c9329eebbf74881a8dcfe3c3890daf94

Sharing

Copy URL Twitter E-mail

General

Target

c9329eebbf74881a8dcfe3c3890daf94
Size

6.4MB
MD5

c9329eebbf74881a8dcfe3c3890daf94
SHA1

1b39085232dd5f870f36e6be72b985438560fa16
SHA256

eeaa4515ba5725c4d189c1a2183cf1f6836e7761c276fe60ad53f8bd51feb9b5
SHA512

8f280d604d5b75404469834ca4dba53b6874665d67b7f490cfc2e5ac40f8b33b8a0031c90cf68176afee0a5b92371fed06a41cdf102d53e38670b1916a760174
SSDEEP

196608:/v9tBuQojJFuJmWGBE9vr84UXQkZH0FrV:H990TuJmMbUXQk0z

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
c9329eebbf74881a8dcfe3c3890daf94
unpack001/$PLUGINSDIR/BrandingURL.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/ReflexiveArcade/ReflexiveArcade.dll
unpack001/crimsonland.exe
unpack001/grim.dll
unpack001/ogg.dll
unpack001/uninst.exe
unpack001/vorbis.dll
unpack001/vorbisfile.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninst.exe	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_2

Files

c9329eebbf74881a8dcfe3c3890daf94
.exe windows:4 windows x86 arch:x86

dfb06052e74b26a42b0e490bd1c07959

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/BrandingURL.dll
.dll windows:4 windows x86 arch:x86

135de77644e2add2fd9dd8176740e7e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GlobalFree

user32

GetWindowRect
SetCapture
InvalidateRect
SendMessageA
GetCapture
ClientToScreen
EnableWindow
LoadImageA
SetPropA
SetWindowLongA
GetWindowLongA
GetDlgItem
PtInRect
ReleaseCapture
SetCursor
GetPropA
CallWindowProcA
RedrawWindow

gdi32

GetObjectA
SetTextColor
CreateFontIndirectA

shell32

ShellExecuteA

Exports

Exports

Set
Unload

Sections

.text
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 839B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$SMPROGRAMS/Ѫȴ/.lnk
.lnk
ReflexiveArcade/Application.dat
ReflexiveArcade/Arcade.dat
ReflexiveArcade/ReflexiveArcade.dll
.dll windows:4 windows x86 arch:x86

9e6f14801f6bdc3266db4264b3f3ab9f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadResource
FindResourceA
GetComputerNameA
GetVersionExA
GetProcAddress
LockResource
GetLastError
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
SizeofResource
GetCurrentProcess
SetPriorityClass
GetShortPathNameA
CreateFileA
CloseHandle
DeviceIoControl
SetCurrentDirectoryA
GetCurrentDirectoryA
GetModuleFileNameA
LoadLibraryA
OutputDebugStringA
GetTickCount
GetTempPathA
CreateProcessA
GetExitCodeProcess
MulDiv
CreateMutexA
WaitForSingleObject
ReleaseMutex
FileTimeToDosDateTime
GetSystemTimeAsFileTime
FindClose
FindFirstFileA
GetTempFileNameA
GetFileAttributesA
CreateDirectoryA
FindNextFileA
GetFileTime
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
FileTimeToLocalFileTime
GetPrivateProfileIntA
WritePrivateProfileStringA
GetVersion
SetFileAttributesA
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
RtlUnwind
ExitProcess
TerminateProcess
HeapAlloc
HeapFree
GetCommandLineA
DeleteFileA
SetEndOfFile
InterlockedDecrement
InterlockedIncrement
HeapReAlloc
GetModuleHandleA
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
HeapSize
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
FlushFileBuffers
ReadFile
SetFilePointer
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
RaiseException
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
CompareStringA
CompareStringW
SetEnvironmentVariableA

user32

LoadCursorA
GetActiveWindow
SetCursorPos
ClientToScreen
SetCursor
SystemParametersInfoA
MessageBoxA
GetDesktopWindow
SetForegroundWindow
ShowWindow
SetTimer
KillTimer
RegisterClipboardFormatA
OpenClipboard
GetCursorPos
WindowFromPoint
ScreenToClient
GetClientRect
CloseClipboard
SetClipboardData
EmptyClipboard
GetClipboardData

advapi32

GetUserNameA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegEnumValueA
RegEnumKeyExA
RegSetValueExA
RegCreateKeyA

netapi32

Netbios

gdi32

DeleteObject

shell32

ShellExecuteA

Exports

Exports

radll_DrawNextFrameIntoBuffer
radll_EnterMenuSession
radll_GetDLLVersionAsInt
radll_GetDLLVersionAsString
radll_GetLastErrorInformation
radll_GetNumberOfRectsToUpdate
radll_GetUpdateRect
radll_GetValueAsFloat
radll_GetValueAsInt
radll_GetValueAsString
radll_HandleWindowsMessage
radll_HasTheProductBeenPurchased
radll_Initialize
radll_IsASystemUpdateRequired
radll_IsTheMenuSessionComplete
radll_SetPalette
radll_ShutDown

