aa6eb117e4186a04fa550d084f01c87848425b04f13aa93016867069d30f8e0e

Sharing

Copy URL Twitter E-mail

General

Target

aa6eb117e4186a04fa550d084f01c87848425b04f13aa93016867069d30f8e0e
Size

8.4MB
MD5

3465c5dad8ceff31640cd14e83d11c81
SHA1

cccbc21fa4b4d87a3e9c925c501e700a030f34a5
SHA256

aa6eb117e4186a04fa550d084f01c87848425b04f13aa93016867069d30f8e0e
SHA512

00b2a6b996be4ab316bfe7ae19df782139905c317fc906d182b98ae7b49089643f7e716fe501919954bac64b2779a50fde60d77e524003ea172d8b5cfb71bedd
SSDEEP

196608:DT4wHh2VDTReTRIq7ZwG5eWWi/zio/iWa:DT/pZDwWrX/Ja

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa6eb117e4186a04fa550d084f01c87848425b04f13aa93016867069d30f8e0e

Files

aa6eb117e4186a04fa550d084f01c87848425b04f13aa93016867069d30f8e0e
.exe windows:5 windows x86 arch:x86

fdb885e42ea4d52e6252510f303d1363

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\WorkPlace\AndroidEmulator\7KMarket_Release_Packet\Basic\Client\Output\Binfinal\GameDownload\GameDownload.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW

ws2_32

WSASocketW
bind
ioctlsocket
setsockopt
send
inet_addr
WSAJoinLeaf
WSAGetLastError
recv
select
freeaddrinfo
closesocket
gethostbyname
listen
getpeername
connect
socket
getaddrinfo
shutdown
htons
sendto
WSACreateEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
gethostname
WSASetLastError
getsockopt
getsockname
__WSAFDIsSet
accept
inet_ntoa
ntohl
ntohs
htonl
WSACleanup
WSAStartup
recvfrom

imm32

ImmDisableIME

kernel32

UnhandledExceptionFilter
GetCurrentProcess
DeviceIoControl
GetDiskFreeSpaceExW
GetLogicalDrives
GetDriveTypeW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetExitCodeProcess
OpenProcess
TerminateProcess
DeleteFileW
GetSystemInfo
GlobalMemoryStatusEx
OutputDebugStringW
GetModuleFileNameW
GetCommandLineW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileSectionW
GetFileAttributesExA
DeleteFileA
GetLocaleInfoW
GetEnvironmentVariableW
GetSystemTime
SystemTimeToFileTime
GetModuleFileNameA
GetFileAttributesExW
FindFirstFileW
RemoveDirectoryW
FindNextFileW
FindClose
GetFullPathNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetLocalTime
GetTickCount
InterlockedExchangeAdd
MoveFileW
GetCurrentThreadId
FormatMessageW
GetVersion
GetFileAttributesW
MoveFileExW
CopyFileW
VirtualAlloc
VirtualFree
ExpandEnvironmentStringsW
GetLongPathNameW
CreateDirectoryW
lstrcmpW
LocalFileTimeToFileTime
SetFileTime
FileTimeToSystemTime
InitializeCriticalSection
SearchPathW
lstrcpynW
VirtualQuery
GetCurrentProcessId
WriteProcessMemory
SetUnhandledExceptionFilter
Thread32First
Thread32Next
OpenThread
SuspendThread
DuplicateHandle
Module32FirstW
Module32NextW
SetErrorMode
WaitForMultipleObjects
ReadProcessMemory
VirtualAllocEx
RaiseException
GetACP
FreeResource
GetVersionExW
GetWindowsDirectoryW
CreatePipe
SetHandleInformation
PeekNamedPipe
LoadLibraryExW
DecodePointer
SetLastError
lstrcmpiW
ResetEvent
lstrlenW
GetTempFileNameW
GetComputerNameW
FindResourceExW
IsDBCSLeadByte
GlobalFree
UnmapViewOfFile
TryEnterCriticalSection
TlsSetValue
GetQueuedCompletionStatus
PostQueuedCompletionStatus
TlsAlloc
TlsGetValue
TlsFree
CreateIoCompletionPort
IsDebuggerPresent
GetSystemDefaultLangID
SwitchToThread
K32GetModuleFileNameExA
IsBadReadPtr
IsBadWritePtr
GetVersionExA
SetEndOfFile
CreateFileA
CreateDirectoryA
GetPrivateProfileIntA
CreateEventW
GetStdHandle
GetCPInfo
SleepEx
FormatMessageA
GetFileType
ExpandEnvironmentStringsA
SetConsoleCtrlHandler
GetTimeZoneInformation
SetStdHandle
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
ReadConsoleW
GetConsoleMode
ExitProcess
SetEnvironmentVariableA
GetFullPathNameA
SystemTimeToTzSpecificLocalTime
GetModuleHandleExW
ResumeThread
ExitThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
VirtualProtect
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
LoadLibraryExA
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThread
EncodePointer
IsProcessorFeaturePresent
QueueUserWorkItem
GetStringTypeW
QueryPerformanceFrequency
QueryPerformanceCounter
AreFileApisANSI
FindFirstFileExW
MapViewOfFile
CreateFileMappingW
WaitForSingleObjectEx
LoadLibraryA
SetEvent
FindResourceW
LoadResource
LockResource
GlobalLock
GlobalAlloc
SizeofResource
Sleep
InterlockedExchange
InterlockedCompareExchange
CreateProcessW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
InterlockedIncrement
OpenMutexW
WriteFile
SetFilePointerEx
GetFileSize
ReadFile
SetFilePointer
GetModuleHandleW
GetLastError
CreateFileW
LocalFree
SetConsoleMode
LocalAlloc
FreeLibrary
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
WideCharToMultiByte
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexW
MultiByteToWideChar
GetPrivateProfileStringA
DeleteCriticalSection
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringA
WriteConsoleW
GetThreadContext
SetThreadContext
CreateMutexA
HeapCreate
GetDiskFreeSpaceW
LockFile
UnlockFileEx
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
HeapCompact
UnlockFile
CreateFileMappingA
LockFileEx
GlobalMemoryStatus
FlushConsoleInputBuffer
ReadConsoleInputA
GetTempPathW

