7c45aed91f68423dde73a8429bf55f99dcf76d5b37d31dea641d65243ce5ee22

Sharing

Copy URL

Twitter E-mail

General

Target

7c45aed91f68423dde73a8429bf55f99dcf76d5b37d31dea641d65243ce5ee22
Size

8.2MB
MD5

ab9cd41dde0f0daa6bdd5ba063df7342
SHA1

83af4c629e76b5bae1b3625f637566c1cdb9374e
SHA256

7c45aed91f68423dde73a8429bf55f99dcf76d5b37d31dea641d65243ce5ee22
SHA512

1283b19cef6bd3c8044fc07736f861d4c84294714e78b3f2123d72833bf0c7f55c6a83b432a6ed7ada11c152ad4eb7e21ba113294aa774df83fb73ca9c0babc6
SSDEEP

196608:jb6xIqK2xRuKEsKHZBDDfdewsRDWh/YA:jb89AsSPDfdewQi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7c45aed91f68423dde73a8429bf55f99dcf76d5b37d31dea641d65243ce5ee22

Files

7c45aed91f68423dde73a8429bf55f99dcf76d5b37d31dea641d65243ce5ee22
.exe windows:5 windows x86 arch:x86

a9d65fbd7643679ea2ca05761dea87e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\china\2200\Client\Release_China\Client.pdb

Imports

d3d9

Direct3DCreate9

winmm

timeGetTime

dinput8

DirectInput8Create

imm32

ImmNotifyIME
ImmGetContext
ImmReleaseContext
ImmSetOpenStatus
ImmSetCompositionFontA
ImmSetCompositionWindow
ImmGetCompositionStringA
ImmGetCandidateListA
ImmGetOpenStatus
ImmGetProperty
ImmSetCandidateWindow
ImmGetCandidateWindow
ImmIsIME
ImmGetDefaultIMEWnd
ImmSetConversionStatus
ImmGetConversionStatus
ImmSetCompositionStringW
ImmGetCompositionWindow

ws2_32

WSAEventSelect
shutdown
WSAGetLastError
WSASend
closesocket
WSACloseEvent
WSARecv
recvfrom
WSAAsyncGetHostByName
WSAAsyncGetHostByAddr
WSAAsyncSelect
getsockname
gethostbyaddr
getsockopt
sendto
WSACreateEvent
select
accept
listen
htonl
setsockopt
ntohs
ioctlsocket
recv
send
WSAStartup
gethostname
WSACleanup
inet_addr
htons
gethostbyname
inet_ntoa
socket
WSASetLastError
bind
connect
WSAEnumNetworkEvents

ijl11

ord5
ord2
ord3

dsetup

ord11

ddraw

DirectDrawCreateEx

wininet

HttpQueryInfoA
InternetReadFileExA
HttpEndRequestA
HttpSendRequestExA
HttpOpenRequestA
FtpPutFileA
InternetCrackUrlA
HttpSendRequestA
InternetCloseHandle
InternetReadFile
InternetOpenA
InternetSetStatusCallback
InternetConnectA

kilos

?OAL_sample_status@@YGHPAU__SAMPLE_OAL@@@Z
?OAL_allocate_sample_handle@@YGPAU__SAMPLE_OAL@@PAU_OPENAL_DIG_DRIVER@@@Z
?OAL_file_read@@YGPAXPBDPAX@Z
?OAL_release_sample_handle@@YGXPAU__SAMPLE_OAL@@@Z
?OAL_mem_free_lock@@YGXPAX@Z
?OAL_close_stream@@YGXPAU__STREAM_OAL@@@Z
?OAL_start_stream@@YGXPAU__STREAM_OAL@@@Z
?OAL_open_stream@@YGPAU__STREAM_OAL@@PAU_OPENAL_DIG_DRIVER@@PBDH@Z
?OAL_stream_status@@YGHPAU__STREAM_OAL@@@Z
?OAL_set_sample_volume_levels@@YGXPAU__SAMPLE_OAL@@MM@Z
?OAL_open_digital_driver@@YGPAU_OPENAL_DIG_DRIVER@@KHHI@Z
?OAL_startup@@YGXH@Z
?OAL_shutdown@@YGXXZ
?OAL_close_digital_driver@@YGXPAU_OPENAL_DIG_DRIVER@@@Z
?OAL_set_stream_loop_count@@YGXPAU__STREAM_OAL@@H@Z
?OAL_start_sample@@YGXPAU__SAMPLE_OAL@@@Z
?OAL_set_sample_file@@YGHPAU__SAMPLE_OAL@@PBXH@Z

