c781eda07cb8f39d338e9d32c589ee24

Sharing

Copy URL Twitter E-mail

General

Target

c781eda07cb8f39d338e9d32c589ee24
Size

651KB
MD5

c781eda07cb8f39d338e9d32c589ee24
SHA1

e233e0f27d6c5c2b7235bf9406a70b3c22d4bcc0
SHA256

bd4d572fdee36a31a55e1d29eb63076fe00c7204c17b62a466e838a754400d8d
SHA512

0aaedf5e66de3a91cbf7c0f54b919cb09ecf96019331ecfc2a5411dbba92969710eff07a1464ff8587e1ca1bccfab783e7158efb3647d2666fd99cee22f4e192
SSDEEP

12288:2572EqPgzPK7GFAyekkH052beWGum6hL4DAkHQxR:2XJzPKaFHy0sm+4DdoR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Borderlands The Pre-Sequel V06.04.2019 Trainer +17 MrAntiFun.exe

Files

c781eda07cb8f39d338e9d32c589ee24
.zip
ALI213-使用说明.txt
Borderlands The Pre-Sequel V06.04.2019 Trainer +17 MrAntiFun.exe
.exe windows:6 windows x86 arch:x86

8d5b9200d4d17e29858cc416e1b320dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
Module32First
Module32Next
OpenProcess
VirtualQueryEx
ReadProcessMemory
GetSystemInfo
VirtualAllocEx
GetLastError
VirtualFreeEx
VirtualProtectEx
WriteProcessMemory
VirtualProtect
GetCurrentProcess
Beep
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
Sleep
TerminateProcess

user32

SetWindowsHookExA
CallNextHookEx

winmm

PlaySoundA

vcruntime140

memmove
__CxxQueryExceptionSize
__CxxExceptionFilter
__CxxRegisterExceptionObject
_except_handler4_common
memset
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__CxxDetectRethrow
__CxxUnregisterExceptionObject
__FrameUnwindFilter

api-ms-win-crt-string-l1-1-0

_stricmp

api-ms-win-crt-runtime-l1-1-0

terminate
_controlfp_s
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_register_thread_local_exe_atexit_callback
_c_exit
abort
_seh_filter_exe
_exit
exit
_initterm_e
_initterm
_get_narrow_winmain_command_line
_initialize_narrow_environment
_configure_narrow_argv
_cexit
_set_app_type

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free
_set_new_mode

msvcp140

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ

mscoree

_CorExeMain

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 459KB - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 500.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 335KB - Virtual size: 335KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
游侠NETSHOW论坛.url
游侠网热门单机游戏.url

Sharing

General

Malware Config

Signatures

Files

8d5b9200d4d17e29858cc416e1b320dd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

winmm

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

msvcp140

mscoree

Sections

.text Size: 41KB - Virtual size: 40KB

.rdata Size: 459KB - Virtual size: 458KB

.data Size: 1KB - Virtual size: 500.0MB

.gfids Size: 512B - Virtual size: 72B

.rsrc Size: 335KB - Virtual size: 335KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 41KB - Virtual size: 40KB

.rdata
Size: 459KB - Virtual size: 458KB

.data
Size: 1KB - Virtual size: 500.0MB

.gfids
Size: 512B - Virtual size: 72B

.rsrc
Size: 335KB - Virtual size: 335KB

.reloc
Size: 2KB - Virtual size: 1KB