D2Game[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

D2Game.dll
Size

1.1MB
MD5

3d27210fd59df69ee4a4761a6fba80c9
SHA1

7cd209958ef3119cb404225f0d2eec76ae32a82d
SHA256

4ea97f79213289e85fd25caf2cace330194c8c93db269221fc71756943c75570
SHA512

b7ba123682c3642c9a37568fd65aa2d7dca007de3cf13eca23df3361f79fb2e7ddc5d73f9ba6b00591309c974d497a6c9f8a7d753fb72932348de2274124936f
SSDEEP

24576:rdoMePDYxJfe1TaINKVkoxWHnFcuPKB+rTAC:p2UAXKuk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
D2Game.dll

Files

D2Game.dll
.dll windows:4 windows x86 arch:x86

ce8d9efd47239c1674f06b80b001f1b8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\projects\diablo2\trunk\Diablo2\Builder\PDB\D2Game.pdb

Imports

kernel32

SetUnhandledExceptionFilter
SetEndOfFile
GetSystemInfo
VirtualProtect
GetCurrentProcessId
LoadLibraryA
FlushFileBuffers
SetStdHandle
CreateFileA
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetCPInfo
LCMapStringW
MultiByteToWideChar
LCMapStringA
SetFilePointer
IsBadWritePtr
VirtualAlloc
VirtualQuery
InterlockedExchange
RtlUnwind
UnhandledExceptionFilter
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
CloseHandle
WriteFile
ReadFile
TlsGetValue
TlsSetValue
TlsFree
GetLastError
SetLastError
TlsAlloc
HeapFree
HeapSize
HeapAlloc
HeapReAlloc
GetVersionExA
GetCommandLineA
GetCurrentThreadId
GetSystemTimeAsFileTime
GetCurrentProcess
TerminateProcess
GetModuleHandleA
GetProcAddress
ExitProcess
CompareFileTime
GetLocalTime
CreateThread
Sleep
InterlockedDecrement
InterlockedIncrement
QueryPerformanceFrequency
EnterCriticalSection
QueryPerformanceCounter
DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSection
IsBadCodePtr
GetTickCount
IsBadReadPtr

user32

PtInRect
CopyRect
wsprintfA

winmm

timeGetTime

storm

ord571
ord494
ord405
ord423
ord501
ord491
ord506
ord509
ord403
ord401

fog

ord10130
ord10029
ord10129
ord10115
ord10213
ord10142
ord10042
ord10229
ord10143
ord10230
gdwInvBitMasks
ord10043
ord10055
ord10118
ord10120
ord10119
ord10127
ord10128
ord10126
ord10046
ord10030
ord10137
ord10086
ord10050
ord10045
ord10265
ord10024
gdwBitMasks
ord10252
ord10147

d2net

ord10028
ord10014
ord10031
ord10018
ord10026
ord10025
ord10019
ord10016
ord10012
ord10021
ord10037