kernel32

IsValidCodePage
GetOEMCP
GetACP
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
HeapSize
GetFileType
GetCommandLineA
GetModuleHandleW
HeapReAlloc
ExitThread
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateTimerQueueTimer
DeleteTimerQueueTimer
CreateTimerQueue
MoveFileA
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryW
OutputDebugStringW
lstrlenA
GetTickCount
CloseHandle
SetFilePointer
ReadFile
CreateFileA
WriteFile
GetLocalTime
Sleep
GetFileSize
QueryPerformanceCounter
QueryPerformanceFrequency
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcatA
GetModuleFileNameA
GetFileAttributesA
lstrcpyA
DeviceIoControl
LocalFree
GetCurrentProcess
GetLastError
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
CreateDirectoryA
FindClose
FindFirstFileA
Process32Next
Process32First
CreateToolhelp32Snapshot
PeekNamedPipe
VerSetConditionMask
GetVersionExA
TerminateProcess
DeleteFileA
GetCurrentProcessId
GetCurrentThreadId
FindNextFileA
CopyFileA
SetUnhandledExceptionFilter
RemoveDirectoryA
GetCurrentDirectoryA
GlobalMemoryStatus
LeaveCriticalSection
EnterCriticalSection
SetThreadPriority
CreateThread
InitializeCriticalSection
TerminateThread
GetExitCodeThread
OutputDebugStringA
UnmapViewOfFile
GetSystemInfo
MapViewOfFile
CreateFileMappingA
HeapCreate
DeleteCriticalSection
GetModuleHandleA
_lread
_lclose
_lopen
_llseek
CreateFileW
GetVolumeInformationW
GetDriveTypeW
FindNextFileW
FindFirstFileW
FormatMessageA
IsBadWritePtr
IsBadReadPtr
IsDBCSLeadByteEx
GlobalMemoryStatusEx
SystemTimeToFileTime
InterlockedDecrement
InterlockedIncrement
lstrlenW
IsWow64Process
GetEnvironmentVariableA
GetTempFileNameA
GetTempPathA
IsProcessorFeaturePresent
GetProfileIntA
DebugBreak
FatalAppExitA
LockResource
LoadResource
SizeofResource
FindResourceA
FindResourceW
VirtualFree
VirtualAlloc
IsDebuggerPresent
InterlockedCompareExchange
GetFullPathNameA
lstrcmpiA
HeapAlloc
GetProcessHeap
HeapFree
SwitchToThread
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
TlsGetValue
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
SetLastError
GlobalAlloc
GlobalLock
GlobalUnlock
ExitProcess
DecodePointer
EncodePointer
TlsAlloc
TlsSetValue
TlsFree
SetHandleCount
GetStdHandle
GetCurrentDirectoryW
SetCurrentDirectoryW
SetConsoleCtrlHandler
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
VirtualQuery
CreatePipe
GetExitCodeProcess
CompareStringW
WriteConsoleW
SetEndOfFile
GetThreadPriority
SetEnvironmentVariableA
SignalObjectAndWait
SleepEx
HeapSetInformation
GetStartupInfoW
GetTimeFormatA
GetDateFormatA
CreateProcessA
DuplicateHandle
HeapDestroy
GetLocaleInfoW
ReleaseSemaphore
GetFileInformationByHandle
SetThreadAffinityMask
VirtualProtect
GetProcessAffinityMask
InitializeSListHead
InterlockedPushEntrySList
QueryDepthSList
CreateSemaphoreW
SetEvent
InterlockedPopEntrySList
InterlockedFlushSList
WaitForMultipleObjects
CreateEventW
WaitForSingleObject
SetCurrentDirectoryA
GetVersionExW
LCMapStringW
GetCPInfo
UnhandledExceptionFilter
VerifyVersionInfoA
InterlockedExchange