user32

CreateWindowExA
RegisterClassExA
DefWindowProcW
DestroyWindow
ReleaseDC
GetDC
CopyImage
SendMessageTimeoutW
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
LoadImageW
FindWindowW
MonitorFromWindow
GetMonitorInfoW
PostMessageW
GetWindowTextW
GetWindowTextLengthW
GetSysColor
PostQuitMessage
KillTimer
wsprintfW
EnumDisplayDevicesW
GetSystemMetrics
GetDesktopWindow
SetWindowLongW
GetWindowLongW
CreateWindowExW
SendMessageW
MoveWindow
SetWindowPos
GetWindowRect
GetClientRect
ClientToScreen
MapWindowPoints
GetWindowDC
InvalidateRect
ShowWindow
IsWindowEnabled
DrawEdge
TrackPopupMenu
DrawIconEx
EnableWindow
SetActiveWindow
GetWindow
GetParent
GetDlgItem
SetWindowRgn
IsWindow
LoadStringW
UnregisterClassW
CharNextW
FillRect
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
CopyRect
SetRect
InflateRect
OffsetRect
FrameRect
MsgWaitForMultipleObjects
GetActiveWindow
CallWindowProcW
GetKeyState
SetWindowTextW
GetSystemMenu
BeginPaint
EndPaint
UpdateWindow
IsWindowVisible
SetTimer
SetCapture
ShowScrollBar
GetDlgCtrlID
ReleaseCapture
PostThreadMessageW
LoadIconW
DrawTextW
DrawFrameControl
EqualRect
PtInRect
GetQueueStatus
MsgWaitForMultipleObjectsEx
WaitMessage
SetCursor

