8b1ceda3a35b3d65938796fac0983bee1d9898507426b15815302cea70027aa8

Sharing

Copy URL Twitter E-mail

General

Target

8b1ceda3a35b3d65938796fac0983bee1d9898507426b15815302cea70027aa8
Size

4.3MB
MD5

59580fc435d763c84f18b636456511a9
SHA1

5ea79845496e7dc65834fa0a613673c642e641de
SHA256

8b1ceda3a35b3d65938796fac0983bee1d9898507426b15815302cea70027aa8
SHA512

df1b09a1d5d9ea6a4d1ee51e5fa1984ef81cfbdb83352ffa93467c954bafa67e47643727e98cb0c44dea71a52cbe3214995cabd4500cd913e1380ea14af553ac
SSDEEP

49152:DGu/FH8DW4vrZUmTkv2UbSIoK+AdVTsyo+qEOriX8umOPVm3Rq4NhQNTC/o24w4a:Su/FcW4O/b2K+zDy8ut0ZEpw4cXoMr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b1ceda3a35b3d65938796fac0983bee1d9898507426b15815302cea70027aa8

Files

8b1ceda3a35b3d65938796fac0983bee1d9898507426b15815302cea70027aa8
.exe windows:5 windows x86 arch:x86

599b343141e90dc00c86329bc3544e6f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\svn-下载器\trunk\bin\Win32\Release\gamestart\gamestart.pdb

Imports

wininet

InternetCheckConnectionW
GetUrlCacheEntryInfoW
InternetOpenW
InternetCrackUrlW
InternetOpenUrlW
DeleteUrlCacheEntryW
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetQueryDataAvailable
InternetSetOptionExW
InternetQueryOptionW
InternetCanonicalizeUrlW
InternetReadFile
InternetConnectW
HttpSendRequestW
HttpAddRequestHeadersW
HttpQueryInfoW
HttpOpenRequestW
InternetCloseHandle

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

GetModuleBaseNameW
EnumProcessModules
GetModuleFileNameExW
EnumProcesses

dbghelp

MiniDumpWriteDump

kernel32

HeapValidate
FlushFileBuffers
GetTempPathW
HeapSize
LockFileEx
GetDiskFreeSpaceW
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
OutputDebugStringA
GetVersionExA
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
IsBadWritePtr
GetShortPathNameW
OpenProcess
TerminateProcess
ResumeThread
SetFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
FileTimeToSystemTime
SetEvent
CreateEventW
ExitThread
WaitForMultipleObjects
GetDriveTypeW
SetVolumeLabelW
GetDiskFreeSpaceExW
ReleaseSemaphore
CreateSemaphoreW
SetLastError
MulDiv
FileTimeToLocalFileTime
GetThreadLocale
DuplicateHandle
GetVolumeInformationW
FormatMessageW
lstrcmpW
InterlockedExchange
CompareStringA
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
GlobalDeleteAtom
GlobalAddAtomW
GetModuleHandleA
CompareStringW
GlobalFindAtomW
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetFileSizeEx
GetFileTime
SetErrorMode
GlobalFlags
UnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetConsoleCP
GetConsoleMode
GetFileType
SetStdHandle
RtlUnwind
VirtualProtect
VirtualAlloc
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
VirtualFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
HeapCreate
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetCurrentDirectoryA
GetDriveTypeA
SetEnvironmentVariableA
FormatMessageA
GetProcessHeap
UnlockFileEx
OutputDebugStringW
WaitForSingleObjectEx
LockFile
FlushViewOfFile
UnlockFile
InterlockedCompareExchange
HeapFree
QueryPerformanceCounter
SystemTimeToFileTime
HeapAlloc
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
TryEnterCriticalSection
SetFilePointer
HeapCompact
CreateMutexW
GetFileSize
CreateFileA
HeapReAlloc
GetFullPathNameA
GetFullPathNameW
FindNextFileW
GetExitCodeProcess
FindClose
FindFirstFileW
DeleteCriticalSection
lstrcmpiW
EnterCriticalSection
RaiseException
LeaveCriticalSection
LoadLibraryExW
FreeLibrary
FreeResource
CreateThread
GetPrivateProfileIntW
GlobalUnlock
GetVersionExW
InitializeCriticalSection
GlobalLock
InterlockedIncrement
CreatePipe
GetStartupInfoW
ReadFile
LoadLibraryW
CreateProcessW
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
SetUnhandledExceptionFilter
GetCommandLineW
LoadLibraryA
InterlockedDecrement
MoveFileW
RemoveDirectoryW
LocalAlloc
GlobalFree
GlobalAlloc
GetModuleFileNameW
WaitForSingleObject
SetEnvironmentVariableW
lstrlenA
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
WriteFile
DeleteFileW
CloseHandle
CreateFileW
GetTickCount
GetProcAddress
GetLastError
CreateDirectoryA
WritePrivateProfileStringW
MultiByteToWideChar
CopyFileW
Sleep
GetSystemDirectoryW
GetPrivateProfileStringW
GetModuleHandleW
CreateDirectoryW
LockResource
lstrlenW
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceW
SetFileAttributesW
GetFileAttributesW
GetSystemTimeAsFileTime
GetFileAttributesA
WriteConsoleA
HeapDestroy
lstrcmpA

