E:\dailybuild_fix_5.4\wegame_client\build\bin\Release\client_reporter.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d882b6e9bfcd96741009fdb6968a75f5095db2d74582876d0be2174c981eb988.exe
Resource
win7-20240221-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
d882b6e9bfcd96741009fdb6968a75f5095db2d74582876d0be2174c981eb988.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
d882b6e9bfcd96741009fdb6968a75f5095db2d74582876d0be2174c981eb988
-
Size
2.8MB
-
MD5
864e3a0afdc60804407caed575833742
-
SHA1
d8b1aaa69a174284b77d25c887cff1bd5a13467f
-
SHA256
d882b6e9bfcd96741009fdb6968a75f5095db2d74582876d0be2174c981eb988
-
SHA512
f1852817820744d99b657859111db19694a658acc80b90fb0a3ee6db99241baf80724374d1ef6534fb251d835fd748faee4718ec753878e9c89897256662f965
-
SSDEEP
49152:BfY2c9DbotHie+z2Lq1ncATJmGPMF4BtrHPSbcAJPJEqA:Bw9D09iuLWmTFGtrPcPJx
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d882b6e9bfcd96741009fdb6968a75f5095db2d74582876d0be2174c981eb988
Files
-
d882b6e9bfcd96741009fdb6968a75f5095db2d74582876d0be2174c981eb988.exe windows:5 windows x86 arch:x86
e0b258d2d1b21cd64896b47c55af5212
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
adapt_for_imports
?Instance@CrashReportLoader@crash_report@@SAAAV12@XZ
?Uninit@CrashReportLoader@crash_report@@QAEXXZ
?UpdateUin@CrashReportLoader@crash_report@@QAEX_K@Z
?Init@CrashReportLoader@crash_report@@QAEXPB_W_K1HP6GHPAUtagCrashReportHelperCallbackInfo@@@Z0@Z
wldap32
ord301
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord60
ord211
ord46
ord217
ord143
ord200
ord30
ws2_32
getsockopt
select
shutdown
getnameinfo
gethostname
ioctlsocket
sendto
WSAStartup
listen
accept
freeaddrinfo
getaddrinfo
WSAIoctl
setsockopt
ntohs
htons
recvfrom
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
__WSAFDIsSet
socket
WSACleanup
WSAGetLastError
common
?GetFileSha1@ZEN_LIB@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@@Z
?extract_name@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV34@@Z
?GetFileLength@common@ierd_tgp@@YA_KABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?get_global_proxy_info@net@ierd_tgp@@YA_NPAUproxy_info_t@12@@Z
?get_proxy_for_url_v2@net@ierd_tgp@@YA_NPBDPAUproxy_info_t@12@@Z
?get_app_sub_path@Application@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V45@@Z
?report@Qos@qos@adapt_for_imports@ierd_tgp@@QAE_NABUQos_data_base@234@W4Qos_occasion@234@@Z
?set_bind_game_id@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXAB_K@Z
?set_channel_id@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXABH@Z
?set_uid@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?set_session_id@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?exit_app@Application@common@ierd_tgp@@QAEXH@Z
?instance@Application@common@ierd_tgp@@SAPAV123@XZ
?set_machine_id@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?set_ver@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXABUversion_t@common@4@@Z
?u16_to_loc@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z
?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z
?u8to16@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z
?to_string@version_t@common@ierd_tgp@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?get_qos_instance@qos@adapt_for_imports@ierd_tgp@@YAAAVQos@123@XZ
?AddFilesToZip@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV?$unordered_map@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$hash@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@U?$equal_to@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@@2@@4@_N@Z
??0Application@common@ierd_tgp@@QAE@HQAPAD_NKK1ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1Application@common@ierd_tgp@@UAE@XZ
?get_session_id@Application@common@ierd_tgp@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?get_machine_id@Application@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?get_exe_path@Application@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?set_app_path@Application@common@ierd_tgp@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?get_version@Application@common@ierd_tgp@@UAE?AUversion_t@23@XZ
?process@Application@common@ierd_tgp@@QAEXXZ
?before_exit@Application@common@ierd_tgp@@EAEXXZ
?extract_path@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV34@@Z
?gen_relative_path@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0AAV34@@Z
?get_cfg_by_path@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_ptree@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@property_tree@boost@@_N@Z
?WaitForStop@Qos@qos@adapt_for_imports@ierd_tgp@@QAE_NI@Z
?set_client_version_type@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXH@Z
?get_log_instance@base@@YAPAVILogger@1@XZ
?GetQQLoginList@common@ierd_tgp@@YAXAAKPADH@Z
