4aaf2379baad364bbb0ffe840444d1af9ae898f539b74c07f19966db208cbfa7

Sharing

Copy URL Twitter E-mail

General

Target

4aaf2379baad364bbb0ffe840444d1af9ae898f539b74c07f19966db208cbfa7
Size

4.6MB
MD5

509d9714db9b837bc10b67181522e388
SHA1

be1770ba454c7d7cd9b7a00190b361e4891b6cd9
SHA256

4aaf2379baad364bbb0ffe840444d1af9ae898f539b74c07f19966db208cbfa7
SHA512

6ec755af91002188cfddb9c589cac5ca6d87fc0ce3dd5f83e9a0f9f481f6a60e2eddf0b3e43dbd41b9033246e721eaff7422c737b27d4aa34e69303d193d7b19
SSDEEP

98304:wT/R2qAxSrumJDYvrjZ3Ou9F5qpvVW4DIYrg7yOzOJ9/C:wD03SruWDSv8u9Ovg6IYcgJ5C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4aaf2379baad364bbb0ffe840444d1af9ae898f539b74c07f19966db208cbfa7

Files

4aaf2379baad364bbb0ffe840444d1af9ae898f539b74c07f19966db208cbfa7
.exe windows:5 windows x86 arch:x86

4bc6b0c3461cb3cd37c732fe702d9321

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\源码大全\GameServer1.93GS\GameServer\GameServer___Win32_JPN\GameServer.pdb

Imports

ws2_32

WSAAsyncSelect
listen
closesocket
WSAGetLastError
bind
htons
htonl
setsockopt
inet_ntoa
accept
send
WSAStartup
WSACleanup
shutdown
gethostbyname
gethostname
inet_addr
socket
sendto
recvfrom
WSASocketA
WSARecv
WSAAccept
WSASend
connect
recv
WSASendTo
ntohl

odbc32

ord31
ord9
ord24
ord41
ord72
ord48
ord49
ord43
ord26
ord16
ord13
ord11
ord20
ord18
ord4
ord8
ord36
ord7
ord75

mumsg

??0CMsg@@QAE@XZ
??1CMsg@@QAE@XZ

kernel32

SetErrorMode
SetUnhandledExceptionFilter
GetCurrentThreadId
GetCurrentProcessId
VirtualQueryEx
GetModuleFileNameA
GetCurrentProcess
GetCurrentThread
GetThreadContext
CreateDirectoryA
GlobalFree
GetProcessHeap
HeapAlloc
HeapFree
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
GetSystemInfo
CreateIoCompletionPort
PostQueuedCompletionStatus
FormatMessageA
TerminateThread
OpenFile
_lclose
GetLastError
DeleteTimerQueueTimer
CreateTimerQueueTimer
DeleteTimerQueue
CreateTimerQueue
WaitForSingleObject
CreateThread
OutputDebugStringA
GetFileSize
CloseHandle
ReadFile
FindNextFileA
GetTickCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
Sleep
InterlockedIncrement
lstrcpyA
GlobalAlloc
GlobalLock
GlobalUnlock
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetLocalTime
FindFirstFileA
GetPrivateProfileStringA
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceW
MultiByteToWideChar
ExitProcess
GetPrivateProfileIntA
LoadLibraryA
InterlockedExchange
InterlockedDecrement
InterlockedExchangeAdd
CreateFileA
GetProcAddress
FreeLibrary
WriteFile
lstrlenA
MulDiv
lstrlenW
LocalFree
GlobalSize
CopyFileA
SetLastError
GetModuleHandleA
CompareStringA
GetModuleHandleW
GetModuleFileNameW
DeactivateActCtx
CreateActCtxW
ReleaseActCtx
ActivateActCtx
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalGetAtomNameA
GetAtomNameA
lstrcmpA
GetThreadLocale
SystemTimeToFileTime
GetStringTypeExA
lstrcmpiA
DeleteFileA
MoveFileA
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
FindClose
GetVolumeInformationA
GetFullPathNameA
GetShortPathNameA
GetFileAttributesExA
SetFileAttributesA
LocalFileTimeToFileTime
SetFileTime
GetFileAttributesA
GetFileSizeEx
GlobalAddAtomA
GlobalFlags
SetThreadPriority
ResumeThread
SetEvent
SuspendThread
CreateEventA
GetLocaleInfoA
GetSystemDefaultUILanguage
ConvertDefaultLocale
GetUserDefaultUILanguage
GlobalDeleteAtom
lstrcmpW
LoadLibraryW
GetVersionExA
GlobalFindAtomA
FreeResource
FindResourceA
GetACP
GetCurrentDirectoryA
WritePrivateProfileStringA
GetCPInfo
GetOEMCP
GetWindowsDirectoryA
GetNumberFormatA
GetTempFileNameA
GetTempPathA
GetProfileIntA
SearchPathA
VirtualProtect
GetUserDefaultLCID
ReplaceFileA
GetDiskFreeSpaceA
FindResourceExW
LocalUnlock
LocalLock
RtlUnwind
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
RaiseException
ExitThread
GetCommandLineA
HeapSetInformation
GetStartupInfoW
VirtualAlloc
VirtualQuery
HeapReAlloc
SetStdHandle
GetFileType
HeapQueryInformation
HeapSize
IsProcessorFeaturePresent
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
SetHandleCount
GetStdHandle
HeapCreate
HeapDestroy
FatalAppExitA
SetConsoleCtrlHandler
GetLocaleInfoW
IsValidCodePage
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetStringTypeW
LCMapStringW
CompareStringW
EnumSystemLocalesA
IsValidLocale
GetExitCodeProcess
CreateProcessA
WriteConsoleW
SetEnvironmentVariableA
CreateFileW

