General

Malware Config

Signatures

Files

• netmarble_7dsgb_A_installer_80943.exe

  .exe windows:4 windows x86 arch:x86

  56a78d55f3f7af51443e58e0ce2fb5f6

  
  

  Code Sign

  0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-08-2022 00:00

  Not After

  09-11-2031 23:59

  Subject

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  23-03-2022 00:00

  Not After

  22-03-2037 23:59

  Subject

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  29-04-2021 00:00

  Not After

  28-04-2036 23:59

  Subject

  CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16

  Certificate

  Issuer

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Not Before

  14-07-2023 00:00

  Not After

  13-10-2034 23:59

  Subject

  CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  04:ed:20:67:b9:29:85:69:b9:61:ae:40:e3:95:45:89

  Certificate

  Issuer

  CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

  Not Before

  19-02-2024 00:00

  Not After

  18-02-2027 23:59

  Subject

  CN=Netmarble Corporation,O=Netmarble Corporation,L=Guro-gu,ST=Seoul,C=KR

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  21:ee:ea:79:2e:ec:56:29:95:df:29:c5:fa:42:de:ce:e0:1a:44:85

  Signer

  Actual PE Digest

  21:ee:ea:79:2e:ec:56:29:95:df:29:c5:fa:42:de:ce:e0:1a:44:85

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  advapi32

  RegCreateKeyExW

  RegEnumKeyW

  RegQueryValueExW

  RegSetValueExW

  RegCloseKey

  RegDeleteValueW

  RegDeleteKeyW

  AdjustTokenPrivileges

  LookupPrivilegeValueW

  OpenProcessToken

  SetFileSecurityW

  RegOpenKeyExW

  RegEnumValueW

  shell32

  SHGetSpecialFolderLocation

  SHFileOperationW

  SHBrowseForFolderW

  SHGetPathFromIDListW

  ShellExecuteExW

  SHGetFileInfoW

  ole32

  OleInitialize

  OleUninitialize

  CoCreateInstance

  IIDFromString

  CoTaskMemFree

  comctl32

  ord17

  ImageList_Create

  ImageList_Destroy

  ImageList_AddMasked

  user32

  GetClientRect

  EndPaint

  DrawTextW

  IsWindowEnabled

  DispatchMessageW

  wsprintfA

  CharNextA

  CharPrevW

  MessageBoxIndirectW

  GetDlgItemTextW

  SetDlgItemTextW

  GetSystemMetrics

  FillRect

  AppendMenuW

  TrackPopupMenu

  OpenClipboard

  SetClipboardData

  CloseClipboard

  IsWindowVisible

  CallWindowProcW

  GetMessagePos

  CheckDlgButton

  LoadCursorW

  SetCursor

  GetSysColor

  SetWindowPos

  GetWindowLongW

  PeekMessageW

  SetClassLongW

  GetSystemMenu

  EnableMenuItem

  GetWindowRect

  ScreenToClient

  EndDialog

  RegisterClassW

  SystemParametersInfoW

  CreateWindowExW

  GetClassInfoW

  DialogBoxParamW

  CharNextW

  ExitWindowsEx

  DestroyWindow

  CreateDialogParamW

  SetTimer

  SetWindowTextW

  PostQuitMessage

  SetForegroundWindow

  ShowWindow

  wsprintfW

  SendMessageTimeoutW

  FindWindowExW

  IsWindow

  GetDlgItem

  SetWindowLongW

  LoadImageW

  GetDC

  ReleaseDC

  EnableWindow

  InvalidateRect

  SendMessageW

  DefWindowProcW

  BeginPaint

  EmptyClipboard

  CreatePopupMenu

  gdi32

  SetBkMode

  SetBkColor

  GetDeviceCaps

  CreateFontIndirectW

  CreateBrushIndirect

  DeleteObject

  SetTextColor

  SelectObject

  kernel32

  GetExitCodeProcess

  WaitForSingleObject

  GetModuleHandleA

  GetProcAddress

  GetSystemDirectoryW

  lstrcatW

  Sleep

  lstrcpyA

