f4ce2c7630374f885c41fe87e31a819f1ef97ee37fe68fc4142af63e6afa51ba

Sharing

Copy URL Twitter E-mail

General

Target

f4ce2c7630374f885c41fe87e31a819f1ef97ee37fe68fc4142af63e6afa51ba
Size

587KB
MD5

7934ca96cd08752c0ac26b8021c3f51b
SHA1

34fed42e9cd1c9e53d00d4c333888533b2fef1b6
SHA256

f4ce2c7630374f885c41fe87e31a819f1ef97ee37fe68fc4142af63e6afa51ba
SHA512

1294c9a00804958605e4a67e86277319ca9da0bc2bd0577978c2713ef2bf3227457c486e67fab35fedf05a69972b3c0fa6b0574ceaff89af35f3cf2a4d252f49
SSDEEP

12288:FeffOvXF5mVDXp+m+6KUg30ji5xoQt84Ez6pciZXmIkMyag5j+thQ:FenOvXF5mVDXp5oKCHEWFFT4+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f4ce2c7630374f885c41fe87e31a819f1ef97ee37fe68fc4142af63e6afa51ba

Files

f4ce2c7630374f885c41fe87e31a819f1ef97ee37fe68fc4142af63e6afa51ba
.exe windows:6 windows x64 arch:x64

c124c3318c2b4d34a658abc099edf3df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\assemblage\Builds\2535040833614242935tdrmjoziqc\Styunlen-s-Minecraft-Server-Status-GUI-master\九仞私服状态获取\assemblage_outdir_bin\九仞私服状态获取.pdb

Imports

kernel32

CreateMutexW
WaitForSingleObject
ReleaseMutex
MultiByteToWideChar
Sleep
FormatMessageW
GetLastError
OutputDebugStringW
CloseHandle
LoadLibraryW
GetProcAddress
LocalFree
FreeLibrary
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceW
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
InitializeSListHead
GetSystemTimeAsFileTime
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
RtlCaptureContext

user32

TranslateMessage
DispatchMessageW
ShowWindow
GetMessageW
MessageBoxW

ole32

OleUninitialize
OleInitialize

msvcp140

_Mtx_init
_Thrd_start
_Thrd_detach
_Mtx_destroy
_Cnd_init
_Mtx_unlock
?_Xbad_function_call@std@@YAXXZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?uncaught_exception@std@@YA_NXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
_Cnd_wait
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
_Cnd_destroy
_Cnd_do_broadcast_at_thread_exit
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_signal
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ

ws2_32

WSAGetLastError
freeaddrinfo
inet_ntop
recv
connect
socket
WSACleanup
send
WSAStartup
getaddrinfo
closesocket

vcruntime140

__vcrt_InitializeCriticalSectionEx
__C_specific_handler
memset
wcsrchr
_purecall
__std_exception_copy
__std_exception_destroy
memchr
memmove
_CxxThrowException
__CxxFrameHandler3
memcpy

api-ms-win-crt-string-l1-1-0

isdigit
_wcsicmp
wcsncpy_s
isalnum
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_seh_filter_exe
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
terminate
_c_exit
_crt_atexit
_errno
_register_onexit_function
_invalid_parameter_noinfo_noreturn
exit
_invalid_parameter_noinfo
_initialize_onexit_table
_cexit
_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
_set_fmode
fclose
__acrt_iob_func
_getcwd
__p__commode
__stdio_common_vfscanf
fopen_s
__stdio_common_vfprintf_s

api-ms-win-crt-filesystem-l1-1-0

_mkdir
_access

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
free
malloc

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 457KB - Virtual size: 457KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c124c3318c2b4d34a658abc099edf3df

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

msvcp140

ws2_32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 52KB - Virtual size: 52KB

.rdata Size: 457KB - Virtual size: 457KB

.data Size: 2KB - Virtual size: 7KB

.pdata Size: 5KB - Virtual size: 5KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 64B

.rsrc Size: 67KB - Virtual size: 66KB

.reloc Size: 512B - Virtual size: 500B

.text
Size: 52KB - Virtual size: 52KB

.rdata
Size: 457KB - Virtual size: 457KB

.data
Size: 2KB - Virtual size: 7KB

.pdata
Size: 5KB - Virtual size: 5KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 64B

.rsrc
Size: 67KB - Virtual size: 66KB

.reloc
Size: 512B - Virtual size: 500B