c93b4c4b80e77ef6c8ec2abefebbb955d5b73d5fdcf92dd923d0a5da0db533c2

Sharing

Copy URL

Twitter E-mail

General

Target

c93b4c4b80e77ef6c8ec2abefebbb955d5b73d5fdcf92dd923d0a5da0db533c2
Size

806KB
MD5

e1f1db3d417f2259489737caa5d4bb5b
SHA1

f646caf99f75f899028667b78ffda7f8d3b2738e
SHA256

c93b4c4b80e77ef6c8ec2abefebbb955d5b73d5fdcf92dd923d0a5da0db533c2
SHA512

7f899b9fcecd8d84115590f19668109c7d59382ec0a72ab1e2469a77d5ca4d650a8d1dc798fd61228d4faf397b44da6c363d3d86ad48c911e0c65e90fb59e878
SSDEEP

12288:vvFiRSb62Ny00kmvlLpcTC2kKMOvx39YYjbUobo7uuEk:vvoq68y0evlLp8hDx399EOo7d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c93b4c4b80e77ef6c8ec2abefebbb955d5b73d5fdcf92dd923d0a5da0db533c2

Files

c93b4c4b80e77ef6c8ec2abefebbb955d5b73d5fdcf92dd923d0a5da0db533c2
.exe windows:6 windows x64 arch:x64

3822d7ef2aad67df6fc3115559a05527

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\work\kygx2019\trunk\bin\RunGame64.pdb

Imports

kernel32

lstrcmpW
GetDriveTypeW
GetExitCodeProcess
GetPrivateProfileIntW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
GetVersionExW
SetLastError
GetCurrentThreadId
QueryDosDeviceW
GetFullPathNameW
GetCurrentProcess
RemoveDirectoryW
SetFileAttributesW
DeleteFileW
LoadLibraryW
CopyFileW
GlobalAlloc
GlobalFree
GlobalLock
GetFileSize
GlobalUnlock
WritePrivateProfileStringW
GetEnvironmentVariableW
GetCurrentThread
MoveFileExW
GetTempFileNameW
lstrlenW
SetFilePointer
GetLocalTime
DuplicateHandle
GetCurrentDirectoryW
SystemTimeToFileTime
GetFileType
DosDateTimeToFileTime
WriteConsoleW
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetCommandLineW
GetCommandLineA
GetStdHandle
ExitProcess
SetEnvironmentVariableW
GetModuleHandleExW
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
VirtualQuery
GetSystemInfo
RtlPcToFileHeader
WideCharToMultiByte
CloseHandle
lstrcatW
MultiByteToWideChar
GetLogicalDriveStringsW
CreateFileW
WaitForSingleObject
FindClose
GetModuleFileNameW
WriteFile
FindNextFileW
GetModuleHandleW
GetFileSizeEx
FindFirstFileW
ReadFile
CreateDirectoryW
DeleteTimerQueueTimer
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
LeaveCriticalSection
RtlUnwindEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
VirtualProtect
LoadLibraryExW
GetModuleHandleA
FreeLibraryAndExitThread
FreeLibrary
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
ChangeTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
GetCurrentProcessId
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
RtlUnwind
SetEvent
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
IsDebuggerPresent
LocalFree
GetProcAddress
CreateProcessW
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
QueryPerformanceCounter
EncodePointer
GetTickCount
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
InitializeCriticalSectionAndSpinCount
GetExitCodeThread
SwitchToThread
Sleep
WaitForSingleObjectEx
TryEnterCriticalSection
FormatMessageW
SetFilePointerEx
GetFileInformationByHandle
GetFileAttributesExW
FindFirstFileExW
EnterCriticalSection
HeapFree
CreateTimerQueueTimer

user32

ReleaseDC
IsIconic
BeginPaint
GetDC
GetWindowRect
GetWindow
GetWindowLongW
EndPaint
MessageBoxW
GetActiveWindow
PostMessageW
MoveWindow
GetClientRect
GetParent
DialogBoxParamW
EqualRect
UnregisterClassW
IntersectRect
DrawTextW
PtInRect
MonitorFromWindow
InvalidateRect
SetWindowLongPtrW
SetWindowRgn
EndDialog
CopyRect
SetWindowTextW
ShowWindow
GetMonitorInfoW
SetWindowPos
MapWindowPoints

gdi32

BitBlt
CreateCompatibleBitmap
CreateRoundRectRgn
SelectObject
CreateDIBSection
GetDIBColorTable
SetDIBColorTable
CreateCompatibleDC
StretchBlt
CreateFontW
DeleteDC
SetTextColor
SetBkMode
GetObjectW
DeleteObject

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegCloseKey

shell32

SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW

ole32

CreateStreamOnHGlobal
CoInitializeEx
CoUninitialize

oleaut32

VariantClear

shlwapi

PathAddBackslashW
PathFileExistsW
PathRemoveFileSpecW
PathAppendW
PathFindExtensionW
PathIsDirectoryW
PathFindFileNameW

gdiplus

GdipDisposeImage
GdipDrawImageI
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipBitmapUnlockBits
GdipGetImagePixelFormat
GdipDeleteGraphics
GdipCloneImage
GdipGetImageGraphicsContext
GdipBitmapLockBits
GdipFree
GdipAlloc
GdipGetImagePaletteSize
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipGetImagePalette
GdiplusStartup
GdiplusShutdown
GdipGetImageWidth

msimg32

AlphaBlend
TransparentBlt

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
NtClose
RtlCompareUnicodeString
NtOpenSymbolicLinkObject
RtlAllocateHeap
RtlFreeUnicodeString
RtlInitUnicodeString
NtSetInformationFile
NtQueryAttributesFile
NtOpenFile
NtOpenDirectoryObject
NtFsControlFile
RtlFreeHeap
NtCreateFile
RtlCreateUnicodeString
RtlCaptureContext

fltlib

FilterConnectCommunicationPort
FilterSendMessage

wininet

InternetCloseHandle
HttpSendRequestA
InternetConnectA
InternetOpenA
HttpOpenRequestA
InternetSetOptionA

Sections

.text
Size: 541KB - Virtual size: 540KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3822d7ef2aad67df6fc3115559a05527

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

msimg32

iphlpapi

version

ntdll

fltlib

wininet

Sections

.text Size: 541KB - Virtual size: 540KB

.rdata Size: 193KB - Virtual size: 193KB

.data Size: 14KB - Virtual size: 25KB

.pdata Size: 29KB - Virtual size: 29KB

.rsrc Size: 21KB - Virtual size: 20KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 541KB - Virtual size: 540KB

.rdata
Size: 193KB - Virtual size: 193KB

.data
Size: 14KB - Virtual size: 25KB

.pdata
Size: 29KB - Virtual size: 29KB

.rsrc
Size: 21KB - Virtual size: 20KB

.reloc
Size: 6KB - Virtual size: 5KB