user32

GetPropA
SetPropA
GetClassLongA
GetCapture
IsChild
WinHelpA
LoadIconW
RegisterWindowMessageA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
GetWindowDC
BeginPaint
EndPaint
GetNextDlgTabItem
CreateDialogIndirectParamA
SetRectEmpty
SystemParametersInfoA
EnumDisplayMonitors
SetLayeredWindowAttributes
LoadCursorW
SetCursor
ShowOwnedPopups
DeleteMenu
InvalidateRect
InflateRect
GetMenuItemInfoA
DestroyMenu
IntersectRect
RedrawWindow
GetMenuDefaultItem
CreatePopupMenu
IsRectEmpty
MapVirtualKeyA
SetCapture
GetAsyncKeyState
ReleaseCapture
InvertRect
DrawFocusRect
HideCaret
EnableScrollBar
NotifyWinEvent
MessageBeep
OffsetRect
GetIconInfo
CopyImage
LoadImageA
GetNextDlgGroupItem
DrawIconEx
GetDialogBaseUnits
IsZoomed
SetWindowRgn
SetParent
DestroyAcceleratorTable
WindowFromPoint
LoadMenuW
GetSystemMenu
DrawStateA
DrawEdge
DrawFrameControl
CopyAcceleratorTableA
RemovePropA
AdjustWindowRectEx
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableA
SetCursorPos
BringWindowToTop
LockWindowUpdate
GetKeyNameTextA
LoadImageW
IsCharLowerA
MapVirtualKeyExA
UnionRect
DeferWindowPos
MonitorFromPoint
IsMenu
InsertMenuItemA
GetMenuBarInfo
LoadMenuA
ReuseDDElParam
UnpackDDElParam
PostThreadMessageA
WaitMessage
DefFrameProcA
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
InSendMessage
CreateMenu
SetMenuDefaultItem
IsClipboardFormatAvailable
SendNotifyMessageA
FrameRect
GetUpdateRect
RegisterClipboardFormatA
CopyIcon
CharUpperBuffA
GetDoubleClickTime
SubtractRect
EnumChildWindows
MapDialogRect
DrawIcon
DestroyCursor
WindowFromDC
GetWindowRgn
GetDCEx
GetTabbedTextExtentW
GetTabbedTextExtentA
RemoveMenu
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
GetScrollInfo
SetScrollInfo
CopyRect
SetWindowPlacement
TrackPopupMenu
SetMenu
GetWindowPlacement
GetMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuA
EnableMenuItem
CheckMenuItem
SetForegroundWindow
IsIconic
SetScrollRange
GetScrollRange
ShowScrollBar
GetClassInfoExA
GetClassInfoA
ToAsciiEx
RegisterClassA
PostMessageA
SetWindowPos
ScrollWindowEx
ScreenToClient
GetKeyboardLayout
EqualRect
SetClassLongA
DialogBoxParamA
DefWindowProcA
KillTimer
DestroyWindow
PostQuitMessage
CreateWindowExA
UpdateWindow
LoadIconA
LoadCursorA
RegisterClassExA
SetTimer
LoadStringA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
SetWindowTextA
GetClientRect
FillRect
CallWindowProcA
SetWindowLongA
GetDC
ReleaseDC
SetRect
IsWindow
CreateDialogParamA
ShowWindow
GetDlgItem
EndDialog
SetDlgItemTextA
SendMessageA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
wsprintfA
MessageBoxA
CharLowerA
MoveWindow
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemInt
SendDlgItemMessageA
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
GetScrollPos
SetScrollPos
SetFocus
SetWindowsHookExA
CallNextHookEx
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
UnregisterClassA
GetFocus
GetDesktopWindow
RealChildWindowFromPoint
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
DestroyIcon
CharUpperA
GetWindowTextLengthA
GetWindowTextA
GetWindowThreadProcessId
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
UnhookWindowsHookEx
GetSystemMetrics
GetSysColor
GetSysColorBrush
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
UpdateLayeredWindow
GetSubMenu

