761041e4f29012c407f5fa5f598aa47c9c5eaa14736499f93e6d611b555506e2

Sharing

Copy URL

Twitter E-mail

General

Target

761041e4f29012c407f5fa5f598aa47c9c5eaa14736499f93e6d611b555506e2
Size

1.9MB
MD5

cbccaf839eb7c0dfddeca5ccc4626e54
SHA1

ead3d08a274c0c326ca6348bf79340fb8eb959c2
SHA256

761041e4f29012c407f5fa5f598aa47c9c5eaa14736499f93e6d611b555506e2
SHA512

3edc6cfcc93de363f6df4441c6e6e529d4235bc14d0a24798a363cd6f0f4c3b82749fd2d772c402c51f74b8120f4fa6c2acaf03b79c3e61a3454cd2fd8edfd53
SSDEEP

49152:64yfD+HoecwnpkgQSFlg+nT+QThsqEOriDTCizj:64yfNeCSF++JTDyTCi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
761041e4f29012c407f5fa5f598aa47c9c5eaa14736499f93e6d611b555506e2

Files

761041e4f29012c407f5fa5f598aa47c9c5eaa14736499f93e6d611b555506e2
.exe windows:5 windows x86 arch:x86

542b515bc4d45085cef992359f35a454

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\QQQQQQQQQ分段游戏包\trunk\bin\Win32\Release\gamestart\gamestart.pdb

Imports

wininet

InternetCheckConnectionW
GetUrlCacheEntryInfoW
InternetOpenW
InternetCrackUrlW
InternetOpenUrlW
DeleteUrlCacheEntryW
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetQueryDataAvailable
InternetSetOptionExW
InternetQueryOptionW
InternetCanonicalizeUrlW
InternetReadFile
InternetConnectW
HttpSendRequestW
HttpAddRequestHeadersW
HttpQueryInfoW
HttpOpenRequestW
InternetCloseHandle

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

GetModuleBaseNameW
EnumProcessModules
GetModuleFileNameExW
EnumProcesses

kernel32

GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
GetCurrentThreadId
OutputDebugStringA
GetVersionExA
GetCurrentProcessId
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
IsBadWritePtr
GetCurrentProcess
OpenProcess
TerminateProcess
GetShortPathNameW
ResumeThread
SetFileTime
FileTimeToSystemTime
SetEvent
CreateEventW
ExitThread
WaitForMultipleObjects
GetDriveTypeW
SetVolumeLabelW
MoveFileW
GetDiskFreeSpaceExW
ReleaseSemaphore
CreateSemaphoreW
SetLastError
FileTimeToLocalFileTime
GetThreadLocale
DuplicateHandle
GetVolumeInformationW
MulDiv
lstrcmpA
lstrlenA
lstrcmpW
InterlockedExchange
LockFileEx
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
GlobalDeleteAtom
GlobalAddAtomW
GetModuleHandleA
CompareStringW
GlobalFindAtomW
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetFileSizeEx
GetFileTime
SetErrorMode
GlobalFlags
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetConsoleCP
GetConsoleMode
GetFileType
SetStdHandle
RtlUnwind
VirtualProtect
VirtualAlloc
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
VirtualFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
CreateFileMappingW
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetEnvironmentVariableA
HeapSize
GetTempPathW
FlushFileBuffers
ReadFile
HeapValidate
HeapCreate
GetFileAttributesA
HeapDestroy
FormatMessageW
LoadLibraryW
FormatMessageA
GetProcessHeap
UnlockFileEx
OutputDebugStringW
WaitForSingleObjectEx
LockFile
FlushViewOfFile
UnlockFile
InterlockedCompareExchange
HeapFree
QueryPerformanceCounter
SystemTimeToFileTime
HeapAlloc
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
TryEnterCriticalSection
SetFilePointer
HeapCompact
CreateMutexW
GetFileSize
CreateFileA
HeapReAlloc
GetFullPathNameA
GetFullPathNameW
CreatePipe
GetStartupInfoW
GetExitCodeProcess
CreateProcessW
FindClose
FindFirstFileW
DeleteCriticalSection
lstrcmpiW
EnterCriticalSection
RaiseException
LeaveCriticalSection
LoadLibraryExW
FreeLibrary
FreeResource
GlobalUnlock
GlobalLock
CreateThread
GetPrivateProfileIntW
GetVersionExW
InitializeCriticalSection
WaitForSingleObject
InterlockedIncrement
GetCommandLineW
LoadLibraryA
InterlockedDecrement
LocalAlloc
GlobalFree
GlobalAlloc
WriteFile
GetModuleFileNameW
DeleteFileW
CloseHandle
CreateFileW
GetTickCount
LockResource
GetProcAddress
GetLastError
CreateDirectoryA
WritePrivateProfileStringW
lstrlenW
MultiByteToWideChar
SizeofResource
CopyFileW
Sleep
WideCharToMultiByte
GetPrivateProfileStringW
GetModuleHandleW
CreateDirectoryW
LoadResource
FindResourceW
SetFileAttributesW
GetFileAttributesW
GetSystemTimeAsFileTime
CreateFileMappingA
WriteConsoleA
GetDiskFreeSpaceW
CompareStringA