  WriteFile

  GetTempFileNameW

  CreateFileW

  lstrcmpiA

  RemoveDirectoryW

  CreateProcessW

  CreateDirectoryW

  GetLastError

  CreateThread

  GlobalLock

  GlobalUnlock

  GetDiskFreeSpaceW

  WideCharToMultiByte

  lstrcpynW

  lstrlenW

  SetErrorMode

  GetVersionExW

  GetCommandLineW

  GetTempPathW

  GetWindowsDirectoryW

  SetEnvironmentVariableW

  CopyFileW

  ExitProcess

  GetCurrentProcess

  GetModuleFileNameW

  GetFileSize

  GetTickCount

  MulDiv

  SetFileAttributesW

  GetFileAttributesW

  SetCurrentDirectoryW

  MoveFileW

  GetFullPathNameW

  GetShortPathNameW

  SearchPathW

  CompareFileTime

  SetFileTime

  CloseHandle

  lstrcmpiW

  lstrcmpW

  ExpandEnvironmentStringsW

  GlobalFree

  GlobalAlloc

  GetModuleHandleW

  LoadLibraryExW

  MoveFileExW

  FreeLibrary

  WritePrivateProfileStringW

  GetPrivateProfileStringW

  lstrlenA

  MultiByteToWideChar

  ReadFile

  SetFilePointer

  FindClose

  FindNextFileW

  FindFirstFileW

  DeleteFileW

  Sections

  .text

  Size: 26KB - Virtual size: 26KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 5KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 1KB - Virtual size: 172KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .ndata

  Size: - Virtual size: 144KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 120KB - Virtual size: 119KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• $PLUGINSDIR/INetC.dll

  .dll windows:4 windows x86 arch:x86

  163fdad7b5f915e3a0ca7ad1d08b4ff8

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  kernel32

  lstrcpyW

  CreateThread

  LocalAlloc

  lstrcpynW

  SleepEx

  MulDiv

  GetModuleHandleW

  GetTickCount

  ReadFile

  CreateFileA

  CreateFileW

  GetFileSize

  lstrcmpiW

  lstrcatW

  LoadLibraryA

  lstrcmpW

  lstrlenA

  MultiByteToWideChar

  WriteFile

  lstrlenW

  CloseHandle

  GetLastError

  DeleteFileW

  GetProcAddress

  WideCharToMultiByte

  LocalFree

  TerminateThread

  GlobalAlloc

  GlobalFree

  SetFilePointer

  WaitForSingleObject

  user32

  wsprintfA

  FindWindowExW

  GetWindowLongW

  IsWindow

  CreateDialogParamW

  ShowWindow

  GetParent

  DispatchMessageW

  LoadIconW

  KillTimer

  PostMessageW

  IsDialogMessageW

  SetWindowPos

  SetWindowTextW

  GetMessageW

  SendDlgItemMessageW

  TranslateMessage

  EnableWindow

  RedrawWindow

  UpdateWindow

  GetWindowRect

  SendMessageW

  SetTimer

  SetWindowLongW

  wsprintfW

  SetDlgItemTextW

  GetDlgItem

  IsWindowVisible

  MessageBoxW

  GetClientRect

  DestroyWindow

  SystemParametersInfoW

  GetWindowTextW

  comctl32

  ord17

  wininet

  HttpSendRequestExW

  InternetErrorDlg

  InternetWriteFile

  HttpSendRequestW

  InternetSetFilePointer

  HttpAddRequestHeadersA

  FtpCreateDirectoryW

  InternetCrackUrlW

  FtpOpenFileW

  InternetSetOptionW

  InternetOpenW

  InternetGetLastResponseInfoW

  HttpEndRequestW

  InternetReadFile

  HttpAddRequestHeadersW

  HttpQueryInfoW

  InternetCloseHandle

  InternetConnectW

  InternetQueryOptionW

  HttpOpenRequestW

  Exports

  Exports

  get

  head

  post

  put

  Sections

  .text

  Size: 16KB - Virtual size: 15KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 21KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• $PLUGINSDIR/StdUtils.dll

