9462b76ac528bdec226b714ce6e8756fff28f33048897ed1e11ec73218e8d1e4[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

9462b76ac528bdec226b714ce6e8756fff28f33048897ed1e11ec73218e8d1e4.rar
Size

2.8MB
MD5

a781e898912c5867f754464b3aecbbc9
SHA1

07d87e1b95980a5fffa6a482d31fa68f07b370b7
SHA256

b58f6ff8c85ecf07deb63c9933dc2ce353b0ec585949c2ad446a0709dd913aac
SHA512

f09753e3387786179456ea5b78b7b1a0113171fadceaed9927f3f0415fd54923685ea0673d0f775c6b735c317d7631a812d6a872ad0b5d7a498ecb4a3f5c4b14
SSDEEP

49152:F/nhBJYqNyxfxR7YaL/WfeTZ0ztl3NOu947YRBZ2nwNB4KgHbmKd0KiP0I+DnDqD:VnHJYqNy1H7ofc0ztlR47YRBZ6X7td0J

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/GameClient.exe
unpack001/GameService.exe

Files

9462b76ac528bdec226b714ce6e8756fff28f33048897ed1e11ec73218e8d1e4.rar
.rar
GameClient.exe
.exe windows:4 windows x64 arch:x64

c3adc5771b3aafa51531b4d0db0e5dae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memset
strncpy
strlen
strcpy
strcat
_stricmp
strncmp
_strnicmp
memcpy
_isnan
_finite
memmove
strstr
sprintf
setlocale
atof
strcmp
tolower
wcslen
_localtime64
_mktime64
_itoa
_gmtime64
malloc
free

kernel32

GetModuleHandleA
HeapCreate
HeapDestroy
ExitProcess
EnterCriticalSection
WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
LoadLibraryA
GetProcAddress
DeleteCriticalSection
CreateThread
GetCommandLineA
GetCurrentProcess
DuplicateHandle
CreatePipe
GetStdHandle
HeapAlloc
CreateProcessA
HeapFree
PeekNamedPipe
ReadFile
GetLastError
TerminateProcess
GetExitCodeProcess
HeapReAlloc
WideCharToMultiByte
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetTickCount
TlsGetValue
FreeLibrary
Sleep
GetProcessAffinityMask
GetTempPathA
GetDriveTypeA
FindFirstFileA
FindClose
GetFileAttributesA
SetFileAttributesA
DeleteFileA
WriteFile
CreateFileA
SetFilePointer
GetLocalTime
AllocConsole
GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
SetConsoleTitleA
FlushFileBuffers
SetConsoleMode
ReadConsoleA
SetConsoleTextAttribute
WriteConsoleA
TlsFree
SetLastError
WaitForMultipleObjects
GetCurrentThread
CreateSemaphoreA
ReleaseSemaphore
MultiByteToWideChar

shell32

ShellExecuteExA

wsock32

closesocket
WSACleanup
WSAStartup
gethostname
connect
socket
inet_addr
gethostbyname
htons
bind
ioctlsocket
select
__WSAFDIsSet
recvfrom
recv
send
sendto

winmm

timeBeginPeriod

user32

CharUpperA
CharLowerA

Sections

.code
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15.4MB - Virtual size: 15.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
GameService.exe
.exe windows:5 windows x86 arch:x86

18e3eac3e047c2416ca9a716d742272f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathUnquoteSpacesW
PathFindExtensionW

