a01671e6d91e179c5475f22c7c1b987741e89ccd9cc1678ddad1bf771ddb451c

Sharing

Copy URL

Twitter E-mail

General

Target

a01671e6d91e179c5475f22c7c1b987741e89ccd9cc1678ddad1bf771ddb451c
Size

8.1MB
MD5

ce3398c0d950fcfe26bf1eaaa0790f76
SHA1

4f096535c34b608e283ef58b0dfe61cc0e496fe0
SHA256

a01671e6d91e179c5475f22c7c1b987741e89ccd9cc1678ddad1bf771ddb451c
SHA512

85b9762ce5740d161592964527f40d098a166d77316459772ea383b864402b2f152074389ef075105b9b8d4b32fc4d79221bf17075a0a5816c6531290512c894
SSDEEP

196608:b6SLrwUtXnrwfKsjd4zEQItr7crY16+ktEQYklNAQ30kTUU8GqWXhRe:mswCwfKzIQAnc81KQsD3DTaGqWXXe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a01671e6d91e179c5475f22c7c1b987741e89ccd9cc1678ddad1bf771ddb451c

Files

a01671e6d91e179c5475f22c7c1b987741e89ccd9cc1678ddad1bf771ddb451c
.exe windows:5 windows x86 arch:x86

b09076bf9de8eb2ee55fde673c68284c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\.jenkins\workspace\WeiDuanGame\MicroGame\MicroGameBox\Release\MicroGameBox.pdb

Imports

kernel32

GetModuleFileNameW
LoadLibraryExW
lstrcmpiW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetErrorMode
GetCurrentThreadId
GetProcAddress
FreeLibrary
InterlockedDecrement
CloseHandle
CreateEventW
LoadLibraryW
DeleteFileW
CopyFileW
MoveFileW
GetTickCount64
lstrcmpW
GetCommandLineW
GetTickCount
SetLastError
InterlockedIncrement
GetModuleHandleW
MultiByteToWideChar
WideCharToMultiByte
GetShortPathNameW
FindResourceExW
FindResourceW
SizeofResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
SetEvent
lstrcpynW
CreateProcessW
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MoveFileExW
FindNextFileW
FindFirstFileW
GetFileAttributesW
SetFileAttributesW
CreateFileW
GetFullPathNameW
RemoveDirectoryW
GetTempFileNameW
lstrlenW
FindClose
SetFilePointer
WriteFile
GetExitCodeProcess
TerminateProcess
GetCurrentProcessId
WaitForSingleObject
ReleaseSemaphore
HeapAlloc
HeapDestroy
VirtualProtect
GetThreadTimes
UnregisterWait
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SignalObjectAndWait
CreateTimerQueue
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
GetFileType
FreeLibraryAndExitThread
ExitThread
InterlockedFlushSList
RtlUnwind
GetSystemWindowsDirectoryW
CreateFileA
lstrcmpiA
lstrcmpA
DeviceIoControl
DosDateTimeToFileTime
LocalFileTimeToFileTime
CreateDirectoryW
GetSystemDirectoryW
UnregisterWaitEx
RegisterWaitForSingleObject
QueryDepthSList
WaitForMultipleObjects
LockResource
GetCurrentProcess
OutputDebugStringA
GetModuleHandleExW
GetModuleHandleExA
GetModuleHandleA
SetFileTime
SetFilePointerEx
GetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
EncodePointer
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
LoadLibraryExA
GetStringTypeW
FormatMessageW
DuplicateHandle
WaitForSingleObjectEx
Sleep
SwitchToThread
GetCurrentThread
GetNativeSystemInfo
TryEnterCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
QueryPerformanceFrequency
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
GetFileSize
ReadFile
FlushFileBuffers
LocalFree
ReleaseMutex
CreateMutexW
GetVersionExW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetFileSizeEx
GetACP
FreeResource
ExitProcess
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
IsBadReadPtr
GlobalFree
ResetEvent
GetVersion
InterlockedExchange
InterlockedCompareExchange
ResumeThread
GetLocalTime
SetEndOfFile
GetTempPathW
CreateThread
SetThreadPriority
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
DecodePointer

