fce926e1ca9b2cba27aff5aff6df915e7aa1f8c1764d86a165a12c0fe530fa61

Sharing

Copy URL Twitter E-mail

General

Target

fce926e1ca9b2cba27aff5aff6df915e7aa1f8c1764d86a165a12c0fe530fa61
Size

1.2MB
MD5

e4e3012cc30051fdff3cac4016a5d4f6
SHA1

003973e71bff5eedc2dd6404bf1d38a74a7af151
SHA256

fce926e1ca9b2cba27aff5aff6df915e7aa1f8c1764d86a165a12c0fe530fa61
SHA512

fa4726c08176649cb83689de14482bb718f42f78a97760a85fb4558d21b4c8159d68f6264844e1de1735a1bd390735827a72ff78a5955f314e606b0e38511f0e
SSDEEP

24576:puks11PG8ZZHZ/zTPcqQPNYw2yj3VsZmhTS/nsxtz6wygnFm25DNt:puksXPLJ/ZA32yZTke4wy0FmS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fce926e1ca9b2cba27aff5aff6df915e7aa1f8c1764d86a165a12c0fe530fa61

Files

fce926e1ca9b2cba27aff5aff6df915e7aa1f8c1764d86a165a12c0fe530fa61
.exe windows:6 windows x86 arch:x86

7075801ea0ab915f3d0e6cb495dc84a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\Cocos2dProject\Meng Huan Xi You\Dragon Ball\MHXY_Project\Release\MHXY_Debugger.pdb

Imports

kernel32

GetModuleFileNameA
WaitForSingleObject
CreateProcessA
FreeLibrary
DeviceIoControl
GetVersionExW
GetLastError
CreateFileA
CloseHandle
WriteProcessMemory
GetCurrentThread
LoadLibraryA
GetProcAddress
ReadProcessMemory
QueryPerformanceCounter
WaitForDebugEvent
ContinueDebugEvent
GetThreadContext
SetThreadContext
OpenThread
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
QueryPerformanceFrequency
UnhandledExceptionFilter

user32

MessageBeep
GetWindowRect
SetWindowPos
SendMessageW
MessageBoxA
EnableWindow
SystemParametersInfoW
GetDlgItem
LoadIconA
SetWindowTextA
GetWindowTextA
ShowWindow
EndDialog
DialogBoxParamA

msvcp140

??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_JD@Z

iphlpapi

GetAdaptersInfo

vcruntime140

_CxxThrowException
memmove
memcpy
memchr
__current_exception_context
__current_exception
strchr
strstr
strrchr
__std_terminate
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
_except_handler4_common
memset

api-ms-win-crt-stdio-l1-1-0

fputc
__stdio_common_vsscanf
fflush
fclose
_get_stream_buffer_pointers
_set_fmode
_fseeki64
fread
fsetpos
ungetc
__p__commode
setvbuf
__stdio_common_vsprintf
fgetc
fwrite
fgetpos
__stdio_common_vsprintf_s

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initterm_e
_beginthreadex
terminate
_initterm
_controlfp_s
_get_wide_winmain_command_line
_initialize_wide_environment
_c_exit
_configure_wide_argv
_errno
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_exit

api-ms-win-crt-string-l1-1-0

isdigit
iswalnum
toupper
strcat_s
isspace
strncmp
strcpy_s
isalnum
strncpy
isalpha
tolower
islower
isprint

api-ms-win-crt-convert-l1-1-0

_itoa

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
_callnewh
calloc
free

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-time-l1-1-0

_difftime64
_mktime64
_time64

api-ms-win-crt-filesystem-l1-1-0

remove
_lock_file
_findnext64i32
_findfirst64i32
rename
_findclose
_unlock_file

api-ms-win-crt-math-l1-1-0

_libm_sse2_sqrt_precise
_libm_sse2_pow_precise
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

msvcrt

strncpy

psapi

GetMappedFileNameW

advapi32

RegDeleteKeyA

shell32

SHGetFolderPathW

Sections

.text
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eafdgd
Size: 871KB - Virtual size: 872KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eafdgd
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7075801ea0ab915f3d0e6cb495dc84a6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcp140

iphlpapi

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

msvcrt

psapi

advapi32

shell32

Sections

.text Size: 232KB - Virtual size: 232KB

.eafdgd Size: 871KB - Virtual size: 872KB

.idata Size: 7KB - Virtual size: 8KB

.rsrc Size: 67KB - Virtual size: 68KB

.eafdgd Size: 4KB - Virtual size: 4KB

.text
Size: 232KB - Virtual size: 232KB

.eafdgd
Size: 871KB - Virtual size: 872KB

.idata
Size: 7KB - Virtual size: 8KB

.rsrc
Size: 67KB - Virtual size: 68KB

.eafdgd
Size: 4KB - Virtual size: 4KB