Windows7Games_for_Windows_11_10_8[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Windows7Games_for_Windows_11_10_8.zip
Size

146.7MB
MD5

792b397de16eee6df930b6821d1f0209
SHA1

804a28acc805aad118c5de22d67ed6e7e820365e
SHA256

a491d9c78b1016beaf3ce09265f64f3945c3f1d936414a2c2d73ae64c49e4743
SHA512

7cb67351b7a815f1217466837b5b28aba1486e6ec1ad88ba3d1d0a23c6cb8f3c5b96c79278ba6232c593b7152825d7a93eaa705df5b1892a6545878c59096321
SSDEEP

3145728:km1gHBJ3oDNIrn2lIDujugM/1zVFprYl5++c+7T3ZTxtpRXylN9UaI7+:kFBJ3oDmrnYIajugmrYl5lc039xtXDPC

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Windows7Games_for_Windows_11_10_8.exe
unpack002/$PLUGINSDIR/LangDLL.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/nsDialogs.dll
unpack002/Chess/chess.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/Windows7Games_for_Windows_11_10_8.exe	nsis_installer_1
static1/unpack001/Windows7Games_for_Windows_11_10_8.exe	nsis_installer_2

Files

Windows7Games_for_Windows_11_10_8.zip
.zip
Windows7Games_for_Windows_11_10_8.exe
.exe windows:4 windows x86 arch:x86

f10e4da994053bf80c20cee985b32e29

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetFileSecurityA
RegOpenKeyExA
RegEnumValueA

shell32

SHGetFileInfoA
SHFileOperationA
SHGetPathFromIDListA
ShellExecuteExA
SHGetSpecialFolderLocation
SHBrowseForFolderA

ole32

IIDFromString
OleInitialize
OleUninitialize
CoCreateInstance
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

SetClipboardData
CharPrevA
CallWindowProcA
PeekMessageA
DispatchMessageA
MessageBoxIndirectA
GetDlgItemTextA
SetDlgItemTextA
GetSystemMetrics
CreatePopupMenu
AppendMenuA
TrackPopupMenu
FillRect
EmptyClipboard
LoadCursorA
GetMessagePos
CheckDlgButton
SetWindowPos
SetCursor
GetSysColor
SetClassLongA
GetWindowLongA
IsWindowEnabled
GetWindowRect
GetSystemMenu
EnableMenuItem
RegisterClassA
ScreenToClient
EndDialog
GetClassInfoA
SystemParametersInfoA
CreateWindowExA
ExitWindowsEx
DialogBoxParamA
CharNextA
SetTimer
DestroyWindow
CreateDialogParamA
SetForegroundWindow
SetWindowTextA
PostQuitMessage
SendMessageTimeoutA
ShowWindow
wsprintfA
GetDlgItem
FindWindowExA
IsWindow
GetDC
SetWindowLongA
LoadImageA
InvalidateRect
ReleaseDC
EnableWindow
BeginPaint
SendMessageA
DefWindowProcA
DrawTextA
GetClientRect
EndPaint
IsWindowVisible
CloseClipboard
OpenClipboard

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetProcAddress
GetSystemDirectoryA
WideCharToMultiByte
MoveFileExA
GetTempFileNameA
RemoveDirectoryA
WriteFile
CreateDirectoryA
GetLastError
CreateProcessA
GlobalLock
GlobalUnlock
CreateThread
lstrcpynA
SetErrorMode
GetDiskFreeSpaceA
lstrlenA
GetCommandLineA
GetVersionExA
GetWindowsDirectoryA
SetEnvironmentVariableA
GetTempPathA
CopyFileA
GetCurrentProcess
ExitProcess
GetModuleFileNameA
GetFileSize
ReadFile
GetTickCount
Sleep
CreateFileA
GetFileAttributesA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetShortPathNameA
MoveFileA
CompareFileTime
SetFileTime
SearchPathA
lstrcmpiA
lstrcmpA
CloseHandle
GlobalFree
GlobalAlloc
ExpandEnvironmentStringsA
LoadLibraryExA
FreeLibrary
lstrcpyA
lstrcatA
FindClose
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
SetFilePointer
GetModuleHandleA
FindNextFileA
FindFirstFileA
DeleteFileA
MulDiv

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

274b99a815ba574d8c9e1712916d8b30

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GlobalAlloc
lstrcmpA
GetModuleHandleA
lstrlenA
MulDiv
lstrcpynA
GetACP
lstrcpyA

user32

SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
SetWindowTextA
LoadIconA
GetDC
ShowWindow
SendMessageA

gdi32

DeleteObject
CreateFontIndirectA
GetDeviceCaps

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 362B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 654B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

ebc2d915841be8afc8fa1ee9f6850960

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
lstrcpyA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
lstrcmpiA
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
SetCurrentDirectoryA
HeapAlloc

user32

DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
GetPropA
CharPrevA
DrawFocusRect
GetWindowLongA
DrawTextA
GetClientRect
SetWindowLongA
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamA
MapDialogRect
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
CharNextA
SendMessageA
MapWindowPoints
RemovePropA
GetWindowTextA