user32

PostThreadMessageW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetWindowTextW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetDlgCtrlID
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
UnhookWindowsHookEx
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
GetNextDlgTabItem
GetSysColor
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
GetActiveWindow
GetKeyState
PeekMessageW
ValidateRect
GetWindow
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetLastActivePopup
IsWindowEnabled
CharUpperW
GetMenuState
GetMenuItemID
GetMenuItemCount
SetRectEmpty
SetCapture
SetFocus
CallWindowProcW
GetDesktopWindow
GetWindowThreadProcessId
TrackPopupMenu
GetSubMenu
DeleteMenu
LoadMenuW
SetMenuItemInfoW
MonitorFromWindow
GetMonitorInfoW
ScreenToClient
GetCursorPos
CharNextW
CopyRect
UpdateLayeredWindow
SetCursor
SetTimer
LoadImageW
KillTimer
LoadCursorW
PtInRect
wsprintfW
InvalidateRect
IsWindowVisible
EndPaint
DestroyMenu
UnregisterClassW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableW
GetWindowRect
GetWindowDC
PostMessageW
GetSysColorBrush
RegisterClipboardFormatW
SetWindowTextW
IsDialogMessageW
EndDialog
GetParent
BeginPaint
GetDC
RegisterClassExW
GetWindowLongW
CreateWindowExA
ReleaseDC
SetWindowLongW
SetWindowPos
ShowWindow
IsWindow
EqualRect
ReleaseCapture
DefWindowProcW
MoveWindow
IsIconic
GetClientRect
LoadIconW
GetSystemMetrics
SendMessageW
EnableWindow
SendMessageTimeoutW
MessageBoxW
DispatchMessageW

gdi32

SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetStockObject
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
Escape
SetTextColor
ExtTextOutW
TextOutW
RectVisible
PtVisible
SetBkColor
RestoreDC
SaveDC
CreateBitmap
DeleteDC
ScaleViewportExtEx
SetViewportExtEx
CreateDIBSection
GetDeviceCaps
BitBlt
OffsetViewportOrgEx
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
GetWindowExtEx
GetViewportExtEx
GetClipBox
SetMapMode
SetViewportOrgEx

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegQueryValueW
RegEnumKeyW
RegQueryValueExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegSetValueExW
InitializeSecurityDescriptor
RegOpenKeyW
RegCreateKeyExW
RegCloseKey

shell32

SHGetPathFromIDListW
ExtractIconW
ShellExecuteExW
ShellExecuteW
SHFileOperationW
CommandLineToArgvW
Shell_NotifyIconW
SHGetSpecialFolderLocation

comctl32

_TrackMouseEvent

shlwapi

UrlUnescapeW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathFindFileNameW
PathFileExistsW

oledlg

OleUIBusyW

ole32

OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CoRevokeClassObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
OleRun
OleDraw
OleCreate
OleSetContainedObject
CoInitialize
CreateStreamOnHGlobal
CoUninitialize

oleaut32

VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SystemTimeToVariantTime
SysAllocStringLen
SysStringLen
VarUI4FromStr
VariantChangeType
VariantInit
VariantClear
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString
OleCreateFontIndirect
OleCreatePictureIndirect
GetErrorInfo

gdiplus

GdipCreatePath
GdipDeletePath
GdipGetFontSize
GdipAddPathString
GdipGetFamily
GdipGetFontStyle
GdipGetPathWorldBounds
GdipDrawRectangleI
GdipDeleteStringFormat
GdipCreatePen1
GdipCreateStringFormat
GdipFillRectangleI
GdipSetSolidFillColor
GdipCreateFontFamilyFromName
GdipDrawString
GdipCreateImageAttributes
GdipCreateFont
GdipDisposeImageAttributes
GdipCreateSolidFill
GdipFree
GdipAlloc
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipGetImageHeight
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageWidth
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipDrawImageRectRect
GdipDeleteBrush
GdipDeletePen
GdipCloneBrush
GdipSetImageAttributesColorMatrix
GdipSetTextRenderingHint
GdipDeleteFont
GdipSetImageAttributesWrapMode
GdipSetStringFormatAlign
GdipDeleteFontFamily

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

netapi32

Netbios

snmpapi

SnmpUtilVarBindFree
SnmpUtilOidCpy
SnmpUtilOidNCmp

ws2_32

gethostbyname
send
connect
select
WSAGetLastError
htons
recv
socket
__WSAFDIsSet
closesocket
WSAStartup

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

599b343141e90dc00c86329bc3544e6f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

version

psapi

dbghelp

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

iphlpapi

netapi32

snmpapi

ws2_32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 240KB - Virtual size: 239KB

.data Size: 45KB - Virtual size: 72KB

.rsrc Size: 2.4MB - Virtual size: 2.4MB

.reloc Size: 88KB - Virtual size: 87KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 240KB - Virtual size: 239KB

.data
Size: 45KB - Virtual size: 72KB

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

.reloc
Size: 88KB - Virtual size: 87KB