3d2cd2f89694918916100a8f703e5ce25ed9c4d2b7cc9d348b3acf6474d452bb

Sharing

Copy URL Twitter E-mail

General

Target

3d2cd2f89694918916100a8f703e5ce25ed9c4d2b7cc9d348b3acf6474d452bb
Size

7.2MB
MD5

35e61fb3193193271a42e9000ccb8121
SHA1

1fca80e831e98a021fb8b2aa35c26726dc60d2f7
SHA256

3d2cd2f89694918916100a8f703e5ce25ed9c4d2b7cc9d348b3acf6474d452bb
SHA512

48a95c2e8f062b14e0c07c1823d106495c892856d5b24723c1ca0717b13565d4860350d4cda41cc58f518027eaa2ed379a27ffdbf017c8ef3707baed58a765d8
SSDEEP

196608:PrzHdZcKQYKpISs0SGNKC2pBA4FLOyomFHKnP:zzCWSs02pBtF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d2cd2f89694918916100a8f703e5ce25ed9c4d2b7cc9d348b3acf6474d452bb

Files

3d2cd2f89694918916100a8f703e5ce25ed9c4d2b7cc9d348b3acf6474d452bb
.exe windows:5 windows x86 arch:x86

cdb5e566bcf5793429a63949b3dfe84f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\slave\workspace\DownHelper\bin\DownHelper\GoodGameSrv.pdb

Imports

iocptcp

TcpListen
TcpSetLinkAttr
TcpUninit
TcpInit
TcpCreate
TcpDestroy
TcpConnect
TcpSend
TcpGetLinkAddr

iocpudp

UdpSendTo
UdpUninit
UdpCreate
UdpInit
UdpDestroy

kernel32

QueryDepthSList
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
CreateThread
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCommandLineA
ExitProcess
AreFileApisANSI
RtlUnwind
VirtualAlloc
ExitThread
HeapQueryInformation
SetStdHandle
UnhandledExceptionFilter
CreateEventW
GetStartupInfoW
CreateSemaphoreW
IsValidCodePage
GetStringTypeW
GetTimeZoneInformation
GetDriveTypeW
GetConsoleCP
ReleaseSemaphore
InitializeSListHead
UnregisterWaitEx
GetVersionExW
VirtualFree
GetDateFormatW
GetTimeFormatW
InterlockedFlushSList
IsValidLocale
EnumSystemLocalesW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
GetCurrentDirectoryW
WriteConsoleW
SetEnvironmentVariableA
PeekNamedPipe
GetFullPathNameW
InterlockedPushEntrySList
InterlockedPopEntrySList
CreateFileMappingW
GetDiskFreeSpaceW
LockFileEx
GetTempPathW
HeapValidate
HeapCreate
UnlockFileEx
FlushViewOfFile
HeapCompact
CreateMutexW
GetExitCodeThread
FindResourceExW
GetUserDefaultLCID
GetDiskFreeSpaceA
VirtualProtect
SearchPathA
GetProfileIntA
GetTempFileNameA
GetTempPathA
VerifyVersionInfoA
VerSetConditionMask
CreateTimerQueue
TryEnterCriticalSection
FreeLibraryAndExitThread
GetThreadTimes
OutputDebugStringW
IsProcessorFeaturePresent
LCMapStringW
IsDebuggerPresent
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSectionAndSpinCount
HeapDestroy
LeaveCriticalSection
RaiseException
GetLastError
HeapSize
EnterCriticalSection
DecodePointer
DeleteCriticalSection
CloseHandle
GetTickCount
QueryPerformanceCounter
FreeLibrary
GetCurrentThread
GetFileAttributesA
SetLastError
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetCurrentDirectoryA
GetCurrentThreadId
OutputDebugStringA
GetVersionExA
ResumeThread
GetCurrentProcess
Process32First
GetDriveTypeA
OpenProcess
Sleep
CreateEventA
TerminateProcess
GetLogicalDriveStringsA
GetWindowsDirectoryA
lstrcpyA
GetACP
GetCPInfo
GetOEMCP
GetUserDefaultUILanguage
GetLocaleInfoW
CompareStringW
GlobalFindAtomA
FindResourceA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
FreeResource
GetSystemDirectoryW
EncodePointer
GlobalFlags
GlobalAddAtomA
GlobalGetAtomNameA
lstrcmpA
SetThreadPriority
CompareStringA
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
FindResourceW
MulDiv
GlobalUnlock
GlobalLock
GlobalSize
SizeofResource
LockResource
LoadResource
SetConsoleMode
ReadConsoleW
ReadConsoleA
GetConsoleMode
GetEnvironmentVariableW
LoadLibraryW
GlobalMemoryStatus
ConvertThreadToFiber
ConvertFiberToThread
FormatMessageW
GetModuleHandleExW
CreateFiber
DeleteFiber
SwitchToFiber
GetModuleHandleW
Process32Next
CreateToolhelp32Snapshot
CopyFileA
GetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SystemTimeToFileTime
GetSystemTime
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetSystemInfo
GlobalFree
GlobalAlloc
GetSystemTimes
GetComputerNameA
DeviceIoControl
InterlockedDecrement
InterlockedIncrement
GetDiskFreeSpaceExA
GetModuleFileNameW
GetCurrentProcessId
GetModuleHandleA
GetLocalTime
FormatMessageA
SetUnhandledExceptionFilter
VirtualQuery
FileTimeToLocalFileTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
SetConsoleCtrlHandler
ReleaseMutex
CreateMutexA
ResetEvent
InitializeCriticalSection
SetEvent
WaitForSingleObject
GetPrivateProfileSectionA
GetPrivateProfileStringA
LocalFree
DeleteFileW
GetFileAttributesExW
FindNextFileW
RemoveDirectoryW
GetFileType
SetFileAttributesA
lstrlenW
MultiByteToWideChar
CreateFileW
GetFileAttributesW
WideCharToMultiByte
GetFileAttributesExA
CreateDirectoryW
SetFilePointerEx
FindFirstFileW
DeleteFileA
DuplicateHandle
GetFileTime
FindNextFileA
MoveFileA
FindClose
lstrcmpiA
FindFirstFileA
GetFileSizeEx
FlushFileBuffers
ReadFile
GetVolumeInformationA
WriteFile
LockFile
UnlockFile
SetEndOfFile
lstrlenA
SetFilePointer
GetFileSize
CreateFileA
GetFullPathNameA
GetFileInformationByHandle

