GameMgmtServer[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

GameMgmtServer.exe
Size

308KB
MD5

d5cb3546ed119db4996c6494bfc54499
SHA1

47f6c6be668fe941f2867799961be1c2e97e3602
SHA256

0b0d0e162e0a9175bde7a7f799f447b653a6b0798b032a217554fd2f76f0ca4b
SHA512

7b932ea1a8e1d89ea93f1b004380120fdf29ce13e52df6bc5d6a6202908886afb7d01d3965c751522772433c6a9330c5f9ce2b2c2a1a93b74a6efaf5f9c5de5d
SSDEEP

3072:f7L2fnqfAS7ncM5031XoNwQ+c0d9j2ta868o/aTSaSAvpJAe2YTWvy51IYAKVxpJ:fX2fg0C+cGoif2CjY6c9AKDGPeD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
GameMgmtServer.exe

Files

GameMgmtServer.exe
.exe windows:4 windows x86 arch:x86

0ecfb3b361cd51ed59a94467eccaca6d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\work_space\buildserver\ServerPH\ServerPH_V1306\GameMgmtServer\ReleasePH\GameMgmtServer.pdb

Imports

pmsconn

?PMSSendWarningMsg@@YAHKPBD0KK@Z
?PMSInitConn@@YAKKQAPAD@Z
?PMSRunConn@@YAKPAUIPMSObject@@@Z
?PMSStopConn@@YAXXZ

kernel32

GetCurrentDirectoryA
GetLastError
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
WaitForSingleObject
CreateThread
GetSystemTime
SetUnhandledExceptionFilter
CreateEventA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
SetEvent
GetTickCount
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
SetLastError
GetProcAddress
GetModuleHandleA
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
GetDiskFreeSpaceExA
lstrlenA
SetCurrentDirectoryA
GetCurrentThread
GetModuleFileNameA
RtlCaptureContext
FormatMessageA
GetPrivateProfileStringA
GetSystemInfo
GetFileSizeEx
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
OutputDebugStringA
SystemTimeToFileTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
SetStdHandle
LoadLibraryA
SetFilePointer
GetStringTypeW
GetStringTypeA
CreateDirectoryA
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
ReadFile
CreateFileA
CloseHandle
WideCharToMultiByte
Sleep
MultiByteToWideChar
OpenProcess
IsValidLocale
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
WriteFile
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
TerminateProcess
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoA
GetProcessHeap
GetVersionExA
GetCommandLineA
GetSystemTimeAsFileTime
SetConsoleCtrlHandler
HeapAlloc
HeapFree
RaiseException
ExitThread
RtlUnwind
IsDebuggerPresent
UnhandledExceptionFilter

user32

MessageBoxA
DispatchMessageA
TranslateMessage
GetMessageA
SetTimer
RegisterClassExA
LoadCursorA
LoadIconA
UpdateWindow
ShowWindow
CreateWindowExA
SendMessageA
PostQuitMessage
SetWindowLongA
GetWindowLongA
MoveWindow
CallWindowProcA
wsprintfA
SetWindowTextA
DefWindowProcA

gdi32

CreateSolidBrush

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA

shlwapi

PathFileExistsA

ws2_32

setsockopt
WSAGetOverlappedResult
inet_ntoa
WSAStartup
WSAGetLastError
WSASocketA
htons
WSARecv
listen
closesocket
WSACleanup
gethostbyname
gethostname
inet_addr
bind
accept
WSASend

dbghelp

StackWalk
SymFunctionTableAccess
SymGetModuleBase
SymInitialize
SymSetOptions
SymGetLineFromAddr
MiniDumpWriteDump
SymCleanup

winmm

timeGetTime

pdh

PdhOpenQueryA
PdhCloseQuery
PdhRemoveCounter
PdhGetFormattedCounterValue
PdhCollectQueryData
PdhEnumObjectItemsA
PdhAddCounterA

psapi

GetProcessMemoryInfo

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime

Sections

.text
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ecfb3b361cd51ed59a94467eccaca6d

Headers

File Characteristics

PDB Paths

Imports

pmsconn

kernel32

user32

gdi32

advapi32

shlwapi

ws2_32

dbghelp

winmm

pdh

psapi

oleaut32

Sections

.text Size: 240KB - Virtual size: 239KB

.rdata Size: 44KB - Virtual size: 40KB

.data Size: 16KB - Virtual size: 56KB

.rsrc Size: 4KB - Virtual size: 176B

.text
Size: 240KB - Virtual size: 239KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 16KB - Virtual size: 56KB

.rsrc
Size: 4KB - Virtual size: 176B