56e2fb32bc8ecce4199d5208f80abb75b6aede376170d11d312bc6604a78f0aa

Sharing

Copy URL Twitter E-mail

General

Target

56e2fb32bc8ecce4199d5208f80abb75b6aede376170d11d312bc6604a78f0aa
Size

4.5MB
MD5

ce8760f63b1cddd369070b669e857925
SHA1

348f9b2dccf40cc9ada8d07bf9d7de1c4272ebf0
SHA256

56e2fb32bc8ecce4199d5208f80abb75b6aede376170d11d312bc6604a78f0aa
SHA512

0663963eb7131e427dd14f717c69db75f256fdce3cb819f09289c4a48f74345349d311fe9a188d4a8690bcfe2fc7ed3174a7c45b16a854230275b256923575ae
SSDEEP

98304:ytEOxucFUCIcNcGlg0FcCF3bQPih/H3FLOAkGkzdnEVomFHKnPLNh:OhQehF3EPih/XFLOyomFHKnP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56e2fb32bc8ecce4199d5208f80abb75b6aede376170d11d312bc6604a78f0aa

Files

56e2fb32bc8ecce4199d5208f80abb75b6aede376170d11d312bc6604a78f0aa
.exe windows:5 windows x86 arch:x86

79789d600dfbdbff64002c321ad06b8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\slave\workspace\DownHelper\bin\DownHelper\GoodGame.pdb

Imports

iocptcp

TcpUninit
TcpSend
TcpDestroy
TcpCreate
TcpInit
TcpConnect
TcpGetLinkAddr

iocpudp

UdpInit
UdpUninit

kernel32

CreateTimerQueue
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
CreateThread
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCommandLineA
RtlUnwind
GetSystemInfo
VirtualAlloc
ExitThread
ExitProcess
GetModuleHandleExW
AreFileApisANSI
HeapQueryInformation
SetStdHandle
GetStdHandle
CreateEventW
GetStartupInfoW
CreateSemaphoreW
IsValidCodePage
GetStringTypeW
GetDriveTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
ReadConsoleW
ReleaseSemaphore
InitializeSListHead
UnregisterWaitEx
GetVersionExW
VirtualFree
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringW
GetCurrentDirectoryW
WriteConsoleW
SetEnvironmentVariableA
FreeLibraryAndExitThread
UnhandledExceptionFilter
GetExitCodeThread
IsProcessorFeaturePresent
IsDebuggerPresent
GetThreadTimes
HeapReAlloc
HeapAlloc
HeapFree
GetTickCount
GetProcessHeap
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
RaiseException
GetLastError
HeapSize
EnterCriticalSection
DecodePointer
DeleteCriticalSection
QueryPerformanceCounter
FreeLibrary
GetCurrentThread
GetFileAttributesA
SetLastError
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetCurrentDirectoryA
GetCurrentThreadId
OutputDebugStringA
GetVersionExA
CloseHandle
ResumeThread
GetCurrentProcess
Process32First
GetDriveTypeA
OpenProcess
Sleep
CreateEventA
TerminateProcess
GetLogicalDriveStringsA
Process32Next
CreateToolhelp32Snapshot
GetFullPathNameA
CreateFileA
GetFileSize
GetUserDefaultLCID
FindResourceExW
VirtualProtect
GetTempFileNameA
GetTempPathA
GetProfileIntA
SearchPathA
SetErrorMode
GetWindowsDirectoryA
VerifyVersionInfoA
VerSetConditionMask
GetCPInfo
GetOEMCP
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetACP
GlobalFlags
GetPrivateProfileIntA
lstrcmpA
SetThreadPriority
CompareStringA
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
SetFilePointer
lstrlenA
SetEndOfFile
GetSystemDirectoryW
EncodePointer
GlobalSize
FindResourceA
GlobalUnlock
GlobalLock
FreeResource
LoadLibraryW
GetModuleHandleW
LocalAlloc
InterlockedDecrement
LockResource
SizeofResource
LoadResource
FindResourceW
MulDiv
InterlockedIncrement
lstrcpyA
GlobalFree
GlobalAlloc
GetDiskFreeSpaceExA
GetModuleFileNameW
GetCurrentProcessId
GetModuleHandleA
GetLocalTime
FormatMessageA
SetUnhandledExceptionFilter
VirtualQuery
FileTimeToLocalFileTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
CreateMutexA
InitializeCriticalSection
SetEvent
WaitForSingleObject
GetPrivateProfileSectionA
WritePrivateProfileStringA
GetPrivateProfileStringA
LocalFree
DeleteFileW
GetFileType
SetFileAttributesA
CopyFileA
RemoveDirectoryA
MultiByteToWideChar
CreateFileW
WideCharToMultiByte
GetFileAttributesExA
CreateDirectoryW
SetFilePointerEx
DeleteFileA
DuplicateHandle
GetFileTime
FindNextFileA
FindClose
GetThreadLocale
lstrcmpiA
FindFirstFileA
GetFileSizeEx
FlushFileBuffers
ReadFile
GetVolumeInformationA
WriteFile
LockFile
UnlockFile

