cba2141b23e55a723a7828fad0ba52c1

Sharing

Copy URL Twitter E-mail

General

Target

cba2141b23e55a723a7828fad0ba52c1
Size

15.0MB
MD5

cba2141b23e55a723a7828fad0ba52c1
SHA1

87c6cb6ee15539b6a2a4a4b64534779fce300c00
SHA256

af302885b0c1d3b883c1d58618c86d5e83704dad08d23aa46ba85068345ef04f
SHA512

ad248cb14a12d6b8c22a75c9991184bef0748cedbae5de51bdae11dcbdd0a3834fcb6a75594943b4ed84a07c7ad026ad9149e43e96fcee205133d752959c7b0f
SSDEEP

393216:3/yv4gCNXe/9DRzQVL9zSRtFr0YNCvq7ySJot3zS64f:3/9XBe/9DaVg7Fr0YKq+SJoN4f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/GLWORLD.2.8.1.2.beta.exe

Files

cba2141b23e55a723a7828fad0ba52c1
.rar
GLWORLD.2.8.1.2.beta.exe
.exe windows:4 windows x86 arch:x86

58c815f1eadc834f4c35a63b60701d75

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4396
ord3402
ord3574
ord609
ord656
ord6438
ord2135
ord818
ord2370
ord2688
ord665
ord6241
ord1979
ord6385
ord2915
ord5186
ord354
ord6334
ord6880
ord2642
ord6215
ord5981
ord3797
ord941
ord4224
ord6007
ord3584
ord543
ord803
ord1949
ord4034
ord1175
ord5572
ord5651
ord3127
ord3616
ord2614
ord6197
ord3318
ord5683
ord2859
ord1640
ord2714
ord5873
ord6157
ord289
ord613
ord4476
ord6282
ord6605
ord6453
ord3092
ord6172
ord5789
ord2575
ord1576
ord5785
ord5875
ord6379
ord3706
ord2414
ord3663
ord3626
ord825
ord324
ord323
ord1168
ord1146
ord641
ord640
ord3619
ord3571
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord3361
ord2976
ord3081
ord2985
ord3610
ord2379
ord5710
ord5220
ord296
ord860
ord617
ord2725
ord5289
ord5583
ord6143
ord858
ord5608
ord535
ord924
ord922
ord4202
ord4129
ord2818
ord6662
ord4204
ord2764
ord1134
ord2621
ord5214
ord823
ord6877
ord926
ord939
ord798
ord561
ord541
ord533
ord815
ord801
ord3738
ord4622
ord5714
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord5265
ord4486
ord4274
ord4673
ord470
ord537
ord755
ord6675
ord3301
ord6883
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord1200
ord2645
ord6663
ord4278
ord3998
ord6907
ord6888
ord4299
ord6199
ord4234
ord2302
ord800
ord567
ord540
ord693
ord3640
ord4424
ord3370
ord5290
ord4402
ord1776
ord6055
ord2582
ord2405
ord2446
ord2860
ord4710
ord1641
ord2452
ord3873
ord6378
ord4160
ord4376
ord5442
ord2754
ord4022
ord1792
ord3874
ord2864
ord4275
ord1795

msvcrt

__CxxFrameHandler
_EH_prolog
strlen
memmove
realloc
_strcmpi
printf
free
_strdup
_mbscmp
_purecall
wcslen
_CxxThrowException
strncmp
_strlwr
isdigit
isxdigit
strchr
_snprintf
_setmbcp
strcpy
strncpy
strrchr
_mbschr
strcat
_except_handler3
__set_app_type
__p__fmode
_controlfp
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
strstr
malloc
memcmp
sprintf
memset
_ftol
_strnicmp
_stricmp
_onexit
__dllonexit
calloc
_itoa
_mbsnbcpy
atoi
memcpy
strcmp
wcscmp
_wtoi
_mbsicmp
atol

