2d0bd517d460b20621bc534eb125b76c58732e9aa287bd907571746d748eb4ee

Sharing

Copy URL

Twitter E-mail

General

Target

2d0bd517d460b20621bc534eb125b76c58732e9aa287bd907571746d748eb4ee
Size

4.8MB
MD5

3d4b901fab283e8ba42f7dc66fdf0793
SHA1

612ab75c80544d84e8e00cc6d6ed3393aa60d4f7
SHA256

2d0bd517d460b20621bc534eb125b76c58732e9aa287bd907571746d748eb4ee
SHA512

6398769a46a3d7135778ea5d804c62b61d9b9f7eb83fecc491a372f3a3c2d56ca8b9b4d73eb9055bdfa4fcddb34e4fe6db01b5ddc09bd15d63c3d09d667101d7
SSDEEP

98304:VkHauFV74BtQPGVhRiCu/CVUdVEy9qMBNP/qxct8q0rndwrndHAbs8y:S6U4UdVEy9qMBNLtaIKol

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d0bd517d460b20621bc534eb125b76c58732e9aa287bd907571746d748eb4ee

Files

2d0bd517d460b20621bc534eb125b76c58732e9aa287bd907571746d748eb4ee
.dll windows:6 windows x86 arch:x86

90d8cc29cd7b808cc0da45c0fdb10589

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Jenkins\.jenkins\workspace\MGame\AIChat\AIChat_inst_uninst\Inst\Release\Install_dll.pdb

Imports

kernel32

LoadLibraryExW
lstrcmpiW
WritePrivateProfileStringW
GetDriveTypeW
RtlCaptureStackBackTrace
GetFileInformationByHandle
CompareFileTime
FindFirstChangeNotificationW
FindCloseChangeNotification
SetFileTime
CreateDirectoryW
SearchPathW
GetCurrentDirectoryW
GetCommandLineW
GetCurrentThreadId
DecodePointer
lstrcpynW
GetLocalTime
WaitForMultipleObjects
Sleep
CreateEventW
WaitForSingleObject
SetEvent
VerifyVersionInfoW
DeleteCriticalSection
InitializeCriticalSectionEx
RaiseException
VerSetConditionMask
K32GetProcessImageFileNameW
GetTickCount
GetCurrentProcess
ReadFile
QueryDosDeviceW
GetLogicalDriveStringsW
GetFileSize
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryW
GetProcAddress
GetModuleHandleW
FreeLibrary
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
K32GetModuleFileNameExW
GetModuleFileNameW
OpenProcess
WriteConsoleW
SetEndOfFile
SetFilePointerEx
ReadConsoleW
SetStdHandle
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetCurrentProcessId
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLongPathNameW
MoveFileExW
MoveFileW
lstrlenW
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetWindowsDirectoryW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
GetLastError
GetTempPathW
SetFileAttributesW
RemoveDirectoryW
GetFullPathNameW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CloseHandle
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
GetFileType
GetStdHandle
GetACP
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
ResumeThread
ExitThread
RtlUnwind
WaitForMultipleObjectsEx
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
DuplicateHandle
SetProcessAffinityMask
VirtualProtect
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
GetTempFileNameA
GetTempPathA
WriteFile
SetThreadPriority
CreateThread
SignalObjectAndWait
lstrcmpiA
lstrcmpA
GetSystemWindowsDirectoryW
FreeResource
InterlockedCompareExchange
GetStartupInfoW
WaitForSingleObjectEx
SetUnhandledExceptionFilter
DeleteFileA
CreateFileA
UnhandledExceptionFilter
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FlushFileBuffers
GetSystemTimeAsFileTime
GetFileAttributesExW
SetFilePointer
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CopyFileW
GetShortPathNameW
OutputDebugStringA
OutputDebugStringW
GetFileSizeEx
ResetEvent
GetSystemInfo
GetTempFileNameW
LocalFree
FormatMessageW
GetEnvironmentVariableW
GetVersionExW
GetDiskFreeSpaceExW
GetSystemDirectoryW
TerminateProcess
GetExitCodeProcess
DeviceIoControl
LocalAlloc
GetPrivateProfileStringW
IsDebuggerPresent
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
TryEnterCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree

user32

LoadImageW
SetForegroundWindow
GetSystemMetrics
GetActiveWindow
DialogBoxParamW
IsIconic
IsWindowVisible
PostQuitMessage
FindWindowW
CharNextW
BringWindowToTop
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
RegisterWindowMessageW
FillRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
SendMessageW
GetFocus
ShowWindow
SendMessageTimeoutW
wsprintfW
MessageBoxW
SendNotifyMessageW
OffsetRect
UnionRect
EqualRect
DrawFocusRect
DestroyCursor
MoveWindow
UnregisterClassA
GetClassInfoExW
RegisterClassExW
MonitorFromWindow
IsDialogMessageW
GetWindow
PtInRect
MapWindowPoints
SetCursor
SetFocus
GetShellWindow
GetMonitorInfoW
CopyRect
SystemParametersInfoW
LoadCursorW
GetParent
SetWindowLongW
GetWindowLongW
ScreenToClient
GetWindowRect
GetClientRect
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
ReleaseCapture
SetCapture
GetAsyncKeyState
SetWindowPos
UpdateLayeredWindow
DestroyWindow
IsWindow
CreateWindowExW
UnregisterClassW
CallWindowProcW
GetWindowThreadProcessId
FindWindowExW
PostMessageW
KillTimer
SetTimer
DefWindowProcW
DrawTextW
EndDialog

gdi32

BitBlt
CreateCompatibleDC
CreateRectRgnIndirect
DeleteDC
DeleteObject
RestoreDC
SaveDC
OffsetViewportOrgEx
SelectObject
CreateCompatibleBitmap
GetObjectW
SetViewportOrgEx
CreateFontW
GetStockObject
SetBkMode
SetTextColor
RectVisible
EnumFontFamiliesW
SelectClipRgn
CreateDIBSection

advapi32

CheckTokenMembership
RegOpenKeyExA
RegEnumKeyExA
GetTokenInformation
CryptContextAddRef
CryptDecrypt
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegEnumValueW
LookupPrivilegeValueW
DuplicateTokenEx
AdjustTokenPrivileges
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptEncrypt
CryptImportKey
CryptGenRandom
CryptSetKeyParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
GetTrusteeNameW
BuildExplicitAccessWithNameW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetExplicitEntriesFromAclW
SetEntriesInAclW
LookupAccountNameW
LookupAccountSidW
EqualSid
RegQueryValueExA
DeleteAce
StartServiceW
OpenServiceW
OpenSCManagerW
GetUserNameW
AllocateAndInitializeSid
CreateServiceW
FreeSid
CloseServiceHandle

shell32

SHFileOperationW
ShellExecuteW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteExW
SHChangeNotify
ord165

ole32

CreateStreamOnHGlobal
CoInitializeEx
CoInitializeSecurity
CoInitialize
CoTaskMemFree
OleRun
CLSIDFromProgID
CoCreateGuid
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoSetProxyBlanket

oleaut32

SysFreeString
VariantCopy
CreateErrorInfo
SetErrorInfo
GetErrorInfo
VariantChangeType
VariantInit
SysStringLen
VariantClear
SysAllocStringByteLen
VarUI4FromStr
SysAllocString
SysStringByteLen

shlwapi

PathFileExistsW
PathCombineW
PathAppendW
PathRenameExtensionA
PathFindFileNameA
SHSetValueW
PathFindFileNameW
StrTrimA
StrStrIA
StrStrIW
StrCmpIW
wnsprintfW
PathRemoveFileSpecW
StrToIntExW
StrCmpNIW
SHGetValueA
PathFindExtensionW
SHGetValueW
PathIsRelativeW
PathIsRootW
SHSetValueA
AssocQueryStringW
PathIsPrefixW
PathIsDirectoryW

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipCreateBitmapFromFileICM
GdiplusShutdown
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdiplusStartup
GdipCreateBitmapFromStreamICM
GdipAlloc
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipGetImageWidth
GdipGetImageHeight
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipDrawRectangleI
GdipFillRectangleI
GdipDrawImagePointRectI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign

psapi

GetProcessImageFileNameW
GetModuleFileNameExW
EnumProcesses

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

setupapi

SetupIterateCabinetW

Exports

Exports

BasicEntry
CreateApp
InstallEntryW
Start
Uninst

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90d8cc29cd7b808cc0da45c0fdb10589

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

psapi

version

iphlpapi

wininet

urlmon

setupapi

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 232KB - Virtual size: 231KB

.data Size: 32KB - Virtual size: 53KB

.rsrc Size: 2.8MB - Virtual size: 2.8MB

.reloc Size: 59KB - Virtual size: 59KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 232KB - Virtual size: 231KB

.data
Size: 32KB - Virtual size: 53KB

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

.reloc
Size: 59KB - Virtual size: 59KB