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Chess/chess.exe
.exe windows:6 windows x64 arch:x64

00fbb766e808e50e691b3aeea88e7316

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Chess.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
GetUserNameW

kernel32

LockResource
CreateDirectoryW
LocalFree
OutputDebugStringW
MoveFileW
LoadResource
FindResourceW
QueryPerformanceCounter
QueryPerformanceFrequency
GetVersionExW
LoadLibraryA
FreeLibrary
GetLocaleInfoW
HeapFree
GetProcessHeap
HeapAlloc
CompareStringA
GlobalFree
GlobalAlloc
lstrlenW
SetEvent
ResetEvent
WaitForSingleObject
WaitForMultipleObjects
CreateEventW
MultiByteToWideChar
LoadLibraryW
GetSystemDirectoryW
SetCurrentDirectoryW
DeleteCriticalSection
GetProcAddress
GetVersionExA
InitializeCriticalSection
GetFileType
GetCurrentDirectoryW
WriteConsoleW
GetStdHandle
GetTickCount64
CreateThread
FormatMessageW
LocalAlloc
GetThreadLocale
FindResourceExW
ExpandEnvironmentStringsW
LoadLibraryExW
EnumResourceTypesW
EnumResourceNamesW
lstrcmpiA
GetSystemInfo
SetEndOfFile
GlobalMemoryStatus
GetFullPathNameA
FreeResource
SetFilePointer
DeleteFileA
GetTempPathA
GetTempFileNameA
ReadFile
VirtualAlloc
VirtualFree
WriteFile
FindResourceA
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetFileSize
CreateFileA
GetModuleHandleA
IsProcessorFeaturePresent
WideCharToMultiByte
DebugBreak
OutputDebugStringA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
SetUnhandledExceptionFilter
GetStartupInfoW
CloseHandle
DeleteFileW
HeapSetInformation
LeaveCriticalSection
EnterCriticalSection
Sleep
MulDiv
ExitProcess
GetCurrentThreadId
CreateMutexW
GetLastError
GetCommandLineW
SizeofResource
CreateFileW
GetModuleHandleW
GetModuleFileNameW
RegisterApplicationRestart

gdi32

GetTextColor
CreatePen
Rectangle
CreateRoundRectRgn
ExtTextOutA
GetObjectA
SetTextAlign
GetTextMetricsA
GetCharacterPlacementA
SetMapMode
SetBkMode
GetFontLanguageInfo
CreateFontIndirectA
CreateDIBSection
DeleteDC
GetCharacterPlacementW
GetGlyphOutlineA
GetTextMetricsW
MoveToEx
GetObjectW
GetStockObject
ExcludeClipRect
BitBlt
CreateBitmap
CreateCompatibleDC
ExtTextOutW
SetBkColor
SetTextColor
GetTextExtentPoint32W
SelectObject
CreateFontIndirectW
GetDeviceCaps
DeleteObject
CreateSolidBrush
GetBkColor

user32

GetFocus
DialogBoxParamW
SetWindowTextW
GetCursorInfo
GetKeyboardLayoutList
GetClientRect
ClientToScreen
SendMessageW
GetSystemMetrics
GetKeyboardLayout
GetMenu
EnableMenuItem
GetSubMenu
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
SetRect
NotifyWinEvent
GetWindowRect
IsZoomed
SetDlgItemTextW
GetMenuItemCount
GetMenuItemInfoW
DefWindowProcW
SetMenuItemInfoW
SetMenuInfo
TrackPopupMenu
FindWindowW
ShowWindow
BringWindowToTop
SetForegroundWindow
LoadMenuW
RemoveMenu
SetWindowsHookExW
GetKeyState
GetMonitorInfoW
MonitorFromWindow
GetWindowPlacement
SetWindowPlacement
UpdateWindow
RegisterRawInputDevices
SetWindowPos
PostQuitMessage
GetMessageExtraInfo
PostMessageW
IsIconic
GetDoubleClickTime
GetProcessDefaultLayout
DrawTextW
GetSysColorBrush
GetIconInfo
LoadIconW
CallWindowProcW
SetWindowLongW
EndPaint
IsWindowEnabled
BeginPaint
EnumChildWindows
SetWindowRgn
EndDialog
IsDialogMessageW
GetClassNameW
GetNextDlgTabItem
GetNextDlgGroupItem
CreateDialogParamW
CreateDialogIndirectParamW
SetFocus
GetDlgCtrlID
GetWindow
SendInput
GetParent
GetForegroundWindow
MessageBoxW
KillTimer
UnregisterClassW
PtInRect
OffsetRect
ReleaseCapture
SetCapture
EqualRect
UnionRect
MonitorFromRect
SetRectEmpty
DestroyWindow
DestroyMenu
LoadAcceleratorsW
UnhookWindowsHookEx
ShowCursor
CheckRadioButton
CheckDlgButton
EnableWindow
GetDlgItem
IsDlgButtonChecked
SetCursor
LoadCursorW
LoadStringW
CheckMenuItem
GetDC
SystemParametersInfoW
ReleaseDC
GetSysColor
DrawFrameControl
GetRawInputData
GetCursorPos
MapWindowPoints
SetCursorPos
CallNextHookEx
EnumDisplayMonitors
RegisterWindowMessageW
RegisterClassW
GetClassLongPtrW
InvalidateRect
AdjustWindowRect
CreateWindowExW
SetWindowLongPtrW
GetWindowTextW
GetWindowLongPtrW
GetWindowLongW
IsWindowVisible
TranslateAcceleratorW
DestroyAcceleratorTable
SetTimer
DrawEdge