kernel32

CreateThread
SetHandleInformation
CreatePipe
DuplicateHandle
GetCommandLineW
TlsAlloc
GetProcessTimes
OpenProcess
Thread32Next
Thread32First
CreateToolhelp32Snapshot
GenerateConsoleCtrlEvent
SetConsoleCtrlHandler
GetExitCodeProcess
Process32NextW
Process32FirstW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetWindowsDirectoryW
DeleteCriticalSection
UnregisterWait
WaitForSingleObject
LeaveCriticalSection
SetWaitableTimer
EnterCriticalSection
ResumeThread
SetProcessAffinityMask
RegisterWaitForSingleObject
GetSystemTimeAsFileTime
CreateWaitableTimerW
InitializeCriticalSection
ReadFile
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
HeapSize
RtlUnwind
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
VirtualAlloc
HeapReAlloc
GetTickCount
QueryPerformanceCounter
VirtualFree
SetLastError
HeapCreate
SetStdHandle
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetFileInformationByHandle
Sleep
SystemTimeToFileTime
CloseHandle
CompareFileTime
FileTimeToSystemTime
MoveFileW
GetSystemTime
CreateFileW
SetFilePointer
SetEndOfFile
WriteFile
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcess
GetProcessAffinityMask
FindResourceExW
LoadResource
GetModuleHandleW
LocalFree
TlsGetValue
LocalAlloc
TlsSetValue
GetUserDefaultLangID
FormatMessageW
GetModuleFileNameW
CreateProcessW
TerminateProcess
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
AllocConsole
SetConsoleTitleW
GetStdHandle
FillConsoleOutputAttribute
FillConsoleOutputCharacterW
GetConsoleWindow
GetCurrentProcessId
FreeConsole
GetProcessHeap
HeapAlloc
GetComputerNameW
HeapFree
GetLastError
GetCurrentThreadId
TlsFree
IsValidCodePage
MultiByteToWideChar
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
GetModuleFileNameA

user32

EnumWindows
PostThreadMessageW
PostMessageW
LoadImageW
SetWindowLongW
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
PostQuitMessage
ShowWindow
SetFocus
GetWindowLongW
CheckRadioButton
SetWindowPos
SetDlgItemInt
SetDlgItemTextW
SendMessageW
GetDlgItemTextW
GetDlgItem
EnableWindow
GetDlgItemInt
SendDlgItemMessageW
GetWindowRect
GetDesktopWindow
MoveWindow
CreateDialogIndirectParamW
MessageBoxW
MessageBoxIndirectW
GetSystemMenu
EnableMenuItem
GetWindowThreadProcessId
GetSystemMetrics

comdlg32

GetOpenFileNameW

advapi32

CreateServiceW
StartServiceW
ControlService
SetServiceStatus
DeleteService
QueryServiceConfig2W
ChangeServiceConfig2W
ChangeServiceConfigW
QueryServiceConfigW
OpenServiceW
GetServiceKeyNameW
EnumServicesStatusW
OpenSCManagerW
QueryServiceStatus
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
StartServiceCtrlDispatcherW
AllocateAndInitializeSid
CheckTokenMembership
RegDeleteValueW
IsTextUnicode
RegisterEventSourceW
ReportEventW
DeregisterEventSource
GetServiceDisplayNameW
CloseServiceHandle
LsaEnumerateAccountRights
LsaAddAccountRights
FreeSid
LsaLookupSids
LsaClose
LsaLookupNames
LsaFreeMemory
IsValidSid
GetSidSubAuthorityCount
GetSidLengthRequired
GetSidIdentifierAuthority
InitializeSid
GetSidSubAuthority
LsaOpenPolicy
LsaNtStatusToWinError
RegisterServiceCtrlHandlerExW

shell32

ShellExecuteExW

Sections

.text
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
install.bat

Sharing

General

Malware Config

Signatures

Files

c3adc5771b3aafa51531b4d0db0e5dae

Headers

File Characteristics

Imports

msvcrt

kernel32

shell32

wsock32

winmm

user32

Sections

.code Size: 49KB - Virtual size: 48KB

.text Size: 46KB - Virtual size: 45KB

.pdata Size: 3KB - Virtual size: 3KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 15.4MB - Virtual size: 15.4MB

18e3eac3e047c2416ca9a716d742272f

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

comdlg32

advapi32

shell32

Sections

.text Size: 111KB - Virtual size: 111KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 152KB - Virtual size: 151KB

.code
Size: 49KB - Virtual size: 48KB

.text
Size: 46KB - Virtual size: 45KB

.pdata
Size: 3KB - Virtual size: 3KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 15.4MB - Virtual size: 15.4MB

.text
Size: 111KB - Virtual size: 111KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 152KB - Virtual size: 151KB