user32

RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetWindowTextW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetDlgCtrlID
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSysColor
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
RegisterClipboardFormatW
UnhookWindowsHookEx
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetWindowsHookExW
CallNextHookEx
TranslateMessage
DispatchMessageW
GetActiveWindow
GetKeyState
PeekMessageW
ValidateRect
GetWindow
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetLastActivePopup
IsWindowEnabled
MessageBoxW
GetMenuState
GetMenuItemID
GetMenuItemCount
CharUpperW
SetRectEmpty
SetCapture
SetFocus
CallWindowProcW
GetDesktopWindow
GetWindowThreadProcessId
TrackPopupMenu
GetSubMenu
DeleteMenu
LoadMenuW
SetMenuItemInfoW
MonitorFromWindow
GetMonitorInfoW
ScreenToClient
GetCursorPos
CharNextW
LoadIconW
CopyRect
UpdateLayeredWindow
GetSystemMetrics
SetCursor
SetTimer
LoadImageW
KillTimer
DestroyMenu
PostThreadMessageW
UnregisterClassW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
SetRect
LoadCursorW
PtInRect
IsRectEmpty
CopyAcceleratorTableW
GetSysColorBrush
SetWindowTextW
IsDialogMessageW
TabbedTextOutW
wsprintfW
InvalidateRect
IsWindowVisible
SendMessageW
EnableWindow
EndPaint
GetWindowRect
GetWindowDC
PostMessageW
GetParent
GetClientRect
BeginPaint
GetDC
RegisterClassExW
GetWindowLongW
CreateWindowExA
ReleaseDC
SetWindowLongW
SetWindowPos
ShowWindow
IsWindow
EqualRect
ReleaseCapture
DefWindowProcW
MoveWindow
GetMessageW

gdi32

SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetStockObject
ScaleViewportExtEx
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
ExtTextOutW
TextOutW
RectVisible
PtVisible
SetBkColor
RestoreDC
SaveDC
CreateBitmap
DeleteDC
SetViewportExtEx
OffsetViewportOrgEx
CreateDIBSection
GetDeviceCaps
BitBlt
SetViewportOrgEx
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
GetWindowExtEx
GetViewportExtEx
GetClipBox
SetMapMode
SetTextColor
Escape

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegDeleteValueW
RegQueryValueW
RegEnumKeyW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
InitializeSecurityDescriptor
RegOpenKeyW
RegQueryValueExW

shell32

ShellExecuteW
CommandLineToArgvW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
Shell_NotifyIconW
SHFileOperationW
ShellExecuteExW

comctl32

_TrackMouseEvent

shlwapi

UrlUnescapeW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathFindFileNameW
PathFileExistsW

ole32

StgOpenStorageOnILockBytes
CoGetClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemRealloc
CreateStreamOnHGlobal
CoTaskMemFree
CoInitialize
CoUninitialize
OleRun
OleDraw
CreateILockBytesOnHGlobal
OleCreate
OleSetContainedObject
CoCreateInstance
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
StgCreateDocfileOnILockBytes

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
OleCreateFontIndirect
SysAllocStringLen
SysStringLen
VarUI4FromStr
VariantChangeType
VariantInit
VariantClear
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString
GetErrorInfo

oledlg

OleUIBusyW

gdiplus

GdipCreatePath
GdipDeletePath
GdipGetFontSize
GdipAddPathString
GdipGetFamily
GdipGetFontStyle
GdipGetPathWorldBounds
GdipDrawRectangleI
GdipDeleteStringFormat
GdipCreatePen1
GdipCreateStringFormat
GdipFillRectangleI
GdipSetSolidFillColor
GdipCreateFontFamilyFromName
GdipDrawString
GdipCreateImageAttributes
GdipCreateFont
GdipDisposeImageAttributes
GdipFree
GdipAlloc
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipGetImageHeight
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageWidth
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipDrawImageRectRect
GdipDeleteBrush
GdipDeletePen
GdipCloneBrush
GdipSetImageAttributesColorMatrix
GdipSetTextRenderingHint
GdipDeleteFont
GdipSetImageAttributesWrapMode
GdipSetStringFormatAlign
GdipDeleteFontFamily
GdipCreateSolidFill

ws2_32

WSAStartup
connect
select
WSAGetLastError
htons
recv
socket
__WSAFDIsSet
closesocket
gethostbyname
send

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

netapi32

Netbios

snmpapi

SnmpUtilVarBindFree
SnmpUtilOidNCmp
SnmpUtilOidCpy

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 195KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 367KB - Virtual size: 366KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

542b515bc4d45085cef992359f35a454

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

version

psapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

ws2_32

iphlpapi

netapi32

snmpapi

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 195KB - Virtual size: 195KB

.data Size: 44KB - Virtual size: 62KB

.rsrc Size: 367KB - Virtual size: 366KB

.reloc Size: 72KB - Virtual size: 71KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 195KB - Virtual size: 195KB

.data
Size: 44KB - Virtual size: 62KB

.rsrc
Size: 367KB - Virtual size: 366KB

.reloc
Size: 72KB - Virtual size: 71KB