a192c4775ddcf657e5f6d99f7909f5a350ed98dc3ca9b0b69e8d8080bffd7bbd

Sharing

Copy URL Twitter E-mail

General

Target

a192c4775ddcf657e5f6d99f7909f5a350ed98dc3ca9b0b69e8d8080bffd7bbd
Size

431KB
MD5

aeb769de9f91a18858031d1e7b0d5d02
SHA1

b097bce8729cb5c97eeda1f32fbaa40be404ea64
SHA256

a192c4775ddcf657e5f6d99f7909f5a350ed98dc3ca9b0b69e8d8080bffd7bbd
SHA512

05d07b691ce75923b4c322162ce3e95906534720602fc8e3c7a17471c110ce555488b067769d371c4c0bf1b1d3ccac1b66df1a3c820911ce36a401e0b141ccfa
SSDEEP

6144:70JRQR/pqUjvWXXmBOLXvhe/9ycsxCHWxLM3yruITq14vFo:70JRi/sEuHVJ89F3W5nKITqo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a192c4775ddcf657e5f6d99f7909f5a350ed98dc3ca9b0b69e8d8080bffd7bbd

Files

a192c4775ddcf657e5f6d99f7909f5a350ed98dc3ca9b0b69e8d8080bffd7bbd
.exe windows:5 windows x86 arch:x86

f3a46208400888a86eab14bab9a2610e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

I:\doub1\海盗王\HDW 1.3 Source(出售坏哥哥)\HDW 1.3 Source(出售坏哥哥)\server\gateserver\bin\gateserver.pdb

Imports

ws2_32

connect
__WSAFDIsSet
getsockopt
getsockname
ioctlsocket
htonl
listen
select
inet_addr
send
recv
WSAGetLastError
shutdown
gethostbyname
ntohl
WSACleanup
WSAStartup
socket
setsockopt
sendto
recvfrom
ntohs
inet_ntoa
htons
closesocket
bind
accept

kernel32

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
Sleep
CloseHandle
GetTickCount
GetConsoleWindow
GetStdHandle
SetConsoleTextAttribute
GetLocalTime
lstrlenA
CreateThread
SetThreadPriority
TerminateThread
WaitForSingleObject
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
GetVersionExA
GetCurrentThread
GetCurrentThreadId
ReleaseSemaphore
CreateSemaphoreA
WideCharToMultiByte
MoveFileA
InitializeCriticalSection
OutputDebugStringA
HeapAlloc
HeapFree
GetProcessHeap
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapSize
GetCurrentProcess
SetEndOfFile
CreateFileW
WriteConsoleW
SetStdHandle
OutputDebugStringW
HeapReAlloc
CreateDirectoryW
GetFileAttributesExW
ReadConsoleW
SetFilePointerEx
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
GetConsoleMode
GetConsoleCP
GetOEMCP
GetACP
IsValidCodePage
LoadLibraryExW
SetLastError
GetModuleFileNameW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
ReadFile
IsProcessorFeaturePresent
IsDebuggerPresent
GetCommandLineA
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
SetConsoleCtrlHandler
AreFileApisANSI
GetProcAddress
GetModuleHandleExW
EncodePointer
DecodePointer
MultiByteToWideChar
GetStringTypeW
GetModuleFileNameA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetLastError
ExitProcess
WriteFile

user32

MessageBoxA
EnableMenuItem
GetSystemMenu

icuuc48

?getNext@ResourceBundle@icu_48@@QAE?AV12@AAW4UErrorCode@@@Z
?getKey@ResourceBundle@icu_48@@QBEPBDXZ
?resetIterator@ResourceBundle@icu_48@@QAEXXZ
?hasNext@ResourceBundle@icu_48@@QBECXZ
?getString@ResourceBundle@icu_48@@QBE?AVUnicodeString@2@AAW4UErrorCode@@@Z
??1ResourceBundle@icu_48@@UAE@XZ
??0ResourceBundle@icu_48@@QAE@PBDABVLocale@1@AAW4UErrorCode@@@Z
??1Locale@icu_48@@UAE@XZ
??0Locale@icu_48@@QAE@PBD000@Z
?getChinese@Locale@icu_48@@SAABV12@XZ
??1UnicodeString@icu_48@@UAE@XZ
?getTerminatedBuffer@UnicodeString@icu_48@@QAEPB_WXZ
??3UMemory@icu_48@@SAXPAX@Z
??2UMemory@icu_48@@SAPAXI@Z
ucnv_open_48
ucnv_close_48
ucnv_getMaxCharSize_48
?getDynamicClassID@ResourceBundle@icu_48@@UBEPAXXZ
?setDefault@Locale@icu_48@@SAXABV12@AAW4UErrorCode@@@Z
ucnv_fromUChars_48

Sections

.text
Size: 310KB - Virtual size: 310KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3a46208400888a86eab14bab9a2610e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

icuuc48

Sections

.text Size: 310KB - Virtual size: 310KB

.rdata Size: 78KB - Virtual size: 78KB

.data Size: 10KB - Virtual size: 24KB

.rsrc Size: 10KB - Virtual size: 10KB

.reloc Size: 20KB - Virtual size: 20KB

.text
Size: 310KB - Virtual size: 310KB

.rdata
Size: 78KB - Virtual size: 78KB

.data
Size: 10KB - Virtual size: 24KB

.rsrc
Size: 10KB - Virtual size: 10KB

.reloc
Size: 20KB - Virtual size: 20KB