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 721KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
autoexec.txt
console.log
crimson.cfg
crimson.paq
crimsonland.exe
.exe windows:4 windows x86 arch:x86

b16962d412a5272e5e0d76e4228e9fed

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryPerformanceCounter
GetLocalTime
GetCommandLineA
GetLastError
CreateDirectoryA
SetEnvironmentVariableA
CompareStringW
CompareStringA
MultiByteToWideChar
GetSystemDirectoryA
WideCharToMultiByte
OutputDebugStringA
LoadLibraryA
SetEndOfFile
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetProcAddress
GetACP
GetCPInfo
GetTimeZoneInformation
CreateFileA
SetStdHandle
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualAlloc
RaiseException
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
LCMapStringW
Sleep
GetOEMCP
IsProcessorFeaturePresent
GetVersionExA
FindFirstFileA
FindNextFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
InterlockedDecrement
InterlockedIncrement
ResumeThread
CreateThread
TlsSetValue
ExitThread
CloseHandle
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
GetVersion
RtlUnwind
HeapReAlloc
HeapAlloc
HeapSize
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetCurrentThreadId
TlsAlloc
SetLastError
TlsGetValue
FlushFileBuffers
WriteFile
DeleteCriticalSection
ReadFile
SetHandleCount
GetStdHandle
GetFileType
SetFilePointer
LCMapStringA
FreeLibrary

user32

GetForegroundWindow
MessageBoxA
GetKeyNameTextA

advapi32

RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyA

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

VariantInit
VariantClear

vorbisfile

ov_pcm_seek
ov_pcm_total
ov_info
ov_open_callbacks
ov_clear
ov_read

urlmon

HlinkNavigateString

winmm

timeGetTime

d3d8

Direct3DCreate8

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wininet

InternetCloseHandle
InternetGetLastResponseInfoA
InternetReadFile
InternetConnectA
InternetOpenA
HttpSendRequestA
HttpOpenRequestA

dsound

ord11

Sections

.text
Size: 432KB - Virtual size: 430KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 421KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
game.cfg
grim.dll
.dll windows:4 windows x86 arch:x86

6a7d9149f19880fdc4c86b19888a9339

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
WinExec
GetLocalTime
FreeLibrary
RemoveDirectoryA
FindFirstFileA
MoveFileA
FindNextFileA
FindClose
LoadLibraryA
DeleteFileA
IsProcessorFeaturePresent
Sleep
UnmapViewOfFile
CreateFileW
CreateFileMappingA
MapViewOfFile
GetFileSize
SetEnvironmentVariableA
CompareStringW
CompareStringA
LocalAlloc
SizeofResource
LockResource
LoadResource
FindResourceA
SetEndOfFile
LCMapStringW
LCMapStringA
SetFileAttributesA
GetProcAddress
GetStringTypeW
GetStringTypeA
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
RtlUnwind
GetCommandLineA
GetVersion
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetLastError
CloseHandle
WriteFile
InitializeCriticalSection
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
SetFilePointer
ExitProcess
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
InterlockedDecrement
InterlockedIncrement
VirtualAlloc
IsBadWritePtr
SetStdHandle
FlushFileBuffers
CreateFileA
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
RaiseException

user32

MessageBoxA
EndDialog
SendMessageA
GetDlgItem
GetWindowTextA
DialogBoxParamA
SetWindowTextA
GetForegroundWindow
InvalidateRect
LoadIconA
PeekMessageA
SetForegroundWindow
TranslateMessage
DispatchMessageA
DefWindowProcA
BeginPaint
EndPaint
ShowCursor
GetClientRect
GetDC
ReleaseDC
PostQuitMessage
DestroyWindow
UnregisterClassA
LoadCursorA
RegisterClassExA
GetDesktopWindow
GetSystemMetrics
GetActiveWindow
AdjustWindowRectEx
CreateWindowExA
UpdateWindow
SetFocus
ShowWindow

gdi32

SelectObject
BitBlt
DeleteDC
CreateDIBSection
DeleteObject
GetStockObject
CreateCompatibleDC

d3d8

Direct3DCreate8

winmm

timeBeginPeriod
timeGetTime
timeEndPeriod

dinput8

DirectInput8Create

urlmon

HlinkNavigateString

advapi32

CryptDestroyHash
CryptAcquireContextA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
CryptDestroyKey
CryptVerifySignatureA
CryptImportKey
CryptHashData
CryptReleaseContext
CryptCreateHash