?MainThreadTaskUpdate@common@ierd_tgp@@YAXXZ
?get_client_id@util_client_info@ierd_tgp@@YAHXZ
?sha1@ZEN_LIB@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBEI@Z
kernel32
OutputDebugStringW
WaitForSingleObjectEx
CreateEventW
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
ReleaseSemaphore
WaitForMultipleObjectsEx
OpenEventA
SetWaitableTimer
ResumeThread
CreateWaitableTimerA
LocalFree
IsDebuggerPresent
LoadLibraryW
ConvertThreadToFiber
ConvertFiberToThread
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetSystemTime
FormatMessageW
CreateFiber
DeleteFiber
SwitchToFiber
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
GetEnvironmentVariableW
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThreadId
VerifyVersionInfoA
LoadLibraryA
GetModuleHandleA
GetSystemDirectoryA
VerSetConditionMask
FormatMessageA
SetLastError
FreeLibrary
WaitForMultipleObjects
PeekNamedPipe
ReadFile
ExpandEnvironmentStringsA
GetProcAddress
GetModuleHandleW
WriteFile
GetFileType
GetStdHandle
GetTickCount
SleepEx
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
QueryPerformanceFrequency
QueryPerformanceCounter
DeleteFileW
GetSystemInfo
Sleep
MultiByteToWideChar
WideCharToMultiByte
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
TerminateThread
SetEvent
ResetEvent
WaitForSingleObject
FindClose
CloseHandle
DuplicateHandle
CreateEventA
GetCommandLineA
FindFirstFileW
FindNextFileW
user32
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW
shell32
SHFileOperationW
advapi32
InitializeSecurityDescriptor
CryptGenRandom
SetSecurityDescriptorDacl
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
msvcp140
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?is@?$ctype@D@std@@QBE_NFD@Z
?widen@?$ctype@D@std@@QBEDD@Z
?narrow@?$ctype@D@std@@QBEDDD@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Syserror_map@std@@YAPBDH@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?exceptions@ios_base@std@@QAEXH@Z
?flags@ios_base@std@@QAEHH@Z
?precision@ios_base@std@@QAE_J_J@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
?_Xbad_alloc@std@@YAXXZ
?eof@ios_base@std@@QBE_NXZ
?fail@ios_base@std@@QBE_NXZ
?bad@ios_base@std@@QBE_NXZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??Bid@locale@std@@QAEIXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?flags@ios_base@std@@QBEHXZ
?unsetf@ios_base@std@@QAEXH@Z
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
crypt32
CertFreeCertificateContext
CertCloseStore
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertFindCertificateInStore
CertOpenStore
vcruntime140
_purecall
memcpy
memmove
memset
__CxxFrameHandler3
_CxxThrowException
__std_exception_copy
__std_exception_destroy
__std_type_info_compare
memchr
memcmp
__std_type_info_name
strrchr
strchr
strstr
wcsstr
__std_terminate
_except_handler4_common
__RTDynamicCast
api-ms-win-crt-runtime-l1-1-0
_c_exit
_errno
signal
_register_thread_local_exe_atexit_callback
__p___argv
__sys_nerr
strerror
_getpid
_controlfp_s
_beginthreadex
_cexit
terminate
_get_initial_narrow_environment
exit
_initterm_e
strerror_s
_invalid_parameter_noinfo_noreturn
_register_onexit_function
raise
_exit
_configure_narrow_argv
_seh_filter_exe
_initterm
_set_app_type
_initialize_narrow_environment
__p___argc
_crt_atexit
_initialize_onexit_table
api-ms-win-crt-string-l1-1-0
_strdup
strlen
isspace
strcmp
strpbrk
strspn
tolower
_strnicmp
isxdigit
strcspn
wcscpy_s
wcslen
isprint
strncpy
strncmp
isalnum
_stricmp
api-ms-win-crt-time-l1-1-0
_gmtime64
_time32
_localtime32_s
_time64
_gmtime64_s
api-ms-win-crt-stdio-l1-1-0
fgets
fputs
__stdio_common_vsscanf
fseek
fopen
__stdio_common_vsprintf_s
ftell
_open
_close
__stdio_common_vsnprintf_s
__stdio_common_vswprintf
_wfopen_s
_write
_read
_set_fmode
setvbuf
_lseeki64
_fseeki64
fsetpos
__p__commode
__acrt_iob_func
fread
fgetpos
fputc
fwrite
feof
ferror
_fileno
_setmode
clearerr
setbuf
fgetc
fflush
fclose
__stdio_common_vsprintf
__stdio_common_vfprintf
_get_stream_buffer_pointers
_wfopen
ungetc
api-ms-win-crt-filesystem-l1-1-0
_stat64i32
_stat64
_unlock_file
_lock_file
_waccess
_access
_fstat64
_fstat64i32
api-ms-win-crt-convert-l1-1-0
strtoll
strtoul
strtol
atoi
api-ms-win-crt-math-l1-1-0
_dtest
_dsign
_ldtest
_except1
__setusermatherr
api-ms-win-crt-locale-l1-1-0
localeconv
_configthreadlocale
api-ms-win-crt-heap-l1-1-0
malloc
free
_set_new_mode
calloc
_callnewh
realloc
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-environment-l1-1-0
getenv
Sections
.text Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 518KB - Virtual size: 517KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 22KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 826KB - Virtual size: 828KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE