2ebe5705993099b90cf8e01677a440dc8aa87969eaf7447f3c6e0f9fbd4aa5a8

Sharing

Copy URL Twitter E-mail

General

Target

2ebe5705993099b90cf8e01677a440dc8aa87969eaf7447f3c6e0f9fbd4aa5a8
Size

645KB
MD5

229483bd6e6a0637f1666534d35cb06a
SHA1

ea4ce0e2f32d23836fd1ec834eed4c085629a383
SHA256

2ebe5705993099b90cf8e01677a440dc8aa87969eaf7447f3c6e0f9fbd4aa5a8
SHA512

4f28f22b162cdd32e9b33cbbe3ecb7e4aaa7e6aaddc9d9cc6ef2041c6c849084e444ca4014d3fb24665beed03054194008e0db77f91eaa51091c785c7a778464
SSDEEP

12288:hCjEGCKf7E6Li7ZnECtxaVkb2iWzIu/mXrHUkz65Od1DbYaaiGK5innm:hCjEG5TEaMfgkbHV7b6ybDzGK4nm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ebe5705993099b90cf8e01677a440dc8aa87969eaf7447f3c6e0f9fbd4aa5a8

Files

2ebe5705993099b90cf8e01677a440dc8aa87969eaf7447f3c6e0f9fbd4aa5a8
.exe windows:6 windows x86 arch:x86

c6f562b3b75e0f66f42083bf6d22093f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Code\thunder11\xlgame\bin\Release\XLGame.pdb

Imports

kernel32

LoadResource
LockResource
SizeofResource
FindResourceW
LoadLibraryW
GlobalAddAtomW
GlobalFindAtomW
GetPrivateProfileStringW
WritePrivateProfileStringW
SetDllDirectoryW
CopyFileW
MultiByteToWideChar
WideCharToMultiByte
SetLastError
Sleep
GetCurrentProcess
TerminateProcess
GetCurrentThread
LocalFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventA
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
GetModuleHandleW
lstrcpyW
lstrlenW
GetFullPathNameW
LoadLibraryExA
LoadLibraryExW
WriteConsoleW
SetEndOfFile
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
ReadConsoleW
GetConsoleMode
GetFileType
WriteFile
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetProcAddress
GetModuleFileNameW
FindResourceExW
VirtualFree
VirtualAlloc
CreateEventW
OpenMutexW
CreateMutexW
WaitForSingleObject
SetEvent
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
CloseHandle
DecodePointer
GetTempPathW
RemoveDirectoryW
ReadFile
GetFileSize
FindNextFileW
FindFirstFileW
GetEnvironmentVariableW
FindClose
DeleteFileW
CreateFileW
RtlUnwind
InitializeSListHead
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
OutputDebugStringW
IsDebuggerPresent
GetCPInfo
SetEnvironmentVariableW
LoadLibraryA
GetStringTypeW
GetLocaleInfoW
LCMapStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
GetFileAttributesW
GetVersionExA
GetCurrentThreadId
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualProtect
VirtualQuery
FreeLibrary
lstrcatA
GetFileAttributesA
lstrcpyA
WritePrivateProfileStringA
CreateDirectoryA
GetPrivateProfileStringA
SetPriorityClass
DeviceIoControl
GetVolumeInformationA
CreateFileA

user32

SendMessageW
PostThreadMessageW
FindWindowW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
ChangeWindowMessageFilter
SetWindowLongW
GetWindowLongW
DestroyWindow
IsWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
PostMessageW

advapi32

GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
MakeSelfRelativeSD
GetSecurityDescriptorOwner
GetSecurityDescriptorLength
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorControl

shell32

SHGetSpecialFolderPathA
SHCreateDirectoryExW
CommandLineToArgvW
SHGetFolderPathW
ShellExecuteExW

ole32

CoUninitialize
CoInitialize

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

iphlpapi

GetAdaptersInfo

ws2_32

closesocket
socket
WSAStartup

libexpat

ord21
ord20
ord48
ord35
ord25
ord50
ord52
ord16

shlwapi

StrCmpIW
StrCmpNIW
PathRemoveFileSpecW
PathFileExistsW
StrStrIW
PathAddBackslashW
PathCombineW
PathAppendW
PathFindExtensionW

Sections

.text
Size: 263KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 81KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c6f562b3b75e0f66f42083bf6d22093f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

version

iphlpapi

ws2_32

libexpat

shlwapi

Sections

.text Size: 263KB - Virtual size: 263KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 5KB - Virtual size: 8KB

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.rsrc Size: 201KB - Virtual size: 200KB

.reloc Size: 81KB - Virtual size: 84KB

.text
Size: 263KB - Virtual size: 263KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 5KB - Virtual size: 8KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.rsrc
Size: 201KB - Virtual size: 200KB

.reloc
Size: 81KB - Virtual size: 84KB