Exports

Exports

GRIM__GetInterface

Sections

.text
Size: 360KB - Virtual size: 356KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
images/0001_pre.jpg
.jpg
images/0002_pre.jpg
.jpg
images/0003_pre.jpg
.jpg
images/0004_pre.jpg
.jpg
images/0005_pre.jpg
.jpg
images/0006_pre.jpg
.jpg
images/0007_pre.jpg
.jpg
images/0008_pre.jpg
.jpg
images/0009_pre.jpg
.jpg
images/0010_pre.jpg
.jpg
images/0011_pre.jpg
.jpg
images/0012_pre.jpg
.jpg
images/0013_pre.jpg
.jpg
images/0014_pre.jpg
.jpg
images/0015_pre.jpg
.jpg
images/0016_pre.jpg
.jpg
images/0017_pre.jpg
.jpg
images/0018_pre.jpg
.jpg
images/0019_pre.jpg
.jpg
images/0020_pre.jpg
.jpg
images/0021_pre.jpg
.jpg
images/0022_pre.jpg
.jpg
images/0023_pre.jpg
.jpg
images/0026_pre.jpg
.jpg
images/0031_pre.jpg
.jpg
images/0032_pre.jpg
.jpg
images/SCREEN01.jpg
.jpg
images/bon_1000pts.jpg
.jpg
images/bon_500pts.jpg
.jpg
images/bon_fireblast2.jpg
.jpg
images/bon_firebullets.jpg
.jpg
images/bon_freeze.jpg
.jpg
images/bon_medikit.jpg
.jpg
images/bon_nuke.jpg
.jpg
images/bon_reflex.jpg
.jpg
images/bon_shield.jpg
.jpg
images/bon_shock.jpg
.jpg
images/bon_speed3.jpg
.jpg
images/bon_wepSpeed.jpg
.jpg
images/bon_x2.jpg
.jpg
images/logo_crimsonland.jpg
.jpg
license.txt
manual.html
.html
music/crimson_theme.ogg
music/crimsonquest.ogg
music/game_tunes.txt
music/gt1_ingame.ogg
music/gt2_harppen.ogg
music/intro.ogg
music/shortie_monk.ogg
ogg.dll
.dll windows:4 windows x86 arch:x86

f402829fa5197e576c2d2672a068ba81

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileType
HeapReAlloc
HeapFree
GetCommandLineA
GetVersion
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
RtlUnwind
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
HeapAlloc
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Exports

Exports

ogg_packet_clear
ogg_page_bos
ogg_page_continued
ogg_page_eos
ogg_page_granulepos
ogg_page_packets
ogg_page_pageno
ogg_page_serialno
ogg_page_version
ogg_stream_clear
ogg_stream_destroy
ogg_stream_eos
ogg_stream_flush
ogg_stream_init
ogg_stream_packetin
ogg_stream_packetout
ogg_stream_packetpeek
ogg_stream_pagein
ogg_stream_pageout
ogg_stream_reset
ogg_stream_reset_serialno
ogg_sync_buffer
ogg_sync_clear
ogg_sync_destroy
ogg_sync_init
ogg_sync_pageout
ogg_sync_pageseek
ogg_sync_reset
ogg_sync_wrote
oggpack_adv
oggpack_adv1
oggpack_bits
oggpack_bytes
oggpack_get_buffer
oggpack_look
oggpack_look1
oggpack_read
oggpack_read1
oggpack_readinit
oggpack_reset
oggpack_write
oggpack_writealign
oggpack_writeclear
oggpack_writeinit

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
scores4/questhc1_1.hi
sfx.paq
uninst.exe
.exe windows:4 windows x86 arch:x86

dfb06052e74b26a42b0e490bd1c07959

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
updates.dat
vorbis.dll
.dll windows:4 windows x86 arch:x86

f9e5b92aeb3cb2df32d09eb499cf0f10

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ogg

oggpack_writealign
oggpack_bytes
oggpack_readinit
oggpack_look
oggpack_adv
oggpack_read
oggpack_write
oggpack_writeclear
oggpack_writeinit
oggpack_reset
oggpack_get_buffer

msvcrt

_CIpow
free
calloc
_adjust_fdiv
_initterm
ldexp
ceil
_ftol
malloc
realloc
memmove
floor
frexp
toupper
qsort