  .dll windows:5 windows x86 arch:x86

  7b79709c0d5576549eb261e3410f95f8

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  msvcrt

  iswspace

  ??3@YAXPAX@Z

  _msize

  _wsetlocale

  _snprintf

  iswcntrl

  _beginthreadex

  time

  srand

  rand

  clock

  _getpid

  _wsplitpath

  iswgraph

  __wgetmainargs

  wcsncpy

  _wcsnicmp

  wcschr

  calloc

  free

  _wcsicmp

  _snwprintf

  swscanf

  abort

  ??2@YAPAXI@Z

  memset

  memcpy

  shlwapi

  ord176

  crypt32

  CryptProtectData

  CryptUnprotectData

  kernel32

  GlobalFree

  MultiByteToWideChar

  WideCharToMultiByte

  InterlockedExchange

  HeapValidate

  InterlockedDecrement

  InterlockedIncrement

  GetSystemTime

  OutputDebugStringA

  GetExitCodeProcess

  InitializeCriticalSection

  SystemTimeToFileTime

  TerminateThread

  WaitForSingleObject

  LocalFree

  GetFullPathNameW

  GetVersion

  GetFileAttributesW

  LoadLibraryW

  FreeLibrary

  CloseHandle

  lstrcpynW

  GlobalAlloc

  DeleteCriticalSection

  LeaveCriticalSection

  EnterCriticalSection

  GetTickCount

  Sleep

  VerSetConditionMask

  GetCurrentProcess

  GetModuleHandleW

  FatalAppExitW

  GetVersionExW

  TerminateProcess

  GetModuleFileNameW

  RaiseException

  VerifyVersionInfoW

  GetLastError

  GetProcAddress

  SetFilePointerEx

  WriteFile

  ReadFile

  CreateFileW

  GetFileSizeEx

  GetCommandLineW

  user32

  MsgWaitForMultipleObjects

  PeekMessageW

  DispatchMessageW

  wsprintfW

  DestroyWindow

  SetTimer

  UnregisterClassW

  KillTimer

  LoadStringW

  MessageBoxW

  GetWindowThreadProcessId

  AllowSetForegroundWindow

  CreateWindowExW

  RegisterClassW

  MessageBoxA

  advapi32

  RegOpenKeyExW

  RegCloseKey

  RegQueryValueExW

  shell32

  ShellExecuteExW

  SHFileOperationW

  ShellExecuteW

  ole32

  CoInitialize

  CoCreateInstance

  CoUninitialize

  oleaut32

  SysAllocString

  SysFreeString

  VariantInit

  VariantClear

  Exports

  Exports

  AppendToFile

  ExecShellAsUser

  ExecShellWaitEx

  FormatStr

  FormatStr2

  FormatStr3

  GetAllParameters

  GetDays

  GetDirectoryPart

  GetDrivePart

  GetExtensionPart

  GetFileNamePart

  GetHours

  GetLibVersion

  GetMinutes

  GetOsEdition

  GetOsReleaseId

  GetOsReleaseName

  GetParameter

  GetParentPath

  GetRealOsBuildNo

  GetRealOsName

  GetRealOsVersion

  HashFile

  HashText

  InvokeShellVerb

  NormalizePath

  ParameterCnt

  ParameterStr

  ProtectStr

  Rand

  RandBytes

  RandList

  RandMax

  RandMinMax

  RevStr

  SHFileCopy

  SHFileMove

  ScanStr

  ScanStr2

  ScanStr3

  SetVerboseMode

  SplitPath

  StrFromUtf8

  StrToUtf8

  TestParameter

  Time

  TimerCreate

  TimerDestroy

  TrimStr

  TrimStrLeft

  TrimStrRight

  UnprotectStr

  ValidDomainName

  ValidFileName

  ValidPathSpec

  VerifyRealOsBuildNo

  VerifyRealOsVersion

  WaitForProcEx

  Sections

  .text

  Size: 74KB - Virtual size: 74KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 17KB - Virtual size: 16KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 1KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• $PLUGINSDIR/nsExec.dll

  .dll windows:4 windows x86 arch:x86

  c1c7505e1e6e929ebb6b9100e55b050a

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  advapi32

  SetSecurityDescriptorDacl

  InitializeSecurityDescriptor

  IsTextUnicode

  user32

  wsprintfW

  CharNextExA

  SendMessageW

  FindWindowExW

  CharNextW

  CharPrevW

  kernel32

  CreatePipe

  DeleteFileW

  lstrcmpiW

  GetCommandLineW

  ExitProcess

  Sleep

  TerminateProcess

  GlobalReAlloc

  MultiByteToWideChar

  IsDBCSLeadByteEx

  ReadFile

  PeekNamedPipe

  GetExitCodeProcess

  WaitForSingleObject

  GetTickCount

  lstrcpyW

  CreateProcessW

  GetStartupInfoW

  CreateFileMappingW

  GetVersion

  GetCurrentProcess

  lstrcpynW

  lstrlenW

  lstrcatW

  CloseHandle

  UnmapViewOfFile

  MapViewOfFile

  GlobalFree

  CreateFileW

  CopyFileW

  GetTempFileNameW

  GlobalAlloc

  GetModuleFileNameW

  GetProcAddress

  GetModuleHandleA

  Exports

  Exports

  Exec

  ExecToLog

  ExecToStack

  Sections

  .text

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 512B - Virtual size: 420B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