord4035
ord3406
ord784
ord265
ord911
ord908
ord5563
ord2451
ord631
ord2280
ord386
ord1740
ord1091
ord3908
ord3596
ord3620
ord2250
ord314
ord2253
ord2252
ord3441
ord1873
ord2657
ord1482
ord5969
ord6236
ord4081
ord5227
ord2249
ord4569
ord5567
ord2272
ord1123
ord3635
ord3595
ord570
ord759
ord5715
ord1151
ord1917
ord655
ord5111
ord421
ord2468
ord5107
ord5491
ord1443
ord2805
ord1486
ord6138
ord6167
ord5284
ord5287
ord5661
ord996
ord2469
ord6006
ord2131
ord4085
ord4109
ord5403
ord5446
ord5710
ord5716
ord1439
ord6288
ord629
ord5089
ord384
ord1263
ord2899
ord1084
ord1185
ord2933
ord299
ord6118
ord2902
ord876
ord1489
ord297
ord781
ord304
ord3830
ord1054
ord762
ord763
ord2020
ord765
ord4457
ord1609
ord1735
ord5160
ord5141
ord6103
ord1628
ord1629
ord3919
ord657
ord587
ord715
ord578
ord605
ord3397
ord3806
ord760
ord764
ord566
ord757
ord3333
ord4261
ord4481
ord3949
ord2644
ord3709
ord3719
ord3718
ord2533
ord2646
ord2540
ord2838
ord2714
ord4307
ord2835
ord2731
ord2537
ord5566
ord5213
ord5230
ord4568
ord3948
ord2248
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord5583
ord2018
ord2063
ord4326
ord6276
ord3801
ord6278
ord4014
ord4038
ord3683
ord4541
ord3164
ord1207

msvcr71

_strrev
calloc
_ftol
frexp
_setmbcp
__CxxFrameHandler
strftime
localtime
time
fclose
fprintf
fopen
fread
malloc
free
_except_handler3
??0exception@@QAE@ABV0@@Z
_CxxThrowException
fwrite
fseek
ftell
memmove
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_mbscmp
rand
_beginthreadex
atol
strncpy
srand
floor
strrchr
_strlwr
_stricmp
realloc
_localtime64
_vsnprintf
_time64
sprintf
qsort
strtok
_itoa
_CIacos
_CIasin
_CIpow
_purecall
_close
tolower
atoi
_splitpath
_snprintf
isspace
isalpha
isalnum
strncmp
__setusermatherr
strchr
_open
_read
_write
_lseek
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__security_error_handler
_onexit
__dllonexit
memset

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetStartupInfoA
ExitProcess
GetVersionExA
GetModuleFileNameA
DeleteFileA
SetFileAttributesA
SetThreadPriority
ResumeThread
MultiByteToWideChar
WideCharToMultiByte
GetLastError
lstrlenA
CompareStringA
RemoveDirectoryA
Sleep
CreateDirectoryA
MoveFileA
CopyFileA
CreateEventA
CloseHandle
SetEvent
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WaitForMultipleObjects
ResetEvent
InitializeCriticalSection
SleepEx
WriteFile
CreateFileA
GetProcAddress
GetModuleHandleA
CreateProcessA
LockResource
SizeofResource
LoadResource
FindResourceA
IsDBCSLeadByteEx
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc

user32

GetWindowRect
SetCapture
SendMessageA
ShowWindow
DrawIcon
FindWindowA
ReleaseCapture
AppendMenuA
GetSystemMenu
IsIconic
GetClientRect
SetTimer
EnableWindow
LoadIconA
RegisterWindowMessageA
PostMessageA
KillTimer
GetParent
PostThreadMessageA
wsprintfA
MessageBoxA
GetSystemMetrics
SystemParametersInfoA
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
ReleaseDC
GetDC
GetIconInfo
MessageBoxW
ClipCursor
GetClassLongA
SetWindowPos
AdjustWindowRect
GetMenu
GetWindowLongA
SetWindowLongA
GetCursorPos
PostQuitMessage
EmptyClipboard
RegisterClipboardFormatA
OpenClipboard
SetClipboardData
CloseClipboard
ShowCursor
SetCursorPos
GetDlgItem
RegisterClassA
CreateWindowExA
SetCursor
GetMessageA
PeekMessageA
LoadCursorA
SetRect
ScreenToClient
DefWindowProcA
DestroyMenu
DestroyWindow

gdi32

DeleteDC
DeleteObject
GetDIBits
SelectObject
CreateCompatibleDC
GetObjectA
GetStockObject

shell32

SHGetSpecialFolderPathA
ShellExecuteA

comctl32

ord17

shlwapi

PathFileExistsA

oleaut32

SysAllocString
VariantInit

msvcp71

?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
?_Xran@_String_base@std@@QBEXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@II@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z

ws2_32

WSAStartup
htons
inet_addr
socket
ioctlsocket
connect
WSAWaitForMultipleEvents
WSACreateEvent
WSAEventSelect
WSACloseEvent
recv
closesocket
send
WSAGetLastError
WSACleanup
WSAEnumNetworkEvents

winmm

timeGetTime
mmioOpenA
mmioClose
mmioWrite
mmioAdvance
mmioSetInfo
mmioSeek
mmioCreateChunk
mmioGetInfo
mmioDescend
mmioRead
mmioAscend

bugtrap

BT_SetSupportURL
BT_SetFlags
BT_SetSupportEMail
BT_SetAppName
BT_InstallSehFilter
BT_SetSupportServer

Sections

.text
Size: 500KB - Virtual size: 499KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 27.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1831cd494572bccc015ff4bc5c7e20c9

Headers

File Characteristics

PDB Paths

Imports

dsound

d3dx9_30

d3d9

mfc71

msvcr71

kernel32

user32

gdi32

shell32

comctl32

shlwapi

oleaut32

msvcp71

ws2_32

winmm

bugtrap

Sections

.text Size: 500KB - Virtual size: 499KB

.rdata Size: 180KB - Virtual size: 179KB

.data Size: 192KB - Virtual size: 27.6MB

.rsrc Size: 92KB - Virtual size: 88KB

.text
Size: 500KB - Virtual size: 499KB

.rdata
Size: 180KB - Virtual size: 179KB

.data
Size: 192KB - Virtual size: 27.6MB

.rsrc
Size: 92KB - Virtual size: 88KB