Europa-Universalis-IV-v1[.]35[.]3[.]0-321897[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Europa-Universalis-IV-v1.35.3.0-321897.zip
Size

17.4MB
MD5

703cd077601adf50c883d4c91bbfa0d4
SHA1

6494773c610f0ada9da8db607f4a6ca2973467e8
SHA256

939ac4b0236a78b731ffc2bd8437860ed44b48dd5d7c4c745de9e4dbe2ad63e0
SHA512

7b665749ad7d95646fed14acce0d35153ec0bdea1cf70666b8567d73cbde0311525117bd7c368386713894129c6c805cd7edf5bc274226827cee5d721c77d272
SSDEEP

393216:Yp7ADtnnRY6nvg+6Ce2XcLgs+WmWHqOlAAOXWr:0kD06f66XWgF8qOlAdXY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Setupprogram_01234.exe

Files

Europa-Universalis-IV-v1.35.3.0-321897.zip
.zip
Setupprogram_01234.exe
.exe windows:6 windows x86 arch:x86

54fd1bf9eef8b65eee1ffc42a5a83e2c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThread
InitializeCriticalSectionAndSpinCount
GetDateFormatW
SleepEx
DeleteTimerQueueTimer
GetModuleHandleA
GetModuleHandleExW
GetCurrentProcessId
FileTimeToSystemTime
GetVersionExW
GetModuleHandleW
SetFileTime
ReadFile
VirtualProtect
SetFileAttributesW
GlobalMemoryStatus
LocalFree
GetFileAttributesExW
lstrcatA
GetConsoleMode
CreateThread
GetEnvironmentVariableA
LoadLibraryExW
CompareFileTime
EnterCriticalSection
GetCPInfo
CreateEventW
CompareStringW
TlsAlloc
GetTimeZoneInformation
GetSystemDirectoryW
ReadConsoleW
UnregisterWait
DeleteCriticalSection
GetFileType
GetCommandLineW
GetUserDefaultLCID
GetStartupInfoW
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
UnhandledExceptionFilter
WriteConsoleW
WriteFile
RtlUnwind
CreateDirectoryW
GlobalFree
GetSystemTimeAsFileTime
RaiseException
QueryPerformanceCounter
SetFilePointerEx
WaitForMultipleObjects
GetFileSizeEx
UnregisterWaitEx
GetThreadPriority
GetFullPathNameW
FindClose
DeleteFileW
QueryDepthSList
RemoveDirectoryW
GetProcessHeap
TryEnterCriticalSection
MultiByteToWideChar
FreeEnvironmentStringsW
GetACP
WaitForSingleObjectEx
GetFileAttributesW
TerminateProcess
EncodePointer
GetEnvironmentStringsW
VerifyVersionInfoW
DecodePointer
SystemTimeToTzSpecificLocalTime
SetEvent
GetThreadTimes
GetCommandLineA
FormatMessageW
GetLastError
GlobalAlloc
VerSetConditionMask
ReleaseSemaphore
LeaveCriticalSection
DuplicateHandle
InitializeCriticalSection
LoadLibraryW
ExitProcess
GetProcessAffinityMask
InitializeSListHead
GetVersion
GetProcAddress
HeapFree
GetCurrentDirectoryW
GetSystemInfo
SetEnvironmentVariableW
RegisterWaitForSingleObject
FlushFileBuffers
PeekNamedPipe
FreeLibraryAndExitThread
GetTimeFormatW
SetLastError
HeapReAlloc
FindFirstFileExW
Sleep
LCMapStringW
FreeLibrary
SignalObjectAndWait
SetEndOfFile
GetCurrentProcess
CreateFileW
EnumSystemLocalesW
GetDriveTypeW
QueryPerformanceFrequency
InterlockedPopEntrySList
SetThreadPriority
CreateTimerQueueTimer
VirtualAlloc
SetThreadAffinityMask
GetCurrentThreadId
GetStringTypeW
GetLocaleInfoW
SetFilePointer
WideCharToMultiByte
ResetEvent
GetLogicalProcessorInformation
GetNumaHighestNodeNumber
GlobalUnlock
MoveFileExW
IsValidCodePage
AcquireSRWLockExclusive
InterlockedFlushSList
GetConsoleOutputCP
IsValidLocale
CloseHandle
InterlockedPushEntrySList
GetOEMCP
VirtualFree
GetTickCount64
CreateSemaphoreW
CreateTimerQueue
InitializeCriticalSectionEx
SetPriorityClass
ChangeTimerQueueTimer
lstrlenA
TlsSetValue
IsProcessorFeaturePresent
GetFileInformationByHandle
FindNextFileW
GetFileSize
MoveFileW
GlobalLock
FileTimeToLocalFileTime
GetLogicalDriveStringsW
FindFirstFileW
TlsGetValue
WaitForSingleObject
HeapAlloc
GetTickCount
GetStdHandle
ExitThread
SetStdHandle
ReleaseSRWLockExclusive
TlsFree
GetModuleFileNameW
SwitchToThread

