e1f9d0f864bb89a7084b8af4c959d04c

Sharing

Copy URL

Twitter E-mail

General

Target

e1f9d0f864bb89a7084b8af4c959d04c
Size

4.8MB
MD5

e1f9d0f864bb89a7084b8af4c959d04c
SHA1

9c62226f3fff8dc2837f8ca35cd971fdff1cd4ec
SHA256

cf1df17c2105cf334c8e66dea374d34639ada4d4f51492a30901ab60591567ab
SHA512

bff25cd9172201138745716c4d7576b6543825be8f50bd6fad21050ca2059cc0289b88f5374df0b3efc07ea78f1bffc61b604cb005c118a222a6a1183ac79805
SSDEEP

98304:Ju4SN45NAQlMorMuMdt2W0bEJ4xDamohP4gsCUDkMkmLOMhO:G45Nd29/dt2WsEJnSClLmLOuO

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack002/Editor/MarioXPEdit.exe	aspack_v212_v242

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/HA_MarioXP120_DYJ.exe
unpack002/$PLUGINSDIR/AdvSplash.dll
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/StartMenu.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/CNCS32.DLL
unpack002/Editor/MarioXPEdit.exe
unpack002/MarioXP.exe
unpack002/uninst.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/HA_MarioXP120_DYJ.exe	nsis_installer_1
static1/unpack002/uninst.exe	nsis_installer_1

Files

e1f9d0f864bb89a7084b8af4c959d04c
.rar
HA_MarioXP120_DYJ.exe
.exe windows:4 windows x86 arch:x86

5f65217e6605a4cda5d136ec8a66748c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
CompareFileTime
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
lstrcatA
GetSystemDirectoryA
SetFileTime
CloseHandle
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
MulDiv
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
SystemParametersInfoA
RegisterClassA
EndDialog
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
CreateDialogParamA
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
InvalidateRect
CreateWindowExA
GetWindowLongA
DrawFocusRect
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
TrackPopupMenu
wsprintfA
SendMessageA
CallWindowProcA
MapWindowPoints
GetWindowRect
ScreenToClient
PtInRect
LoadCursorA
SetCursor
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
EnableWindow

gdi32

SetBkColor
GetDeviceCaps
GetCurrentObject
GetObjectA
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegEnumKeyA
RegEnumValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegQueryValueExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 312KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/AdvSplash.dll
.dll windows:4 windows x86 arch:x86

741b6bafe355b63a372d737b30543a95

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GetVersion
lstrcpyA
lstrcatA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree

user32

LoadCursorA
RegisterClassA
SetWindowPos
SetWindowLongA
SystemParametersInfoA
EndPaint
GetClientRect
BeginPaint
DefWindowProcA
DestroyWindow
LoadImageA
CreateWindowExA
IsWindow
GetMessageA
DispatchMessageA
UnregisterClassA
wsprintfA
PostMessageA
SetWindowRgn
EnumDisplaySettingsA

gdi32

CombineRgn
CreateRectRgn
GetDIBits
SelectObject
CreateCompatibleDC
GetObjectA
DeleteDC
BitBlt
DeleteObject

winmm

timeSetEvent
PlaySoundA
timeKillEvent

Exports

Exports

show

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Splash_δ-1.bmp
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

7d85f9c30f9e87a65fff848de2c96ac1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalAlloc
MulDiv
GetModuleHandleA
GlobalFree
FindClose
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcatA
lstrcpyA

user32

GetMessageA
IsDialogMessageA
PostMessageA
CallWindowProcA
TranslateMessage
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
GetWindowTextA
IsDlgButtonChecked
DispatchMessageA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
GetWindowLongA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

Exports

Exports

Init
Select
Show

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/bgm_1.mid
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
CNCS32.DLL
.dll windows:4 windows x86 arch:x86

