Mad_Father104-PT[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Mad_Father104-PT.zip
Size

37.5MB
MD5

2ac5de85db3f910375423dce7620b672
SHA1

44ed40c94fe1fb7cfd74b5232fec16a1361feee0
SHA256

9866cff958b12c1cf69784161f3cfea27ad2a35f0a954d959784b1e69f12de8f
SHA512

bd0d31ff9d87b144ebee5e84bd036ec89cf002f0c0242008f9a9eb95341c558801e8ad74baa0569c05074e759a3a1caf12cab01fabdb329c14d12687af5dfb42
SSDEEP

786432:tdjHa6QNo2CF3fusUjWjadceRFl1mcz0lqB21Z1Vm6toGgNVpkaGaBzBO40:jjzQNo2EPusjaGQFLmy0lUW1VBtopPpW

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Config.exe
unpack001/Game.exe
unpack001/GuruguruSMF4.dll

Files

Mad_Father104-PT.zip
.zip
Config.exe
.exe windows:4 windows x86 arch:x86

891c3588c50fdb74500d7a3a638a31b2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\（◆開発用ディレクトリ）\[▼作業用]プログラム\RPGコンフィグプログラムOld+\Release\RPGコンフィグプログラム.pdb

Imports

kernel32

GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
TerminateProcess
HeapReAlloc
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
VirtualAlloc
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
VirtualProtect
ExitProcess
HeapAlloc
HeapFree
RtlUnwind
SetErrorMode
GetOEMCP
GetCPInfo
CreateFileA
GetCurrentProcess
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GlobalFlags
InterlockedIncrement
FormatMessageA
LocalFree
InterlockedDecrement
MulDiv
SetLastError
GlobalGetAtomNameA
GlobalFindAtomA
lstrcatA
lstrcmpW
lstrcpynA
WritePrivateProfileStringA
GlobalUnlock
GlobalFree
FreeResource
CloseHandle
GlobalAddAtomA
FindResourceA
LoadResource
LockResource
SizeofResource
GetCurrentThread
GetCurrentThreadId
GlobalLock
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
lstrcmpA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
LoadLibraryA
GetLastError
lstrlenA
lstrcmpiA
WideCharToMultiByte
MultiByteToWideChar
GetVersion
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
UnhandledExceptionFilter
GetVersionExA

user32

DestroyMenu
GetSysColorBrush
LoadCursorA
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ShowWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
GetWindowTextA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetSysColor
AdjustWindowRectEx
GetCapture
MessageBoxA
GetSystemMetrics
DrawIcon
SendMessageA
IsIconic
GetClientRect
EnableWindow
LoadIconA
PostMessageA
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
GetWindow
wsprintfA
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetForegroundWindow
PostQuitMessage
SetCursor
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
GetParent
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
SetWindowsHookExA
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA

gdi32

GetDeviceCaps
GetStockObject
DeleteDC
SelectObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
CreateBitmap
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
SetViewportOrgEx

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

comctl32

ord17

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Controles e Avisos Prévios.txt
Data.wolf
Game.exe
.exe windows:4 windows x86 arch:x86