kernel32

lstrlenA
WideCharToMultiByte
LocalFree
GetPrivateProfileStringA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
ReadFile
GetFileSize
_lclose
_lread
_llseek
_lopen
lstrcpynA
GetPrivateProfileIntA
IsDBCSLeadByte
VirtualQuery
GetStartupInfoA
MoveFileExA
WritePrivateProfileStringA
DeleteFileA
CopyFileA
RemoveDirectoryA
OpenProcess
GetShortPathNameA
InterlockedIncrement
GetLastError
GetFileTime
CompareFileTime
GetVersion
GetWindowsDirectoryA
ResumeThread
SuspendThread
WaitForSingleObject
CreateThread
FindResourceA
LoadResource
LockResource
SizeofResource
LoadLibraryA
GetProcAddress
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FindFirstFileA
FindNextFileA
FindClose
GetDriveTypeA
GetCurrentProcess
GetTempPathA
GetTempFileNameA
CreateProcessA
GetSystemDirectoryA
InterlockedDecrement
CreateDirectoryA
SetCurrentDirectoryA
Sleep
GetModuleHandleA
GetModuleFileNameA
GetVersionExA
CreateFileA
DeviceIoControl
CloseHandle
MultiByteToWideChar

user32

PtInRect
DrawIconEx
LoadBitmapA
SendMessageA
SetWindowRgn
GetWindowDC
EnableWindow
LoadIconA
OffsetRect
SetRect
InflateRect
GetClientRect
GetDC
ReleaseDC
GetFocus
ReleaseCapture
SetFocus
GetCursorPos
ChildWindowFromPointEx
GetParent
PostQuitMessage
InvalidateRect
PostMessageA
SetForegroundWindow
GetWindowRect
ExitWindowsEx
wsprintfA
IsRectEmpty
IntersectRect
SetRectEmpty
CreateCursor
SetCursor
KillTimer
IsZoomed
SystemParametersInfoA
SetActiveWindow
SetWindowLongA
GetActiveWindow
GetKeyState
GetCapture
GetSystemMetrics
SetCapture
CopyRect
ScreenToClient

gdi32

CreateFontIndirectA
DeleteObject
CombineRgn
OffsetRgn
CreateRectRgn
CreatePalette
SelectObject
DeleteDC
CreateDIBitmap
RealizePalette
SelectPalette
StretchBlt
CreateDIBSection
GetStockObject
SetStretchBltMode
ExtCreateRegion
GetTextExtentPoint32A
CreateBitmap
SetDIBitsToDevice
CreateFontA
CreateCompatibleBitmap
CreateCompatibleDC
CreateRoundRectRgn
GetObjectA
BitBlt
GetDeviceCaps
TextOutA
CreateSolidBrush

advapi32

RegQueryValueExA
RegCreateKeyA
RegSetValueA
RegDeleteValueA
RegDeleteKeyA
RegFlushKey
RegCreateKeyExA
RegSetValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA
SHChangeNotify
ShellExecuteA

ole32

OleRun
CoInitialize
CoUninitialize
CreateStreamOnHGlobal
CoCreateInstance

oleaut32

VariantChangeType
SysStringLen
GetErrorInfo
VariantClear
SysFreeString
SysAllocStringByteLen
SysStringByteLen
VariantCopy
VariantInit
SysAllocString

msvcp60

?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z

winmm

PlaySoundA

shlwapi

PathFileExistsA
PathAppendA
PathAddExtensionA
PathCombineA
SHDeleteKeyA
PathIsDirectoryA
SHDeleteEmptyKeyA

olepro32

ord251

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

GL_ZIPCompress
GL_ZIPUncompress

Sections

.text
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 392KB - Virtual size: 390KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

58c815f1eadc834f4c35a63b60701d75

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp60

winmm

shlwapi

olepro32

version

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 136KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 12KB - Virtual size: 22KB

.rsrc Size: 392KB - Virtual size: 390KB

.text
Size: 140KB - Virtual size: 136KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 12KB - Virtual size: 22KB

.rsrc
Size: 392KB - Virtual size: 390KB