2927b6e02f5f1f8f55570102238e5a91

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

waveOutPrepareHeader
mciSendCommandA
waveOutReset
waveOutWrite
waveOutUnprepareHeader
timeSetEvent
waveOutClose
waveOutOpen
timeGetTime
timeKillEvent
timeGetDevCaps

kernel32

_lclose
_lopen
_hread
_lread
lstrcatA
_llseek
GlobalDeleteAtom
GlobalReAlloc
SetEnvironmentVariableA
HeapReAlloc
GetModuleHandleA
GetPrivateProfileIntA
GlobalSize
lstrcpyA
SetCurrentDirectoryA
GetCurrentDirectoryA
SetErrorMode
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleFileNameA
LocalFree
LocalAlloc
GlobalUnlock
GlobalLock
FindResourceA
SizeofResource
LoadResource
GlobalAlloc
GlobalFree
GetVersion
lstrcmpA
IsBadReadPtr
GlobalAddAtomA
GetProfileStringA
lstrcmpiA
GetCurrentThreadId
lstrlenA
GetStringTypeW
GetLocaleInfoA
GetLocaleInfoW
FlushFileBuffers
CloseHandle
SetStdHandle
SetFilePointer
CompareStringA
CompareStringW
LockResource
FreeResource
LCMapStringW
LCMapStringA
HeapAlloc
HeapFree
WriteFile
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
MultiByteToWideChar
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
GetStdHandle
GetTimeZoneInformation
VirtualAlloc
GetFileType
SetHandleCount
VirtualFree
HeapCreate
HeapDestroy
GetStringTypeA
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentProcess
TerminateProcess
ExitProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCommandLineA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindNextFileA
FindFirstFileA
GetLastError
TlsGetValue

user32

ExcludeUpdateRgn
GetWindowTextA
ClientToScreen
IsWindowEnabled
DrawTextA
GetFocus
EndPaint
IntersectRect
DrawFocusRect
GetParent
ScreenToClient
GetClassNameA
CallNextHookEx
InvalidateRect
GetSysColor
GetDC
MapWindowPoints
ShowCaret
BeginPaint
GetWindowDC
GetWindowRect
InflateRect
OffsetRect
ReleaseDC
GetWindowLongA
IsChild
GetWindow
SetWindowsHookExA
UnhookWindowsHookEx
CharNextA
GetClientRect
RemovePropA
CallWindowProcA
SendMessageA
SetWindowLongA
SetPropA
GetPropA
HideCaret
RegisterClassA
DialogBoxParamA
CreateDialogParamA
LoadBitmapA
SetFocus
SetCapture
GetCapture
ReleaseCapture
GetDlgCtrlID
SendDlgItemMessageA
CopyRect
GetDlgItem
EnumChildWindows
DefFrameProcA
DefMDIChildProcA
IsIconic
GetUpdateRect
DefWindowProcA
IsDialogMessageA
TranslateMDISysAccel
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
FillRect
GetKeyState
PostMessageA
SetCursor
SetWindowPos
TrackPopupMenu
GetMenuItemCount
GetMenuItemID
GetMenuStringA
GetMenuState
GetSubMenu
ModifyMenuA
SetMenu
ShowWindow
UpdateWindow
AdjustWindowRectEx
LoadCursorA
CreateWindowExA
DestroyWindow
GetSystemMetrics
GetClassInfoA
GetMessageA
PeekMessageA
GetTabbedTextExtentA

gdi32

DeleteObject
PatBlt
SetBkColor
ExtTextOutA
IntersectClipRect
GetTextExtentPointA
SetTextColor
SelectObject
GetDeviceCaps
CreateSolidBrush
DeleteDC
BitBlt
CreateCompatibleDC
SetBkMode
CreateDIBitmap
GetSystemPaletteEntries
CreateDIBSection
SelectPalette
GetStockObject
CreatePen
SetROP2
GetObjectA
Rectangle
Polyline
GetDIBits
CreateCompatibleBitmap
CreateFontIndirectA
CreatePalette
SetDIBColorTable
RealizePalette
GetPaletteEntries
LineTo
MoveToEx
SetTextAlign
TextOutA
GetTextMetricsA
SetPixel
StretchBlt
GdiFlush

comctl32

ord17

Exports

Exports

ActiveSprite
AddFont
AddFont16
AddImage
AddMask
AddOwnerDrawSprite
AddSong
AddSprite
BtnWndProc3d
BuildRemapTable
CloseFli
CloseSoundDevice
ColMask_Create
ColMask_CreateEx
ColMask_Fill
ColMask_FillRectangle
ColMask_Kill
ColMask_OrImage
ColMask_OrPlatform
ColMask_Scroll
ColMask_SetClip
ColMask_TestRect
ColMask_TestSprite_IXY
ColMask_ToLog
ComboWndProc3d
CreateFontIndirect16
Ctl3dAutoSubclass
Ctl3dColorChange
Ctl3dCtlColor
Ctl3dCtlColorEx
Ctl3dDlgFramePaint
Ctl3dDlgProc
Ctl3dEnabled
Ctl3dGetVer
Ctl3dRegister
Ctl3dSetStyle
Ctl3dSubclassCtl
Ctl3dSubclassDlg
Ctl3dSubclassDlgEx
Ctl3dUnregister
Ctl3dWinIniChange
Debug_WinGetObj
DefMsgProc
DelFont
DelImage
DelMask
DelSong
DelSprite
DelSpriteFast
DialHook
DialMsgHook
DialOpen
DialProc
DibToImage
DibToImageEx
DrawPopup
EditWndProc3d
EnableIt50
EndAppli
EndFullScreen
EnumFile
EnumGCProc
EnumScreenModes
FillDib
GetBankInfos
GetCptVbl
GetFontInfos
GetFontInfos16
GetGraphicExts
GetImageBits
GetImageInfos
GetImageInfosQuick
GetImageSize
GetIt50
GetKnpPalette
GetMsg
GetNearestIndex
GetOpaqueBlack
GetPicInfos
GetRGB
GetSongDatas
GetSongInfos
GetSpriteExtra
Get_AppSize
ImageToDib
IncFontCount
IncImageCount
IncSongCount
InitAppli
InitDibHeader
IsImageEmpty
IsPixelTransp
IsSongPlaying
KbHookProc
KillBank
KnpCursorProc
KnpTabProc
ListWndProc3d
LoadPicEx
LockBank
LogFont16To32
LogFont32To16
MeasurePopup
ModifOwnerDrawSprite
ModifSprite
ModifSpriteEffect
OpenFliEx
PanicHookProc
PasteSprite
PasteSpriteEffect
PlayFli
PlaySong
PurgeBank
RazCptVbl
RemapDib
ResetAppDialHook
RestartFli
RestoreRect
SCRWinOpen
SaveRect
ScreenUpdate
SetAppDialHook
SetColMode
SetDefaultPalette256
SetImageBits
SetModeAppli
SetPaletteAppli
SetSongParams
ShowSprite
SpriteAllCol_IXY
SpriteClear
SpriteCol2
SpriteCol2_IXY
SpriteCol_IXY
SpriteCol_TestPoint
SpriteDraw
SpriteSetColMode
SpriteUpdate
StartFilterHook
StartFullScreen
StartFullScreenEx
StartPanicHook
StaticProc
StaticWndProc3d
StopFilterHook
StopPanicHook
StopSong
StretchImage
StretchLog
TimerInterrupt
UnlockBank
WCDClose
WaveDone
WavePerio
WaveSetChannels
WinAddCoord
WinAddZone
WinBox
WinCaptureFli
WinCapture_Dib8
WinClip
WinCls
WinCreateFont
WinEndWait
WinFillBr
WinFillRect
WinGetFlags
WinGetHDC
WinGetHDCLog
WinGetHandle
WinGetLogRect
WinGetMCHandle
WinGrabDesktop
WinGradRect
WinGraphMode
WinGraphOp
WinLine
WinMove
WinOpen
WinOpenEx
WinPaletteChanged
WinPaper
WinPasteText
WinPen
WinPlot
WinQueryNewPalette
WinRealizePalette
WinRect
WinReleaseHDC
WinReleaseHDCLog
WinResetZones
WinScroll
WinSearch
WinSelectPalette
WinSetAccel
WinSetFlags
WinSetFont
WinSetMenu
WinSetMouse
WinSetPal
WinSetProc
WinSize
WinStartWait
WinTrackPopupMenu
_CusTabProc@16

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT_TEX
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Editor/License.txt
Editor/MarioXPEdit.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 246KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 428KB - Virtual size: 972KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Editor/Readme.txt
License.txt
MarioXP.cca
MarioXP.exe
.exe windows:4 windows x86 arch:x86

0faa7bad7dc69a9345dab39277a378e2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

cncs32

ord4
ord69
ord150
ord70
ord159
ord16
ord46
ord47
ord58
ord77
ord6
ord78
ord42
ord64
ord24
ord158
ord81
ord23
ord43
ord120
ord3
ord2
ord33
ord179
ord178
ord30
ord146
ord167
ord176
ord140
ord151
ord104
ord147
ord36
ord89
ord165
ord90
ord141
ord136
ord109
ord163
ord166
ord92
ord94
ord93
ord91
ord52
ord168
ord138
ord56
ord162
ord108
ord19
ord50
ord76
ord68
ord32
ord181
ord180
ord206
ord57
ord35
ord148
ord73
ord83
ord55
ord29
ord137
ord118
ord119
ord117
ord86
ord98
ord61
ord125
ord60
ord132
ord131
ord34
ord80
ord54
ord48
ord133
ord129
ord75
ord143
ord177
ord115
ord149
ord169
ord116
ord66
ord185
ord106
ord171
ord107
ord173
ord172
ord112
ord113
ord114
ord88
ord96
ord160
ord111
ord95
ord161
ord71
ord101
ord18
ord65
ord12

winmm

joyGetPos
timeGetTime

kernel32

GetProcAddress
GlobalSize
GlobalUnlock
GlobalFree
GlobalAddAtomA
GlobalDeleteAtom
GlobalReAlloc
FreeLibrary
SetErrorMode
LoadLibraryA
GlobalLock
GetModuleFileNameA
_lwrite
CreateProcessA
LocalFree
lstrlenA
GetPrivateProfileIntA
GlobalAlloc
lstrcpy
lstrcmp
lstrcat
lstrlen
_hread
FindResourceA
SizeofResource
LoadResource
LockResource
FreeResource
GetTickCount
_llseek
_lread
_lcreat
_lopen
_lclose
LocalAlloc
GetTempPathA
GetTempFileNameA
GetVersion
lstrcpyA
GetExitCodeProcess
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
RtlUnwind
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
LCMapStringW
WideCharToMultiByte
LCMapStringA
MultiByteToWideChar
GetCurrentProcess
TerminateProcess
ExitProcess
GetOEMCP
GetACP
GetCPInfo
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
HeapFree
HeapAlloc
HeapReAlloc
SetCurrentDirectoryA
GetCurrentDirectoryA
SetEnvironmentVariableA
DeleteFileA
GetLastError
GetStdHandle
WriteFile
GetStringTypeA
GetStringTypeW