gdi32

RoundRect
EnumFontFamiliesExA
GetRgnBox
OffsetRgn
Rectangle
SetPixel
StretchBlt
GetDIBits
SetDIBColorTable
Polygon
Ellipse
Polyline
CreateEllipticRgn
GetTextColor
CreatePolygonRgn
CreateRoundRectRgn
CreateDIBSection
GetCurrentObject
StretchDIBits
GetCharWidthA
GetSystemPaletteEntries
RealizePalette
GetNearestPaletteIndex
DeleteMetaFile
CloseMetaFile
CreateMetaFileA
GetTextExtentPoint32W
GetTextExtentPointA
GetTextFaceA
GetTextAlign
GetStretchBltMode
GetROP2
GetPolyFillMode
GetBkMode
GetNearestColor
EndDoc
AbortDoc
SetAbortProc
EndPage
CopyMetaFileA
CreateDCA
CreateBitmap
GetObjectA
SaveDC
RestoreDC
SetPolyFillMode
SetROP2
SetStretchBltMode
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
LineTo
MoveToEx
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetLayout
SetLayout
SetArcDirection
SetColorAdjustment
SelectClipRgn
GetClipRgn
CreateRectRgn
SelectClipPath
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
StartPage
SetPixelV
SetPaletteEntries
ExtFloodFill
GetBoundsRect
FrameRgn
FillRgn
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
LPtoDP
StartDocA
PtVisible
RectVisible
ExtTextOutA
Escape
SetViewportOrgEx
GetPaletteEntries
CreatePalette
GetBkColor
DPtoLP
PatBlt
GetMapMode
CombineRgn
SetRectRgn
GetTextExtentPoint32A
GetTextCharsetInfo
EnumFontFamiliesA
GetTextMetricsA
CreateRectRgnIndirect
CreateCompatibleBitmap
CreateFontIndirectA
CreateDIBitmap
CreateHatchBrush
ExtCreatePen
CreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
CreateCompatibleDC
CreatePatternBrush
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
TextOutA
SetBkColor
SetTextColor
CreateSolidBrush
CreateFontA
DeleteObject
SetBkMode
SelectObject
GetStockObject
GetDeviceCaps

msimg32

TransparentBlt
AlphaBlend

comctl32

ImageList_GetIconSize
ImageList_ReplaceIcon
ImageList_DrawEx
ImageList_Remove
ImageList_AddMasked
ImageList_Destroy
ImageList_GetImageCount
ImageList_Create
ImageList_GetIcon
ord17

shlwapi

PathRemoveFileSpecW
PathFindExtensionA
PathFindFileNameA
PathRemoveExtensionA
PathStripToRootA
PathIsUNCA

oledlg

ord8

dbghelp

SymGetOptions
SymInitialize
SymFunctionTableAccess
StackWalk
SymGetModuleInfo
SymGetSymFromAddr
SymGetLineFromAddr
SymLoadModule
SymSetOptions