user32

KillTimer
GetWindowRect
IsDlgButtonChecked
SetTimer
MapDialogRect
CheckDlgButton
GetWindowTextLengthW
LoadCursorW
SystemParametersInfoW
SetDlgItemTextW
GetWindowTextW
GetWindowLongW
OpenClipboard
CloseClipboard
MessageBoxA
MonitorFromWindow
EmptyClipboard
GetParent
SetClipboardData
SetFocus
PostMessageW
GetDlgItem
LoadIconW
CharUpperW
LoadStringW
GetKeyState
SetWindowLongW
DialogBoxParamW
ScreenToClient
InvalidateRect
MessageBoxW
EnableWindow
EndDialog
SetWindowTextW
SetCursor
GetFocus
wsprintfA
SendMessageW
GetMonitorInfoA
MoveWindow
ShowWindow

advapi32

CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CloseServiceHandle
CryptImportKey
CryptDestroyKey
CryptReleaseContext
CryptDestroyHash
CryptEncrypt

shell32

SHGetPathFromIDListW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHBrowseForFolderW

ole32

OleInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitialize

oleaut32

SysAllocString
SysFreeString
VariantClear
SysAllocStringLen
SysStringLen

bcrypt

BCryptGenRandom

crypt32

CertAddCertificateContextToStore
CryptDecodeObjectEx
CertOpenStore
CryptStringToBinaryW
CertFindCertificateInStore
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateContext
PFXImportCertStore
CertFreeCertificateChain
CertCloseStore
CertEnumCertificatesInStore
CertGetNameStringW
CryptQueryObject
CertFindExtension

wldap32

ord73
ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord145
ord219
ord46
ord14
ord216
ord208
ord41
ord117
ord26
ord27

ws2_32

recvfrom
sendto
getpeername
ioctlsocket
gethostname
WSAWaitForMultipleEvents
getaddrinfo
getsockopt
send
WSAResetEvent
WSAEnumNetworkEvents
WSACreateEvent
socket
WSAEventSelect
WSAIoctl
closesocket
WSAGetLastError
ntohs
WSASetLastError
WSAStartup
WSACleanup
htons
setsockopt
WSACloseEvent
__WSAFDIsSet
select
accept
bind
connect
getsockname
htonl
listen
recv
freeaddrinfo

Sections

.text
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 278KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

54fd1bf9eef8b65eee1ffc42a5a83e2c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

bcrypt

crypt32

wldap32

ws2_32

Sections

.text Size: 6.7MB - Virtual size: 6.7MB

.rdata Size: 278KB - Virtual size: 277KB

.data Size: 13KB - Virtual size: 34KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 97KB - Virtual size: 96KB

.text
Size: 6.7MB - Virtual size: 6.7MB

.rdata
Size: 278KB - Virtual size: 277KB

.data
Size: 13KB - Virtual size: 34KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 97KB - Virtual size: 96KB