gdi32

LineTo
MoveToEx
GetTextExtentPoint32W
SetRectRgn
OffsetRgn
Rectangle
ExtSelectClipRgn
CreateRectRgnIndirect
CreatePen
SetTextColor
CreateBitmap
CombineRgn
CreateRectRgn
ExtTextOutW
SetBkColor
CreateDIBSection
GetObjectW
GetStockObject
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
GetTextMetricsW
SelectObject
CreateFontIndirectW
GetDeviceCaps
SetPixelFormat
ChoosePixelFormat
SetBkMode
TextOutW
RoundRect
SelectClipRgn
GetClipRgn
RestoreDC
SaveDC
RectInRegion
GetCurrentObject
CreateSolidBrush
StretchBlt

advapi32

QueryServiceStatusEx
RegDeleteValueW
CloseServiceHandle
ReportEventA
RegisterEventSourceA
DeregisterEventSource
CryptGenRandom
CryptAcquireContextW
RegEnumKeyW
RegOpenKeyExA
ControlService
OpenServiceW
OpenSCManagerW
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueW
LookupPrivilegeNameW
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegDeleteKeyW

shell32

ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
ord165
SHGetFolderPathA
CommandLineToArgvW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHFileOperationW
ShellExecuteExW

ole32

CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
CoCreateGuid
CoTaskMemRealloc
CoInitialize
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysFreeString
SysAllocString
SysStringLen
VarUI4FromStr
OleLoadPicture

shlwapi

StrStrIA
StrCpyW
StrCmpW
PathAppendW
StrToIntA
PathFindFileNameW
SHDeleteKeyW
SHGetValueW
PathIsDirectoryW
PathRemoveFileSpecA
PathAddBackslashW
PathFileExistsW
wnsprintfW
StrStrIW
PathRemoveFileSpecW

imagehlp

MapAndLoad
UnMapAndLoad

d3d9

Direct3DCreate9

opengl32

glGetString
wglGetProcAddress
wglDeleteContext
wglMakeCurrent
wglCreateContext

wininet

InternetCanonicalizeUrlW
InternetCrackUrlW
HttpQueryInfoW
InternetCloseHandle
InternetReadFile
InternetSetOptionW
InternetQueryOptionW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetConnectW
InternetOpenW
DeleteUrlCacheEntryW
InternetCreateUrlW

winmm

timeSetEvent
timeKillEvent

comctl32

_TrackMouseEvent
InitCommonControlsEx

gdiplus

GdipCreateBitmapFromStream
GdipCloneImage
GdipDrawImageI
GdipAlloc
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectI
GdipDrawImageRectRectI
GdipGetImageWidth
GdipGetImageHeight
GdipCreateHBITMAPFromBitmap
GdiplusShutdown
GdiplusStartup
GdipLoadImageFromStream
GdipDisposeImage
GdipFree

urlmon

URLDownloadToFileW

winhttp

WinHttpOpen
WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpWriteData
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpCloseHandle

iphlpapi

IcmpCreateFile
IcmpCloseHandle
GetIpForwardTable
IcmpSendEcho

netapi32

NetWkstaTransportEnum
NetApiBufferFree
Netbios

wldap32

ord50
ord22
ord26
ord27
ord32
ord33
ord60
ord79
ord30
ord200
ord301
ord143
ord211
ord35
ord46
ord41

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 799KB - Virtual size: 799KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 74KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 21B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.QMGuid
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tvm0
Size: 37KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fdb885e42ea4d52e6252510f303d1363

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

psapi

ws2_32

imm32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

imagehlp

d3d9

opengl32

wininet

winmm

comctl32

gdiplus

urlmon

winhttp

iphlpapi

netapi32

wldap32

Exports

Exports

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 799KB - Virtual size: 799KB

.data Size: 74KB - Virtual size: 98KB

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 21B

.QMGuid Size: 512B - Virtual size: 48B

.rsrc Size: 4.0MB - Virtual size: 4.0MB

.tvm0 Size: 37KB - Virtual size: 40KB

.reloc Size: 228KB - Virtual size: 228KB

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 799KB - Virtual size: 799KB

.data
Size: 74KB - Virtual size: 98KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 21B

.QMGuid
Size: 512B - Virtual size: 48B

.rsrc
Size: 4.0MB - Virtual size: 4.0MB

.tvm0
Size: 37KB - Virtual size: 40KB

.reloc
Size: 228KB - Virtual size: 228KB