d2common

ord10134
ord10743
ord10452
ord10356
ord10877
ord10394
ord10773
ord10520
ord10659
ord10063
ord10995
ord10525
ord10544
ord11094
ord10233
ord10608
ord11066
ord10455
ord10003
ord10980
ord10562
ord10578
ord10660
ord11031
ord10919
ord10904
ord10272
ord10161
ord10287
ord10083
ord10509
ord10599
ord10340
ord10179
ord10407
ord10991
ord11080
ITEMSReadInfoFromStreamVersioned
ord10413
ord10805
ord10352
ord10766
ord10924
ord10064
ord10699
ord10477
ord10419
ord10446
ord11130
ord10505
ord11164
ord10710
ord10759
ord10382
ord10444
ord10880
ord10164
ord11136
ord10536
ord10079
ord10702
ord10642
ord11118
ord10362
ord10504
ord10009
ord11114
ord10042
ord11038
ord10369
ord11039
ord10359
ord10146
ord10701
ord11111
ord10024
ord11131
ord10168
ord10261
ord10677
ord10639
ord10939
ord10266
ord10231
ord10417
ord10532
ord10811
ord10784
ord10220
ord10592
ord11117
ord10909
ord10764
ord10343
ord10426
ord10603
ord10090
ord11165
ord11162
ord10102
ord10128
ord10224
ord10038
ord10598
ord10270
ord11141
ord10061
ord10932
ord11125
ord10610
ord11050
ord10278
ord10675
ord10752
ord10740
ord10756
ord10579
ord10218
ord10258
ord11144
ord11046
ord10965
ord10748
ord10116
ord10100
ord10318
ord10381
ord10324
ord10630
ord10501
ord10719
ord10363
ord10807
ord10640
ord10668
ord10989
ord10197
ord10026
ord10291
ord10082
ord10243
ord10569
ord10427
ord10499
ord10485
ord10574
ord10949
ord10645
ord10216
ord10308
sgptDataTables
ord10550
ord10943
ord10590
ord10229
ord11171
ord10084
ord10030
ord10409
ord10573
ord10175
ord10129
ord10267
ord10465
ord10162
ord10539
ord10846
ord10706
ord10125
ord10961
ord10385
ord10669
ord10236
ord10058
ord10818
ord10181
ord10018
ord11013
ord10708
ord10087
ord10984
ord11040
ord10387
ord10538
ord10986
ord11029
ord10852
ord10994
ord10092
ord10429
ord11166
ord10353
ord10172
ord10808
ord10298
ord10627
ord10601
ord10978
ord10254
ord10130
ord10101
ord10733
ord10937
ord10443
ord10327
ord10691
ord10395
ord10450
ord10817
ord10207
ord10156
ord10897
ord10864
ord10094
ord10680
ord10971
ord10967
ord10368
ord10191
ord10193
ord11168
ord10328
ord10219
ord10867
ord10300
ord10067
ord11049
ord10518
ord10803
ord10017
ord10184
ord10033
ord10810
ord10367
ord10881
ord10750
ord10822
ord10755
ord10678
ord10334
ord10861
ord11035
ord10907
ord10388
ord10121
ord10319
ord10780
ord11103
ord10040
ord10632
ord10879
ord11009
ord10910
ord10647
ord10277
ord10007
ord10271
ord10892
ord11064
ord10988
ord10938
ord10812
ord10739
ord10225
ord10159
ord10845
ord10972
ord10155
ord10022
ord10476
ord11061
ord10126
ord10724
ord10001
ord11093
ord10297
ord10950
ord10075
ord11122
ord10604
ord10911
ord10059
ord10458
ord10806
ord10006
ord10549
ord10727
ord10401
ord10120
ord11043
ord10665
ord10008
ord10543
ord10779
ord10749
ord10843
ord10360
ord10854
ord11026
ord10747
ord11120
ord10715
ord10882
ord10378
ord11159
ord10992
ord10174
ord10242
ord10876
ord10730
ord10149
ord10039
ord10581
ord10609
ord10716
ord11090
ord11075
ord10373
ord11070
ord11034
ord10263
ord10136
ord11025
ord10314
ord10976
ord11123
ord10886
ord10802
ord10217
ord10430
ord10869
ord10894
ord10834
ord10560
ord10453
ord11099
ord10519
ord10000
ord11097
ord10055
ord10850
ord10438
ord10185
ord10511
ord10347
ord10490
ord10449
ord10028
ord10523
ord10089
ord10166
ord10959
ord10448
ord10412
ord11151
ord10623
ord10154
ord10498
ord10633
ord10683
ord10195
ord11023
ord10459
ord10457
ord11081
ord10862
ord10908
ord10648
ord11054
ord10240
ord10728
ord10998
ord10433
ord10529
ord10776
ord10662
ord10760
ord10399
ord11108
ord10357
ord10997
ord10942
ord10481
ord10809
ord11126
ord10046
ord10439
ord11154
ord10694
ord11137
ord10833
ord10593
ord10933
ord10317
ord10255
ord10440
ord11152
ord10190
ord10323
ord11077
ord10793
ord10194
ord10180
ord10559
ord10463
ord10555
ord10142
ord10527
ord10842
ord10926
ord10139
ord10280
ord10625
ord11142
ord10565
ord10859
ord10899
ord10521
ord10595
ord10025
ord10315
ord11059
ord10788
ord10027
ord11155
ord11082
ord10366
ord10686
ord11056
ord10513
ord10152
ord11098
ord10561
ord10679
ord10875
ord10953
ord10349
ord10331
ord10474
ord10325
ord10335
ord10622
ord10801
ord10259
ord10636
ord10421
ord10889
ord10865
ord10410
ord10588
ord10545
ord10732
ord10091
ord10778
ord10866
ord10564
ord11121
ord11006
ord10354
ord10540
ord10305
ord10936
ord11055
ord10326
ord10966
ord10502
ord10816
ord10286
ord10568
ord11127
ord10804
ord10548
ord11102
ord10947
ord10088
ord10934
ord10800
ord10785
ord10106
ord10436
ord10500
ord11088
ord11045
ord11022
ord10757
ord10898
ord10983
ord10228
ord10425
ord10922
ord10171
ord10143
ord10737
ord10533
ord10619
ord10948
ord10351
ord10514
ord10613
ord10372

d2cmp

ord10022

d2lang

ord10004
?unicode2Win@Unicode@@SIPADPADPBU1@H@Z

Sections

.text
Size: 988KB - Virtual size: 986KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce8d9efd47239c1674f06b80b001f1b8

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

winmm

storm

fog

d2net

d2common

d2cmp

d2lang

Sections

.text Size: 988KB - Virtual size: 986KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 68KB - Virtual size: 112KB

.reloc Size: 24KB - Virtual size: 23KB

.text
Size: 988KB - Virtual size: 986KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 68KB - Virtual size: 112KB

.reloc
Size: 24KB - Virtual size: 23KB