user32

AdjustWindowRectEx
SetWindowPos
ClipCursor
OffsetRect
IntersectRect
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
EnumWindows
SystemParametersInfoA
SetFocus
ShowCursor
GetClassNameA
GetWindowTextA
EndDialog
PtInRect
SetCursor
GetMenu
GetKeyboardLayout
LoadCursorA
RegisterClassA
GetCaretPos
ClientToScreen
SetForegroundWindow
CreateWindowExA
SetWindowLongA
ShowWindow
DrawTextA
PostQuitMessage
DestroyMenu
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
CharLowerA
wsprintfA
ChangeDisplaySettingsA
AdjustWindowRect
SetActiveWindow
LoadIconA
GetKeyState
SendMessageA
DefWindowProcA
DestroyWindow
GetAsyncKeyState
PostMessageA
SetCursorPos
GetCursorPos
GetClientRect
ScreenToClient
GetIconInfo
GetActiveWindow
GetDC
ReleaseDC
SetRect
MessageBoxA
MoveWindow
keybd_event
GetKeyboardState
LoadStringA
GetClassInfoA
CopyRect
SetRectEmpty
UnregisterClassA
EndPaint
BeginPaint
RemovePropA
UnionRect
FillRect
EnumDisplaySettingsA
GetWindowRgn
GetCursor
DrawIcon
GetLastActivePopup
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
MessageBoxW
InvalidateRect
GetPropA
GetWindowLongA
SetPropA

gdi32

TextOutA
Rectangle
CreateDIBitmap
BitBlt
CreateDIBSection
SelectClipRgn
OffsetRgn
CreateRectRgn
CreateSolidBrush
RemoveFontResourceA
GetObjectW
GetCharacterPlacementA
GetCharacterPlacementW
GetTextMetricsA
GetTextMetricsW
GetFontLanguageInfo
CreateFontIndirectA
CreateFontIndirectW
MoveToEx
ExtTextOutW
GetClipBox
GetDCOrgEx
CreateFontA
GetStockObject
GetObjectA
CreateCompatibleDC
GetDIBits
SelectObject
SetBkMode
SetTextColor
SetBkColor
SetTextAlign
DeleteDC
ExtTextOutA
DeleteObject
SetMapMode
GetTextExtentPoint32A

comdlg32

GetOpenFileNameA

advapi32

RegSetValueExA
GetTokenInformation
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyExA
OpenProcessToken
ConvertSidToStringSidA

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CLSIDFromString

oleaut32

VariantChangeType
CreateErrorInfo
GetErrorInfo
SysFreeString
SysAllocString
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
VariantClear
SetErrorInfo

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreate

shlwapi

SHGetValueA

Sections

.text
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 118KB - Virtual size: 62.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

@na�u�
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a9d65fbd7643679ea2ca05761dea87e3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d9

winmm

dinput8

imm32

ws2_32

ijl11

dsetup

ddraw

wininet

kilos

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

rpcrt4

shlwapi

Sections

.text Size: 6.9MB - Virtual size: 6.9MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 118KB - Virtual size: 62.3MB

.rsrc Size: 80KB - Virtual size: 80KB

@na�u� Size: 16KB - Virtual size: 20KB

.text
Size: 6.9MB - Virtual size: 6.9MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 118KB - Virtual size: 62.3MB

.rsrc
Size: 80KB - Virtual size: 80KB

@na�u�
Size: 16KB - Virtual size: 20KB