83d8982d8a6a09d4d67b38a3ff10d4795f13558a96a14d0f3d95f4aed3044e5c

Sharing

Copy URL

Twitter E-mail

General

Target

83d8982d8a6a09d4d67b38a3ff10d4795f13558a96a14d0f3d95f4aed3044e5c
Size

1.3MB
MD5

c53d183e3ddbc052e8db7021888f32a8
SHA1

f366de0dd0f1a5042ed2316eab0dea656cbb6566
SHA256

83d8982d8a6a09d4d67b38a3ff10d4795f13558a96a14d0f3d95f4aed3044e5c
SHA512

dc9f937098c41cbadef1708358c14370003080f124c0c190ad775265c7321eb5304ea6e6d01d6d86ecf19b701e8ccd0ed2e7990899ad41d44879a5d9ed16c6d1
SSDEEP

24576:x72gW4IX0RYplwr9Jcsslua9Cp/TNIPbhz903yXTDQ3HQyKF29kq:x720GpgJXa9Cp/Tyzh63yXTD8HQyKF9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
83d8982d8a6a09d4d67b38a3ff10d4795f13558a96a14d0f3d95f4aed3044e5c

Files

83d8982d8a6a09d4d67b38a3ff10d4795f13558a96a14d0f3d95f4aed3044e5c
.exe windows:5 windows x86 arch:x86

6270d073ac43740c333f943b13751540

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\dailybuild_fix_5.4\wegame_client\build\bin\Release\tcls_core.pdb

Imports

psapi

GetModuleFileNameExA
GetProcessImageFileNameW
GetModuleFileNameExW

rpcrt4

UuidCreate

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

common

?get_game_path_by_tcls@util_version_cfg@ierd_tgp@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV34@@Z
?get_current_language@overseas@ierd_tgp@@YAHXZ
?CovertToTPLangValue@overseas@ierd_tgp@@YAHH@Z
?get_proxy_config@net@ierd_tgp@@YA_NPAUproxy_config_t@12@@Z
?get_tcls_path@util_version_cfg@ierd_tgp@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV34@@Z

kernel32

HeapAlloc
HeapFree
FreeLibrary
GetProcAddress
GlobalMemoryStatusEx
GetCurrentProcess
GetLastError
GetSystemInfo
LoadLibraryW
GetModuleFileNameW
GetModuleHandleW
OutputDebugStringW
GetPrivateProfileStringW
GetFileAttributesW
GetVersionExW
IsWow64Process
LocalFree
ReleaseMutex
WaitForSingleObject
CloseHandle
MapViewOfFile
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
OpenFileMappingW
CreateProcessW
MultiByteToWideChar
SetLastError
GetTickCount
GetCurrentProcessId
TerminateProcess
ResumeThread
WaitForMultipleObjects
CreateEventA
GetPrivateProfileIntW
SetFileAttributesW
DeleteFileW
CopyFileW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
WritePrivateProfileStringW
WideCharToMultiByte
GetFileTime
CreateFileMappingA
OpenFileMappingA
CreateFileA
OpenProcess
SetEvent
CreateEventW
GetCommandLineW
RegisterWaitForSingleObject
UnregisterWaitEx
GetDateFormatW
Module32NextW
OpenMutexW
GetLogicalDriveStringsW
QueryDosDeviceW
WriteFile
FindClose
CreateFileW
FindFirstFileW
FindNextFileW
GetExitCodeProcess
Sleep
OpenEventW
SetEnvironmentVariableW
GetLongPathNameW
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
GetLocalTime
MoveFileExW
OutputDebugStringA
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetModuleFileNameA
GetModuleHandleExA
LoadLibraryA
GetUserDefaultLCID
SleepEx
SetEndOfFile
WriteConsoleW
GetConsoleCP
FlushFileBuffers
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
HeapSize
HeapReAlloc
GetACP
GetStdHandle
GetModuleHandleExW
ExitProcess
GetTimeFormatW
IsValidLocale
Module32FirstW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetDriveTypeW
CreateDirectoryW
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
SetFilePointerEx
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
GetStringTypeW
EncodePointer
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
RtlUnwind
LoadLibraryExW
GetFileAttributesExW
ReadFile
GetTimeZoneInformation

user32

CreateWindowExW
SetTimer
KillTimer
PostMessageW
IsWindow
GetMessageW
TranslateMessage
LoadIconW
ShowWindow
SetWindowLongW
GetWindowLongW
MessageBoxW
PeekMessageW
wsprintfW
FindWindowW
SendMessageW
RegisterClassExW
LoadCursorW
ClipCursor
SetCursor
UpdateWindow
TranslateAcceleratorW
LoadAcceleratorsW
EndDialog
DialogBoxParamW
DispatchMessageW
DefWindowProcW
PostQuitMessage
DestroyWindow

shell32

SHFileOperationW
SHGetFolderPathW
CommandLineToArgvW

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AllocateLocallyUniqueId

shlwapi

PathFileExistsW
PathFindExtensionW
PathFindFileNameW
PathRemoveBackslashW
PathRemoveFileSpecW
PathAppendW

ws2_32

recv
send
ioctlsocket
socket
WSAGetLastError
select
__WSAFDIsSet
connect
closesocket
inet_addr
htonl
ntohl
WSAStartup
WSACleanup
inet_ntoa
gethostbyname
htons

Sections

.text
Size: 765KB - Virtual size: 765KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 235KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 54KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 243KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6270d073ac43740c333f943b13751540

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

rpcrt4

version

common

kernel32

user32

shell32

advapi32

shlwapi

ws2_32

Sections

.text Size: 765KB - Virtual size: 765KB

.rdata Size: 235KB - Virtual size: 235KB

.data Size: 54KB - Virtual size: 73KB

.rsrc Size: 243KB - Virtual size: 244KB

.text
Size: 765KB - Virtual size: 765KB

.rdata
Size: 235KB - Virtual size: 235KB

.data
Size: 54KB - Virtual size: 73KB

.rsrc
Size: 243KB - Virtual size: 244KB