user32

PostQuitMessage
RegisterClassA
RegisterClassExA
CheckRadioButton
LoadImageA
LoadIconA
GetClassNameA
GetTopWindow
SetCapture
GetCursorPos
SetCursorPos
ReleaseCapture
ShowCursor
GetFocus
GetPropA
SetPropA
CallWindowProcA
RemovePropA
GetSystemMetrics
IntersectRect
RedrawWindow
GetUpdateRect
IsDlgButtonChecked
GetActiveWindow
GetWindowRect
IsZoomed
SetWindowPos
GetClientRect
GetWindowLongA
SetWindowLongA
UpdateWindow
LoadMenuIndirectA
LoadMenuA
GetSubMenu
InvalidateRect
ShowWindow
DestroyMenu
GetMenu
wsprintfA
SetWindowTextA
GetMenuItemCount
GetMenuState
DeleteMenu
FillRect
SetMenu
IsIconic
CheckMenuItem
EnableMenuItem
PostMessageA
GetKeyState
SendMessageA
GetWindow
SetForegroundWindow
WinHelpA
BeginPaint
EndPaint
ClientToScreen
PtInRect
GetDC
ScreenToClient
ReleaseDC
GetDlgItem
MapVirtualKeyA
SetTimer
SetDlgItemTextA
KillTimer
SendDlgItemMessageA
GetDlgItemTextA
EndDialog
LoadStringA
MessageBoxA
CopyRect
OffsetRect
GetInputState
PeekMessageA
SetFocus
IsWindowVisible
EnumThreadWindows
GetDesktopWindow
GetAsyncKeyState

gdi32

DeleteObject
GetStockObject
CreateSolidBrush
CreatePalette
SelectObject
LineTo
MoveToEx
Rectangle
CreateHatchBrush
CreatePen
StretchDIBits
SelectPalette
RealizePalette
CreateFontIndirectA
GetObjectA
GetTextExtentPointA
GetDeviceCaps

advapi32

RegQueryValueA
RegOpenKeyA
RegCloseKey

Sections

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TEXT_1
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Readme.txt
help.chm
.chm
uninst.exe
.exe windows:4 windows x86 arch:x86

5f65217e6605a4cda5d136ec8a66748c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
CompareFileTime
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
lstrcatA
GetSystemDirectoryA
SetFileTime
CloseHandle
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
MulDiv
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
SystemParametersInfoA
RegisterClassA
EndDialog
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
CreateDialogParamA
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
InvalidateRect
CreateWindowExA
GetWindowLongA
DrawFocusRect
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
TrackPopupMenu
wsprintfA
SendMessageA
CallWindowProcA
MapWindowPoints
GetWindowRect
ScreenToClient
PtInRect
LoadCursorA
SetCursor
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
EnableWindow

gdi32

SetBkColor
GetDeviceCaps
GetCurrentObject
GetObjectA
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegEnumKeyA
RegEnumValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegQueryValueExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 312KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

5f65217e6605a4cda5d136ec8a66748c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 262KB

.ndata Size: - Virtual size: 312KB

.rsrc Size: 29KB - Virtual size: 32KB

741b6bafe355b63a372d737b30543a95

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 208B

.reloc Size: 512B - Virtual size: 412B

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 954B

7d85f9c30f9e87a65fff848de2c96ac1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 512B - Virtual size: 460B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 262KB

.ndata
Size: - Virtual size: 312KB

.rsrc
Size: 29KB - Virtual size: 32KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 208B

.reloc
Size: 512B - Virtual size: 412B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 954B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 460B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 494B

.text
Size: 129KB - Virtual size: 129KB

INIT_TEX
Size: 2KB - Virtual size: 1KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 12KB - Virtual size: 18KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 7KB - Virtual size: 6KB

CODE
Size: 246KB - Virtual size: 600KB

DATA
Size: 3KB - Virtual size: 8KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 12KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 40KB

.rsrc
Size: 428KB - Virtual size: 972KB

.aspack
Size: 8KB - Virtual size: 12KB

.adata
Size: - Virtual size: 4KB

.text
Size: 90KB - Virtual size: 89KB

TEXT_1
Size: 42KB - Virtual size: 41KB

.rdata
Size: 1024B - Virtual size: 948B

.data
Size: 13KB - Virtual size: 18KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 13KB - Virtual size: 13KB

.text
Size: 25KB - Virtual size: 25KB