user32

GetWindowRect
GetCursorPos
ScreenToClient
MapWindowPoints
PtInRect
LoadIconW
SystemParametersInfoW
MonitorFromWindow
GetMonitorInfoW
CallWindowProcW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
GetWindowLongW
SetWindowLongW
LoadCursorW
GetMessageW
TranslateMessage
DispatchMessageW
GetSystemMetrics
FindWindowW
GetClientRect
SetForegroundWindow
SwitchToThisWindow
UpdateWindow
wsprintfW
wvsprintfW
SetCursor
InflateRect
OffsetRect
SendMessageW
IsChild
UpdateLayeredWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
BeginPaint
EndPaint
KillTimer
InvalidateRect
IsRectEmpty
GetParent
GetClassNameW
GetWindow
RegisterClassW
EnableWindow
GetMenu
SetPropW
GetPropW
AdjustWindowRectEx
CopyRect
IntersectRect
IsIconic
SetWindowRgn
FindWindowExW
CharPrevW
DrawTextW
SetRect
DrawIconEx
CreateCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
GetSysColor
RemovePropW
GetWindowDC
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
CreateAcceleratorTableW
InvalidateRgn
FillRect
PeekMessageW
WaitMessage
CallMsgFilterW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
SetFocus
IsZoomed
IsWindowVisible
SetWindowPos
ShowWindow
IsWindow
PostQuitMessage
MessageBoxW
LoadImageW
GetDC
ReleaseDC
GetIconInfo
MoveWindow
DestroyIcon
PostMessageW
CharNextW
RegisterWindowMessageW
DestroyWindow
DefWindowProcW
UnregisterClassW
GetUpdateRect

gdi32

CreateRectRgnIndirect
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectW
CreatePen
DeleteDC
GetStockObject
GetTextExtentPoint32W
Rectangle
RestoreDC
SaveDC
SelectObject
GetTextMetricsW
GetObjectW
SetWindowOrgEx
CreateRoundRectRgn
CombineRgn
StretchBlt
GetCharABCWidthsW
GetClipBox
LineTo
RoundRect
SelectClipRgn
ExtSelectClipRgn
SetBkColor
GetDIBits
DeleteObject
SetBkMode
SetStretchBltMode
SetTextColor
CreateDIBSection
MoveToEx
TextOutW
ExtTextOutW
GetDeviceCaps
CreateDCW
SetDIBitsToDevice
CreateSolidBrush

advapi32

RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegCreateKeyW
GetTokenInformation

shell32

ShellExecuteW
Shell_NotifyIconW
SHCreateDirectoryExW
SHChangeNotify
SHGetSpecialFolderPathW
ShellExecuteExW
SHFileOperationW
ord165

ole32

CoCreateGuid
OleLockRunning
CLSIDFromString
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CLSIDFromProgID
CoInitialize

oleaut32

VariantClear
SysFreeString
VarUI4FromStr
VariantInit
SafeArrayPutElement
SysAllocString
SysAllocStringLen
SafeArrayCreate

shlwapi

StrStrIA
SHGetValueA
SHSetValueA
StrCmpNIW
StrStrIW
StrCmpIW
PathFileExistsW
PathIsDirectoryW
PathRemoveFileSpecW
SHDeleteKeyW
StrCpyW
PathCombineW
PathFindFileNameW
AssocQueryStringW
SHGetValueW
SHSetValueW
StrTrimA

comctl32

ord17
InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipGraphicsClear
GdipDrawImageRectI
GdipCreatePath
GdipDeletePath
GdipClosePathFigure
GdipAddPathArcI
GdipCreateTexture
GdipSaveImageToFile
GdipGetImageGraphicsContext
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdiplusStartup
GdiplusShutdown
GdipImageGetFrameCount
GdipAlloc
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateHBITMAPFromBitmap
GdipCloneBitmapAreaI
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipSetInterpolationMode
GdipFillPath
GdipDrawImagePointsI
GdipDrawImageRectRectI
GdipGetImageEncodersSize
GdipGetImageEncoders
ord1
GdipCreatePen1
GdipDeletePen
GdipDrawPath
GdipDrawEllipseI
GdipLoadImageFromStream
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipFillEllipseI
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStreamICM

psapi

EnumProcessModules
EnumProcesses
GetModuleFileNameExW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

InternetSetCookieW
InternetGetConnectedState
InternetCrackUrlW
InternetGetCookieExW

iphlpapi

GetAdaptersInfo

crypt32

CertGetNameStringW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

winmm

timeGetTime
timeBeginPeriod
timeEndPeriod

msimg32

GradientFill
AlphaBlend

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 293KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26.2MB - Virtual size: 26.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b09076bf9de8eb2ee55fde673c68284c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

psapi

version

wininet

iphlpapi

crypt32

wintrust

winmm

msimg32

urlmon

imm32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 293KB - Virtual size: 292KB

.data Size: 28KB - Virtual size: 42KB

.rsrc Size: 26.2MB - Virtual size: 26.2MB

.reloc Size: 73KB - Virtual size: 73KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 293KB - Virtual size: 292KB

.data
Size: 28KB - Virtual size: 42KB

.rsrc
Size: 26.2MB - Virtual size: 26.2MB

.reloc
Size: 73KB - Virtual size: 73KB