ae317cae8b92d62eb95e9145f013059b

Sharing

Copy URL Twitter E-mail

General

Target

ae317cae8b92d62eb95e9145f013059b
Size

268KB
MD5

ae317cae8b92d62eb95e9145f013059b
SHA1

5c3ecd12a389f3e869eb311b7a57a6113449e2b6
SHA256

d4a762c5cb1dcec581accaf1202e157eaa7a86d266d50360b2ddc857daef2b97
SHA512

676ed2eefe02ca616fcb3b01d6620a836a5e5ac005810962fb419cb775901c4934c8840240cf634f6f8872008e123c2f4ae8b7b7aed702fa1f78c3b5d0746d26
SSDEEP

6144:EJwR1z1508CXX9sDByEdmGv1G91MTYkgIAOEb2/u:Eunx508CXXSo3vWY4yaW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ae317cae8b92d62eb95e9145f013059b

Files

ae317cae8b92d62eb95e9145f013059b
.dll windows:4 windows x86 arch:x86

901efe6b4d4091780eec790c288ab566

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Documents and Settings\admin\Desktop\hl2project\Hl2\Release\HL2.pdb

Imports

kernel32

GetProcAddress
GetModuleHandleA
VirtualProtect
Sleep
CreateThread
IsBadReadPtr
ExitProcess
GetModuleFileNameA
VirtualQuery
HeapAlloc
GetProcessHeap
CloseHandle
GetLocaleInfoW
FlushFileBuffers
GetSystemInfo
VirtualAlloc
SetStdHandle
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
RtlUnwind
GetLocalTime
GetCurrentThreadId
GetCommandLineA
GetVersionExA
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
SetUnhandledExceptionFilter
IsBadWritePtr
IsBadCodePtr
SetFilePointer
RaiseException
InitializeCriticalSection
InterlockedExchange
LoadLibraryA
LCMapStringA
MultiByteToWideChar
LCMapStringW
QueryPerformanceCounter
ReadFile

user32

GetWindowTextA
GetAsyncKeyState
FindWindowA

shell32

ShellExecuteA

vstdlib

RandomFloat
Q_strncpy
Q_snprintf
KeyValuesSystem
Q_strnicmp
RandomSeed

tier0

g_VProfCurrentProfile
?GetSubNode@CVProfNode@@QAEPAV1@PBDH0H@Z
?EnterScope@CVProfNode@@QAEXXZ
Msg
Error
g_pMemAlloc
GetCPUInformation
?ExitScope@CVProfNode@@QAE_NXZ

Sections

.text
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

901efe6b4d4091780eec790c288ab566

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

vstdlib

tier0

Sections

.text Size: 192KB - Virtual size: 191KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 12KB - Virtual size: 214KB

.reloc Size: 20KB - Virtual size: 17KB

.text
Size: 192KB - Virtual size: 191KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 12KB - Virtual size: 214KB

.reloc
Size: 20KB - Virtual size: 17KB