kernel32

DisableThreadLibraryCalls

Exports

Exports

_floor_P
_mapping_P
_residue_P
vorbis_analysis
vorbis_analysis_blockout
vorbis_analysis_buffer
vorbis_analysis_headerout
vorbis_analysis_init
vorbis_analysis_wrote
vorbis_bitrate_addblock
vorbis_bitrate_flushpacket
vorbis_block_clear
vorbis_block_init
vorbis_comment_add
vorbis_comment_add_tag
vorbis_comment_clear
vorbis_comment_init
vorbis_comment_query
vorbis_comment_query_count
vorbis_commentheader_out
vorbis_dsp_clear
vorbis_encode_setup_init
vorbis_encode_setup_managed
vorbis_encode_setup_vbr
vorbis_info_blocksize
vorbis_info_clear
vorbis_info_init
vorbis_packet_blocksize
vorbis_synthesis
vorbis_synthesis_blockin
vorbis_synthesis_headerin
vorbis_synthesis_init
vorbis_synthesis_pcmout
vorbis_synthesis_read
vorbis_synthesis_trackonly

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 860KB - Virtual size: 872KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vorbis.txt
vorbisfile.dll
.dll windows:4 windows x86 arch:x86

f7f3b65d02aadf0bf4ae2da698f9d79b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ogg

ogg_page_eos
ogg_stream_packetpeek
ogg_page_continued
ogg_page_granulepos
ogg_page_serialno
ogg_sync_reset
ogg_stream_clear
ogg_stream_init
ogg_sync_pageseek
ogg_stream_packetout
ogg_stream_reset_serialno
ogg_stream_pagein
ogg_sync_wrote
ogg_sync_init
ogg_sync_buffer
ogg_sync_clear

vorbis

vorbis_packet_blocksize
vorbis_synthesis
vorbis_synthesis_init
vorbis_block_init
vorbis_info_blocksize
vorbis_synthesis_trackonly
vorbis_synthesis_blockin
vorbis_info_init
vorbis_comment_init
vorbis_synthesis_headerin
vorbis_block_clear
vorbis_dsp_clear
vorbis_info_clear
vorbis_comment_clear
vorbis_synthesis_read
vorbis_synthesis_pcmout

msvcrt

free
_errno
malloc
calloc
ftell
fclose
realloc
fseek
floor
_adjust_fdiv
fread
_ftol
_initterm

kernel32

DisableThreadLibraryCalls

Exports

Exports

ov_bitrate
ov_bitrate_instant
ov_clear
ov_comment
ov_info
ov_open
ov_open_callbacks
ov_pcm_seek
ov_pcm_seek_page
ov_pcm_tell
ov_pcm_total
ov_raw_seek
ov_raw_tell
ov_raw_total
ov_read
ov_seekable
ov_serialnumber
ov_streams
ov_test
ov_test_callbacks
ov_test_open
ov_time_seek
ov_time_seek_page
ov_time_tell
ov_time_total

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
whatsupdated.txt
.lnk
.lnk

Sharing

General

Malware Config

Signatures

Files

dfb06052e74b26a42b0e490bd1c07959

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 112KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 28KB - Virtual size: 28KB

135de77644e2add2fd9dd8176740e7e0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 992B

.rdata Size: 1024B - Virtual size: 839B

.data Size: 512B - Virtual size: 336B

.reloc Size: 512B - Virtual size: 220B

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

9e6f14801f6bdc3266db4264b3f3ab9f

Headers

File Characteristics

Imports

kernel32

user32

advapi32

netapi32

gdi32

shell32

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 116KB - Virtual size: 112KB

.data Size: 84KB - Virtual size: 721KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 80KB - Virtual size: 78KB

b16962d412a5272e5e0d76e4228e9fed

Headers

File Characteristics

Imports

kernel32

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 112KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 28KB - Virtual size: 28KB

.text
Size: 1024B - Virtual size: 992B

.rdata
Size: 1024B - Virtual size: 839B

.data
Size: 512B - Virtual size: 336B

.reloc
Size: 512B - Virtual size: 220B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 116KB - Virtual size: 112KB

.data
Size: 84KB - Virtual size: 721KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 80KB - Virtual size: 78KB

.text
Size: 432KB - Virtual size: 430KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 56KB - Virtual size: 421KB

.data1
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 5KB

.text
Size: 360KB - Virtual size: 356KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 44KB - Virtual size: 65KB

.data1
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 180KB - Virtual size: 176KB

.reloc
Size: 20KB - Virtual size: 18KB

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 13KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 112KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 28KB - Virtual size: 28KB