e9a9427e3f34f2c914c0d20303583251eb81d0a030cb6cb09526443b733efdc7

Sharing

Copy URL

Twitter E-mail

General

Target

e9a9427e3f34f2c914c0d20303583251eb81d0a030cb6cb09526443b733efdc7
Size

520KB
MD5

398c0c0ac3c719e87635d422ab0a130c
SHA1

d6b3e4059e77d9f1bf7f2557d04d11fcf08ff3cc
SHA256

e9a9427e3f34f2c914c0d20303583251eb81d0a030cb6cb09526443b733efdc7
SHA512

46e6b8c38ec0de1852ae4ea99b9e2d14ede95911a4373cba9d8fd996895e6267e7d6efaa07b6752e7cee41bbcd86681009c8b27e80fcd8e929181889e092368f
SSDEEP

12288:QUh9ysdU3ZsXBLxLfwkkJz03Uq2cnw6DGpLOwrfrGRbvfCu6XodK:Ub6DILOgfrGl3P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e9a9427e3f34f2c914c0d20303583251eb81d0a030cb6cb09526443b733efdc7

Files

e9a9427e3f34f2c914c0d20303583251eb81d0a030cb6cb09526443b733efdc7
.exe windows:4 windows x86 arch:x86

cb99387be57e4a5083e98c3df7b08f3f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\flyff\basesource\BaseRev2.1\BaseRev2.1\Output\Certifier\Release\Certifier.pdb

Imports

odbc32

ord61
ord24
ord7
ord41
ord43
ord36
ord18
ord4
ord8
ord11
ord48
ord49
ord26
ord16
ord13
ord72
ord75
ord31
ord9

ws2_32

WSAGetLastError
connect
gethostbyname
inet_addr
gethostname
WSARecv
WSASetLastError
shutdown
getpeername
ntohs
bind
htonl
WSASocketA
htons
WSASend
WSACloseEvent
WSACreateEvent
WSAStartup
socket
WSACleanup
WSAResetEvent
WSAWaitForMultipleEvents
WSASetEvent
setsockopt
listen
WSAEventSelect
WSAAccept
WSAEnumNetworkEvents
closesocket

winmm

timeGetTime

kernel32

VirtualAlloc
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
CreateToolhelp32Snapshot
SetThreadPriority
VirtualFree
GetSystemInfo
GetOverlappedResult
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapCreate
GetLocalTime
Sleep
IsDBCSLeadByte
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcatA
GetModuleFileNameA
GetFileAttributesA
CreateFileA
lstrcpynA
GetFullPathNameA
GetCurrentThreadId
SetUnhandledExceptionFilter
SetErrorMode
Process32First
Process32Next
OpenProcess
GetExitCodeProcess
TerminateProcess
GetStringTypeExW
GetStringTypeExA
GetEnvironmentVariableW
GetEnvironmentVariableA
CompareStringW
CompareStringA
lstrcmpiW
lstrlenW
lstrcmpiA
GetVersion
GetLastError
MultiByteToWideChar
GetTickCount
CreateIoCompletionPort
WaitForSingleObject
WaitForMultipleObjects
GetQueuedCompletionStatus
GetCurrentProcessId
lstrlenA
OutputDebugStringA
lstrcpyA
lstrcmpA
PostQueuedCompletionStatus
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
CreateEventA
OpenEventA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
SetEvent
ConvertDefaultLocale
EnumResourceLanguagesA
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GlobalMemoryStatus
FileTimeToDosDateTime
GetCurrentThread
GetCPInfo
GetOEMCP
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetCurrentDirectoryA
RtlUnwind
GetSystemTimeAsFileTime
ExitProcess
GetTimeFormatA
GetDateFormatA
ExitThread
CreateThread
VirtualProtect
VirtualQuery
GetStartupInfoA
GetCommandLineA
SetStdHandle
InterlockedIncrement
SetEnvironmentVariableA
GetLocaleInfoW
SetConsoleCtrlHandler
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
IsBadCodePtr
IsBadReadPtr
GetDriveTypeA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
SetHandleCount
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
UnhandledExceptionFilter
IsBadWritePtr
GetTimeZoneInformation
GlobalFindAtomA
FatalAppExitA
HeapSize
LocalFree
FormatMessageA
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
MulDiv
CopyFileA
GlobalFree
SetLastError
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalAlloc
RaiseException
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SystemTimeToFileTime
ResumeThread
SuspendThread
FindClose
FindNextFileA
FindFirstFileA
MoveFileA
DeleteFileA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
GetVolumeInformationA
GetShortPathNameA
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
GetFileTime
GlobalFlags
GetModuleHandleA
lstrcmpW
GlobalDeleteAtom
GetFileType