user32

UnpackDDElParam
InsertMenuItemA
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
InvertRect
HideCaret
GetUpdateRect
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
CharNextA
SetClassLongA
DestroyAcceleratorTable
CopyIcon
GetIconInfo
GetDoubleClickTime
LockWindowUpdate
SetRect
SetCursorPos
LoadImageW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SetParent
EnumDisplayMonitors
SetLayeredWindowAttributes
MonitorFromPoint
UnionRect
EnableScrollBar
UpdateLayeredWindow
IsMenu
SetMenuDefaultItem
GetMenuDefaultItem
CreatePopupMenu
NotifyWinEvent
SetRectEmpty
MessageBeep
GetAsyncKeyState
IsZoomed
TrackMouseEvent
DestroyIcon
LoadCursorW
WindowFromPoint
ReleaseCapture
SetCapture
WaitMessage
DeleteMenu
CopyImage
LoadCursorA
RealChildWindowFromPoint
InvalidateRect
MapDialogRect
SetWindowContextHelpId
DrawIconEx
IsRectEmpty
OffsetRect
DrawFocusRect
GetSysColorBrush
SetWindowRgn
DrawStateA
DrawFrameControl
DrawEdge
SetCursor
ShowOwnedPopups
PostQuitMessage
FillRect
ClientToScreen
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
IntersectRect
IsDialogMessageA
ReuseDDElParam
CheckDlgButton
MoveWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconA
CallNextHookEx
SetWindowsHookExA
GetWindow
GetTopWindow
GetClassNameA
GetClassLongA
SetWindowLongA
PtInRect
EqualRect
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowTextLengthA
GetWindowTextA
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
UnregisterClassA
wsprintfA
GetSystemMetrics
CharUpperA
DispatchMessageA
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
SetFocus
GetDlgCtrlID
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
SystemParametersInfoA
GetMenuItemInfoA
DestroyMenu
RemoveMenu
InsertMenuA
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMenuStringA
RegisterClipboardFormatA
CharUpperBuffA
GetKeyboardLayout
GetKeyboardState
ToAsciiEx
LoadAcceleratorsW
CreateAcceleratorTableA
FrameRect
PostThreadMessageA
SubtractRect
IsClipboardFormatAvailable
IsCharLowerA
MapVirtualKeyExA
DrawMenuBar
DefFrameProcA
DefMDIChildProcA
TranslateMDISysAccel
UnhookWindowsHookEx
GetDesktopWindow
GetComboBoxInfo
DestroyCursor
CreateMenu
GetWindowRgn
SetWindowTextA
PeekMessageA
TranslateMessage
GetMessageA
EnableWindow
PostMessageA
GetCursorPos
LoadMenuW
SendMessageA
GetSubMenu
GetSysColor
InflateRect
GetFocus
GetWindowRect
KillTimer
SetTimer
FindWindowA
IsWindow
ShowWindow
MessageBoxA
SetForegroundWindow
GetWindowThreadProcessId
LoadImageA
AppendMenuA
SetWindowPos
BringWindowToTop
LoadIconW
GetForegroundWindow
RegisterWindowMessageA
GetClientRect
DrawIcon
AttachThreadInput
IsIconic
SetActiveWindow
GetSystemMenu
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoA
GetParent
LoadBitmapW
GetKeyNameTextA
MapVirtualKeyA
GetDC
ReleaseDC
CopyRect
SendDlgItemMessageA
IsWindowEnabled
GetWindowLongA
GetLastActivePopup
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetDlgItem
GetNextDlgTabItem
GetActiveWindow
ModifyMenuA