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

gdiplus

GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdipGetImagePixelFormat
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipGetImagePaletteSize
GdipGetImagePalette
GdipDrawImageI
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdiplusStartup
GdipGetImageGraphicsContext
GdipBitmapUnlockBits

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundA

winspool.drv

DocumentPropertiesA
ClosePrinter
GetJobA
OpenPrinterA

comdlg32

GetFileTitleA

advapi32

RegEnumValueA
GetFileSecurityA
RegCloseKey
RegSetValueA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegQueryValueA
RegEnumKeyA
RegQueryValueExA
RegOpenKeyExW
RegDeleteValueA
RegSetValueExA
RegEnumKeyExA
SetFileSecurityA

shell32

DragFinish
ExtractIconA
SHAddToRecentDocs
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteExA
SHAppBarMessage
DragQueryFileA
SHGetFileInfoA
SHBrowseForFolderA
SHGetMalloc
ShellExecuteA

ole32

OleSave
WriteClassStm
CoTaskMemFree
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreate
OleLoad
GetHGlobalFromILockBytes
OleSetContainedObject
OleCreateFromFile
OleCreateLinkToFile
OleGetIconOfClass
CreateItemMoniker
CreateGenericComposite
OleRegEnumVerbs
OleRegGetMiscStatus
OleRun
OleFlushClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleQueryCreateFromData
StgCreateDocfileOnILockBytes
OleIsRunning
GetRunningObjectTable
CoGetMalloc
CreateOleAdviseHolder
CreateDataAdviseHolder
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoGetClassObject
CoRegisterClassObject
CoRevokeClassObject
CoRegisterMessageFilter
CLSIDFromProgID
OleIsCurrentClipboard
OleSetClipboard
OleSetMenuDescriptor
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
StgIsStorageFile
StgOpenStorage
PropVariantCopy
OleQueryLinkFromData
DoDragDrop
CreateFileMoniker
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfile
CreateStreamOnHGlobal
CoInitializeEx
CoInitialize
CoUninitialize
CoCreateGuid
CLSIDFromString
CoCreateInstance
CoDisconnectObject
StringFromGUID2
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
OleGetClipboard
SetConvertStg
OleSaveToStream

oleaut32

SafeArrayCreate
VariantClear
SafeArrayRedim
VariantChangeType
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SysAllocStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
SysReAllocStringLen
VarDateFromStr
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysFreeString
VarCyFromStr
VarBstrFromDate
VariantInit
SysAllocString

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

Sections

.textbss
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 2.0MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 781KB - Virtual size: 804KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 334.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4bc6b0c3461cb3cd37c732fe702d9321

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

odbc32

mumsg

kernel32

user32

gdi32

msimg32

comctl32

shlwapi

oledlg

dbghelp

oleacc

gdiplus

imm32

winmm

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

msvcrt

iphlpapi

psapi

Sections

.textbss Size: - Virtual size: 2.9MB

.text Size: 2.0MB - Virtual size: 6.1MB

.rdata Size: 781KB - Virtual size: 804KB

.data Size: 12KB - Virtual size: 334.2MB

.idata Size: 24KB - Virtual size: 28KB

.rsrc Size: 2KB - Virtual size: 124KB

.sedata Size: 1.7MB - Virtual size: 1.7MB

.idata Size: 17KB - Virtual size: 20KB

.rsrc Size: 99KB - Virtual size: 100KB

.sedata Size: 4KB - Virtual size: 4KB

.textbss
Size: - Virtual size: 2.9MB

.text
Size: 2.0MB - Virtual size: 6.1MB

.rdata
Size: 781KB - Virtual size: 804KB

.data
Size: 12KB - Virtual size: 334.2MB

.idata
Size: 24KB - Virtual size: 28KB

.rsrc
Size: 2KB - Virtual size: 124KB

.sedata
Size: 1.7MB - Virtual size: 1.7MB

.idata
Size: 17KB - Virtual size: 20KB

.rsrc
Size: 99KB - Virtual size: 100KB

.sedata
Size: 4KB - Virtual size: 4KB