user32

GetKeyboardState
MapVirtualKeyExA
IsCharLowerA
GetKeyboardLayout
WaitMessage
PostThreadMessageA
GetSystemMenu
IsZoomed
GetComboBoxInfo
LoadMenuW
TrackMouseEvent
GetKeyNameTextA
ReuseDDElParam
UnpackDDElParam
InsertMenuItemA
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
BringWindowToTop
MonitorFromPoint
UpdateLayeredWindow
IsMenu
UnionRect
SetWindowRgn
DrawFrameControl
DrawEdge
LoadImageW
DrawStateA
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
EnumDisplayMonitors
SetLayeredWindowAttributes
MapVirtualKeyA
GetMenuDefaultItem
CreatePopupMenu
NotifyWinEvent
LoadCursorW
InvertRect
HideCaret
EnableScrollBar
GetAsyncKeyState
MessageBeep
GetIconInfo
DrawIconEx
LoadImageA
IsRectEmpty
OffsetRect
SetRectEmpty
DrawFocusRect
WindowFromPoint
ReleaseCapture
SetCapture
GetNextDlgGroupItem
IntersectRect
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
InvalidateRect
KillTimer
SetTimer
DeleteMenu
SetCursor
ShowOwnedPopups
ToAsciiEx
SystemParametersInfoA
InflateRect
GetMenuItemInfoA
DestroyMenu
FillRect
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutA
wsprintfA
GetSystemMetrics
CharUpperA
MapDialogRect
GrayStringA
DrawTextA
IsIconic
PostQuitMessage
IsDialogMessageA
SendDlgItemMessageA
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconW
LoadIconA
GetTopWindow
GetClassLongA
SetWindowLongA
EqualRect
CopyRect
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetClientRect
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
LoadAcceleratorsW
CreateAcceleratorTableA
DestroyAcceleratorTable
CopyAcceleratorTableA
SetCursorPos
SetRect
SetParent
LockWindowUpdate
SetClassLongA
GetDoubleClickTime
CopyIcon
SetMenuDefaultItem
ModifyMenuA
RegisterClipboardFormatA
CharUpperBuffA
FrameRect
DrawMenuBar
DefFrameProcA
TranslateMDISysAccel
IsClipboardFormatAvailable
GetUpdateRect
SubtractRect
CopyImage
CreateMenu
PeekMessageA
TranslateMessage
GetMessageA
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
GetMenuStringA
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuA
AppendMenuA
RemoveMenu
UnhookWindowsHookEx
SendMessageA
EnableWindow
IsWindowEnabled
GetWindowLongA
GetParent
GetWindowThreadProcessId
GetLastActivePopup
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
LoadCursorA
DestroyCursor
GetWindowRgn
DispatchMessageA
DrawIcon
DefMDIChildProcA
IsWindowVisible
GetActiveWindow
GetKeyState
ValidateRect
DrawTextExA
GetCursorPos
SetWindowsHookExA
CallNextHookEx
GetWindowTextA
GetWindowTextLengthA
DestroyIcon
GetDlgCtrlID
GetFocus
SetWindowTextA
GetWindowRect
ClientToScreen
PtInRect
GetDesktopWindow
GetClassNameA
GetWindow
RealChildWindowFromPoint
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoA
LoadBitmapW
RegisterWindowMessageA
GetMessagePos
GetMessageTime
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
GetClassInfoA
GetClassInfoExA
CreateWindowExA
IsWindow
IsChild
DestroyWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetDlgItem

gdi32

MoveToEx
TextOutA
ExtTextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectA
GetTextExtentPoint32A
CombineRgn
CreateRectRgnIndirect
PatBlt
SetRectRgn
DPtoLP
GetTextMetricsA
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesA
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
Rectangle
EnumFontFamiliesExA
GetRgnBox
OffsetRgn
CreateRoundRectRgn
RoundRect
FrameRgn
PtInRegion
SetPixelV
ExtFloodFill
SetPaletteEntries
FillRgn
GetBoundsRect
GetWindowOrgEx
LPtoDP
GetViewportOrgEx
GetTextFaceA
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
DeleteDC
CopyMetaFileA
CreateDCA
GetDeviceCaps
DeleteObject
CreateBitmap
SetBkColor
SetTextColor
GetObjectA
BitBlt
CreateCompatibleDC
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
CreateSolidBrush
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
GetTextCharsetInfo
SaveDC

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

StartServiceCtrlDispatcherA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
SetEntriesInAclA
SetNamedSecurityInfoA
RegSetValueExA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
CryptGenRandom
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
SetServiceStatus
RegisterServiceCtrlHandlerA
QueryServiceConfig2A
QueryServiceConfigA
OpenSCManagerA
QueryServiceStatus
CloseServiceHandle
OpenServiceA
FreeSid
AllocateAndInitializeSid

shell32

SHBrowseForFolderA
ShellExecuteA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileA
DragFinish
SHAppBarMessage

shlwapi

PathFindFileNameA
PathIsUNCA
PathStripToRootA
PathFileExistsA
PathFileExistsW
SHGetValueA
SHSetValueA
PathFindExtensionA
PathRemoveFileSpecW
StrFormatKBSizeA

uxtheme

CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
GetWindowTheme
GetThemePartSize
DrawThemeParentBackground
OpenThemeData
DrawThemeText

ole32

OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
DoDragDrop
CreateStreamOnHGlobal
CoDisconnectObject
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoSetProxyBlanket
CoCreateInstance
CoInitialize

oleaut32

SafeArrayGetElement
SysFreeString
SafeArrayGetUBound
VariantClear
SysAllocStringByteLen
LoadTypeLi
SysStringLen
SysAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit
VariantCopy
VariantChangeType
VarBstrFromDate
SafeArrayDestroy
SafeArrayGetLBound
SysAllocString

gdiplus

GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromScan0
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

ws2_32

WSASetLastError
getpeername
ioctlsocket
WSAStartup
getaddrinfo
WSASocketW
select
WSAGetLastError
setsockopt
WSACleanup
recv
socket
freeaddrinfo
__WSAFDIsSet
closesocket
send
getsockopt
getnameinfo
ntohl
ntohs
htonl
htons
connect
inet_pton

rpcrt4

UuidCreate

iphlpapi

GetAdaptersInfo

psapi

GetProcessMemoryInfo

wininet

InternetConnectA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetCrackUrlA
InternetReadFile
HttpQueryInfoA
InternetCloseHandle
InternetOpenA

pdh

PdhCloseQuery
PdhGetFormattedCounterValue
PdhOpenQueryA
PdhAddCounterA
PdhCollectQueryData

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmGetContext
ImmReleaseContext
ImmGetOpenStatus

winmm

PlaySoundA

crypt32

CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1004KB - Virtual size: 1003KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 239KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 298KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cdb5e566bcf5793429a63949b3dfe84f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iocptcp

iocpudp

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

uxtheme

ole32

oleaut32

gdiplus

version

ws2_32

rpcrt4

iphlpapi

psapi

wininet

pdh

setupapi

oleacc

imm32

winmm

crypt32

Sections

.text Size: 4.3MB - Virtual size: 4.3MB

.rdata Size: 1004KB - Virtual size: 1003KB

.data Size: 239KB - Virtual size: 292KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 298KB - Virtual size: 298KB

.text
Size: 4.3MB - Virtual size: 4.3MB

.rdata
Size: 1004KB - Virtual size: 1003KB

.data
Size: 239KB - Virtual size: 292KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 298KB - Virtual size: 298KB