gdi32

GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
GetViewportExtEx
Polyline
GetTextMetricsA
CreateRoundRectRgn
CreateCompatibleBitmap
CreateDIBSection
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
RealizePalette
SetPixel
StretchBlt
SetDIBColorTable
Rectangle
GetPixel
OffsetRgn
RoundRect
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExA
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
LPtoDP
GetWindowOrgEx
SetPixelV
GetTextFaceA
Polygon
GetStockObject
GetClipBox
ExcludeClipRect
Escape
CreateSolidBrush
CreatePen
CreateHatchBrush
DPtoLP
GetMapMode
DeleteObject
CreateRectRgn
CreatePatternBrush
CombineRgn
SetTextColor
SetBkColor
ExtTextOutA
GetObjectA
GetTextExtentPoint32A
CreateFontIndirectA
CreateCompatibleDC
BitBlt
GetDeviceCaps
CreateDCA
CopyMetaFileA
PatBlt
CreateBitmap
SetRectRgn
DeleteDC
GetRgnBox
GetObjectType
GetBkColor
CreateRectRgnIndirect

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegEnumValueA
RegEnumKeyA
RegSetValueExA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
QueryServiceStatusEx
ChangeServiceConfigA
CreateServiceA
ChangeServiceConfig2A
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
QueryServiceConfig2A
ControlService
QueryServiceConfigA
OpenSCManagerA
QueryServiceStatus
StartServiceA
CloseServiceHandle
OpenServiceA
RegQueryValueA

shell32

SHGetFileInfoA
ShellExecuteA
SHFileOperationA
Shell_NotifyIconA
ShellExecuteW
SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation
DragFinish
DragQueryFileA
SHAppBarMessage
ShellExecuteExA
SHGetDesktopFolder
SHBrowseForFolderA

comctl32

InitCommonControlsEx

shlwapi

PathIsUNCA
PathStripToRootA
PathFindFileNameA
PathFileExistsA
PathFindExtensionA
StrFormatKBSizeA
PathRemoveFileSpecW

uxtheme

GetWindowTheme
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
IsAppThemed
DrawThemeText
DrawThemeParentBackground
GetThemePartSize

ole32

CLSIDFromProgID
CLSIDFromString
CoInitialize
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoRegisterMessageFilter
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoRevokeClassObject
CoDisconnectObject
CreateStreamOnHGlobal
CoGetClassObject
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleLockRunning
CoFreeUnusedLibraries
CoSetProxyBlanket
CoCreateInstance
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleUninitialize
OleInitialize

oleaut32

SafeArrayGetElement
SysFreeString
SafeArrayGetUBound
SysAllocStringByteLen
SysAllocStringLen
VariantClear
VariantChangeType
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit
VariantCopy
VarBstrFromDate
LoadTypeLi
OleCreateFontIndirect
SafeArrayDestroy
SysAllocString
SafeArrayGetLBound

oledlg

ord8

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdiplusShutdown
GdipAlloc

ws2_32

ntohs
htons
ntohl
htonl

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 523KB - Virtual size: 523KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 137KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79789d600dfbdbff64002c321ad06b8c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iocptcp

iocpudp

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

ws2_32

version

oleacc

imm32

winmm

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 523KB - Virtual size: 523KB

.data Size: 137KB - Virtual size: 178KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 196KB - Virtual size: 195KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 523KB - Virtual size: 523KB

.data
Size: 137KB - Virtual size: 178KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 196KB - Virtual size: 195KB