msvcrt

tan
tanh
sinh
fmod
exp
cosh
ceil
floorf
atan2f
powf
__CxxFrameHandler3
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__C_specific_handler
__getmainargs
_callnewh
_CxxThrowException
_vsnprintf
_finite
_clearfp
_strdup
setlocale
sscanf
iswalpha
iswspace
iswpunct
iswdigit
wcstombs
isalnum
atoi
tolower
isalpha
isdigit
atof
isxdigit
_fpclass
_isnan
isspace
atol
_ultoa
toupper
wcsncpy_s
_vscwprintf
_vsnwprintf_s
_errno
_wcsdup
_beginthreadex
wcscspn
wcsspn
memmove_s
wcstol
wcsncmp
tanf
_snwprintf_s
cosf
sinf
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
frexp
wcstombs_s
fgetwc
fwrite
ftell
fseek
fclose
fread
_wfopen_s
fputwc
mbtowc
strchr
strncmp
strcat_s
fgetc
wcsstr
memmove
wcstoul
towlower
_stricmp
qsort
time
rand
srand
swprintf_s
wcstod
_wcsnicmp
wcscat_s
wcschr
wcsrchr
?_set_new_mode@@YAHH@Z
?_set_new_handler@@YAP6AH_K@ZP6AH0@Z@Z
_wtoi
realloc
mbstowcs_s
_purecall
_wcsicmp
wcscpy_s
free
malloc
sscanf_s
memcpy
memset
sqrtf
atan2
atan
acos
asin
cos
sin
sqrt
log
pow
floor
memcmp
acosf

oleaut32

SysAllocString
VariantClear
SysFreeString
SysStringLen
VariantInit

ntdll

WinSqmIncrementDWORD
WinSqmAddToStream
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

ole32

CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemFree

shell32

ExtractIconW
ShellExecuteW
SHGetKnownFolderPath
SHSetLocalizedName
CommandLineToArgvW
SHGetFolderPathW
SHGetFolderPathEx
ShellAboutW

comctl32

ImageList_Add
ImageList_Create
ImageList_Destroy
InitCommonControlsEx

gdiplus

GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawImageRectI
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipCreateBitmapFromResource
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetTextRenderingHint
GdiplusShutdown
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesWrapMode
GdipCreateLineBrushFromRectI
GdipCreatePen1
GdipDeletePen
GdipSetPenDashStyle
GdipSetStringFormatHotkeyPrefix
GdipGetImageGraphicsContext
GdipGetDC
GdipReleaseDC
GdipDrawLineI
GdipDrawRectangle
GdipDrawRectangleI
GdipFillRectangleI
GdipFillRegion
GdipMeasureString
GdipDrawImagePointRectI
GdipSetClipRectI
GdipSetClipRegion
GdipCreateRegionHrgn
GdipDeleteRegion
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipLoadImageFromStream
GdipGetImageWidth
GdipGetImageHeight
GdipImageRotateFlip
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipSetStringFormatFlags
GdipDrawString
GdiplusStartup
GdipDrawImageRectRectI

dsound

ord11

winmm

mmioSetInfo
mmioCreateChunk
mmioSeek
mmioWrite
mmioGetInfo
mmioAdvance
mmioAscend
mmioRead
mmioDescend
mmioClose
mmioOpenW
timeGetTime

oleacc

LresultFromObject
CreateStdAccessibleObject

slc

SLGetWindowsInformationDWORD

dinput8

DirectInput8Create

usp10

ScriptItemize
ScriptBreak

shlwapi

PathFileExistsW

secur32

GetUserNameExW

xinput9_1_0

XInputGetState

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f10e4da994053bf80c20cee985b32e29

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 106KB

.ndata Size: - Virtual size: 84KB

.rsrc Size: 88KB - Virtual size: 88KB

274b99a815ba574d8c9e1712916d8b30

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 697B

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 362B

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 104B

.reloc Size: 1024B - Virtual size: 654B

ebc2d915841be8afc8fa1ee9f6850960

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 628B

00fbb766e808e50e691b3aeea88e7316

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 106KB

.ndata
Size: - Virtual size: 84KB

.rsrc
Size: 88KB - Virtual size: 88KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 697B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 362B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 654B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 628B

.text
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 40KB - Virtual size: 100KB

.pdata
Size: 36KB - Virtual size: 35KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 22KB - Virtual size: 21KB