user32

GetKeyState
IsWindowVisible
GetActiveWindow
CallNextHookEx
SetWindowsHookExA
GetClassNameA
SetWindowTextA
GetFocus
PtInRect
GetWindowRect
GetDlgCtrlID
GetWindow
ClientToScreen
SetFocus
SetScrollPos
GetScrollPos
CheckDlgButton
CheckRadioButton
GetDlgItem
GetDlgItemInt
GetDlgItemTextA
SendDlgItemMessageA
SetDlgItemInt
SetDlgItemTextA
IsDlgButtonChecked
IsDialogMessageA
SetWindowLongA
MoveWindow
ScrollWindowEx
LoadBitmapA
GetMenuCheckMarkDimensions
CheckMenuItem
EnableMenuItem
ModifyMenuA
SetMenuItemBitmaps
CopyRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
IntersectRect
OffsetRect
CallWindowProcA
SetWindowPlacement
RegisterClassA
GetClassInfoA
SetScrollInfo
GetScrollInfo
DeferWindowPos
EqualRect
ScreenToClient
AdjustWindowRectEx
GetDC
GetMenu
GetClientRect
ShowScrollBar
SetForegroundWindow
PeekMessageA
SetScrollRange
TrackPopupMenu
TrackPopupMenuEx
ScrollWindow
MapWindowPoints
GetMessagePos
GetMessageTime
GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
SetActiveWindow
GetForegroundWindow
IsChild
IsWindow
RemovePropA
GetPropA
SetPropA
GetClassInfoExA
GetClassLongA
GetCapture
WinHelpA
RegisterWindowMessageA
FillRect
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
GetWindowDC
InflateRect
GetMenuItemInfoA
DestroyMenu
SetCursor
ShowOwnedPopups
DeleteMenu
DestroyIcon
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamA
GetDialogBaseUnits
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassA
GetDesktopWindow
RemoveMenu
SendMessageA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetCursorPos
ValidateRect
GetWindowTextLengthA
GetWindowTextA
UnhookWindowsHookEx
GetScrollRange
GetSystemMetrics
wsprintfA
CharNextExA
MessageBoxA
CharNextA
InvalidateRect
CharUpperW
CharUpperA
CharLowerW
CharLowerA
GetMessageA
TranslateMessage
DispatchMessageA
CreateWindowExA
SetWindowPos
ShowWindow
UpdateWindow
SetTimer
LoadIconA
LoadCursorA
RegisterClassExA
BeginPaint
EndPaint
KillTimer
PostQuitMessage
DefWindowProcA
DestroyWindow
LoadStringA
GetSubMenu
PostMessageA

gdi32

LineTo
MoveToEx
SetTextAlign
SetTextJustification
SetMapMode
SetTextCharacterExtra
SetMapperFlags
SetStretchBltMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
GetObjectA
GetClipBox
GetDCOrgEx
GetTextMetricsA
DPtoLP
PatBlt
GetMapMode
OffsetClipRgn
SetRectRgn
CreateRectRgnIndirect
GetTextExtentPoint32A
CreateFontIndirectA
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
CreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
GetStockObject
CreateCompatibleDC
CreatePatternBrush
SetArcDirection
SetColorAdjustment
SelectClipRgn
IntersectClipRect
CombineRgn
CreateBitmap
CreateDCA
CopyMetaFileA
ExcludeClipRect
BitBlt
SelectObject
SetBkColor
DeleteObject
SetBkMode
SetTextColor
TextOutA
CreateFontA
GetClipRgn
CreateRectRgn
SelectClipPath
GetViewportExtEx
GetWindowExtEx
GetPixel
StartDocA
PtVisible
RectVisible
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
DeleteDC
CreateDIBPatternBrushPt
GetDeviceCaps

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegSetValueA
RegOpenKeyA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyA
GetUserNameA
RegQueryValueExA

neuzd

GetFaultReason
GetRegisterString
GetFirstStackTraceString
GetNextStackTraceString

comctl32

ord17

shlwapi

UrlUnescapeA
PathIsUNCA
PathFindFileNameA
PathFindExtensionA
PathRemoveExtensionA
PathStripToRootA

wininet

FtpSetCurrentDirectoryA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetFindNextFileA
HttpAddRequestHeadersA
InternetErrorDlg
FtpGetFileA
FtpPutFileA
FtpGetCurrentDirectoryA
FtpRemoveDirectoryA
FtpCreateDirectoryA
FtpRenameFileA
FtpDeleteFileA
InternetQueryDataAvailable
InternetGetCookieA
InternetSetCookieA
InternetSetOptionExA
InternetQueryOptionA
InternetCanonicalizeUrlA
HttpOpenRequestA
InternetOpenUrlA
InternetCrackUrlA
HttpQueryInfoA
InternetOpenA
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
InternetReadFile
HttpSendRequestA
HttpEndRequestA
HttpSendRequestExA
GopherGetAttributeA
FtpOpenFileA
FtpCommandA
GopherCreateLocatorA
GopherOpenFileA
InternetConnectA
FtpFindFirstFileA
GopherFindFirstFileA

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comdlg32

GetFileTitleA
GetOpenFileNameA
GetSaveFileNameA

shell32

ExtractIconA
SHGetFileInfoA

ole32

CoTaskMemAlloc
CreateBindCtx
CoTreatAsClass
StringFromCLSID
ReleaseStgMedium
CoDisconnectObject
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
ReadClassStg
OleDuplicateData
SetConvertStg
CoTaskMemFree
CoCreateInstance
StringFromGUID2
ReadFmtUserTypeStg
CLSIDFromString

oleaut32

SafeArrayGetElement
SafeArrayCopy
SysFreeString
VariantInit
VarBstrFromDate
VarBstrFromCy
VarCyFromStr
VarDecFromStr
VarBstrFromDec
VarDateFromStr
SysReAllocStringLen
SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SysStringLen
SysAllocStringByteLen
SysStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantClear
SafeArrayRedim
VariantChangeType
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayPtrOfIndex

mscoree

_CorExeMain

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 380KB - Virtual size: 378KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb99387be57e4a5083e98c3df7b08f3f

Headers

File Characteristics

PDB Paths

Imports

odbc32

ws2_32

winmm

kernel32

user32

gdi32

advapi32

neuzd

comctl32

shlwapi

wininet

oleacc

winspool.drv

comdlg32

shell32

ole32

oleaut32

mscoree

version

Sections

.text Size: 380KB - Virtual size: 378KB

.rdata Size: 116KB - Virtual size: 114KB

.data Size: 16KB - Virtual size: 92KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 380KB - Virtual size: 378KB

.rdata
Size: 116KB - Virtual size: 114KB

.data
Size: 16KB - Virtual size: 92KB

.rsrc
Size: 4KB - Virtual size: 1KB