44cc8db503a13fa9e7ab7879b73e2490

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

\\tsclient\d\（◆開発用ディレクトリ）\[▼作業用]プログラム\RPGドライブプログラム\Release\Game1.pdb

Imports

shlwapi

PathIsDirectoryA

kernel32

FindClose
FindFirstFileA
CreateDirectoryA
CloseHandle
SetCurrentDirectoryA
Sleep
GetExitCodeThread
GetCurrentDirectoryA
GetDiskFreeSpaceExA
lstrlenA
CreateFileA
RemoveDirectoryA
WriteFile
FlushFileBuffers
InitializeCriticalSection
DeleteCriticalSection
RaiseException
GetFileAttributesA
CopyFileA
DeleteFileA
FindNextFileA
GlobalLock
GlobalUnlock
GlobalAlloc
lstrcpyA
GetModuleFileNameA
GetTickCount
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
GetModuleFileNameW
LoadLibraryW
ReleaseSemaphore
CreateSemaphoreA
InterlockedDecrement
InterlockedIncrement
lstrcpynW
MulDiv
GetProcAddress
FreeLibrary
GetLastError
SetStdHandle
lstrcmpW
GetThreadPriority
WaitForMultipleObjects
lstrlenW
DeleteFileW
lstrcpyW
SetThreadPriority
RtlUnwind
ExitProcess
HeapFree
GetSystemTimeAsFileTime
HeapAlloc
GetModuleHandleA
TerminateProcess
GetCurrentProcess
MultiByteToWideChar
ExitThread
GetCurrentThreadId
CreateThread
GetStartupInfoA
GetCommandLineA
TlsAlloc
SetLastError
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
QueryPerformanceCounter
GetCurrentProcessId
EnterCriticalSection
LeaveCriticalSection
ReadFile
SetHandleCount
GetStdHandle
GetFileType
SetFilePointer
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
GetOEMCP
GetCPInfo
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
LCMapStringA
WideCharToMultiByte
LCMapStringW
HeapSize
GetTimeZoneInformation
UnhandledExceptionFilter
SetUnhandledExceptionFilter
VirtualQuery
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
LoadLibraryA
CreateFileW
VirtualProtect
GetSystemInfo
SetEndOfFile
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
lstrcatA
SetEvent
GetProcessHeap
GlobalSize
GlobalFree
lstrcmpA
GetLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
ResetEvent
WaitForSingleObject
CreateEventA
GetTempFileNameA
GetTempPathA
OutputDebugStringA
GetFileSize
QueryPerformanceFrequency
GlobalMemoryStatus
ResumeThread

user32

SendDlgItemMessageA
UnregisterClassA
GetDC
ReleaseDC
CharNextA
GetSystemMetrics
GetClientRect
SetWindowTextA
SetClassLongA
LoadIconA
UpdateWindow
ClipCursor
SetWindowRgn
SendMessageA
GetMenuItemInfoA
GetMenuItemCount
PostMessageA
ShowCursor
GetCursorPos
SetCursorPos
SetRect
SetForegroundWindow
SystemParametersInfoA
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
DrawMenuBar
SetMenu
SetActiveWindow
AdjustWindowRectEx
SetWindowLongA
ClientToScreen
MoveWindow
UnhookWindowsHookEx
ChangeDisplaySettingsA
CreateWindowExA
DestroyMenu
TranslateMessage
DispatchMessageA
PeekMessageA
TranslateAcceleratorA
IsDialogMessageA
DefWindowProcA
RegisterClassExA
LoadCursorA
FindWindowA
SetCursor
PostQuitMessage
EndPaint
FillRect
BeginPaint
BringWindowToTop
GetWindowLongA
SetTimer
KillTimer
EnumDisplaySettingsA
GetKeyboardState
GetDesktopWindow
PostThreadMessageA
GetQueueStatus
RegisterWindowMessageA
MsgWaitForMultipleObjects
IsClipboardFormatAvailable
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
MessageBoxA
DestroyWindow
GetDlgItem
GetScrollPos
CreateDialogParamA
GetWindowRect
SetWindowPos
SetFocus
ShowWindow

gdi32

GetClipBox
AddFontResourceExA
RemoveFontResourceExA
DeleteObject
GetObjectA
DeleteDC
SelectObject
CreateCompatibleDC
CreateDIBSection
GetStockObject
CreateSolidBrush
StretchDIBits
SetDIBitsToDevice
GetGlyphOutlineA
GetTextMetricsA
EnumFontFamiliesExA
CreateFontA
GetDeviceCaps

shell32

DragQueryFileA
DragFinish
ShellExecuteA

wininet

InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Game.ini
GuruguruSMF4.dll
.dll windows:4 windows x86 arch:x86

b600469a29e3d62b811b9ea4936cd290

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

midiOutShortMsg
midiOutUnprepareHeader
midiOutLongMsg
midiOutPrepareHeader
midiOutClose
midiOutOpen
timeKillEvent
timeEndPeriod
timeSetEvent
timeBeginPeriod
timeGetTime

kernel32

InterlockedDecrement
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
LCMapStringA
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
CreateFileW
GetLastError
WideCharToMultiByte
CreateFileA
GetFileSize
CloseHandle
ReadFile
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetExitCodeThread
TerminateThread
WaitForSingleObject
CreateThread
SetThreadPriority
ResumeThread
GetCurrentDirectoryW
GetCurrentDirectoryA
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetStringTypeW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetStringTypeA

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx

Exports

Exports

GGS4AddDlsA
GGS4AddDlsW
GGS4AddListFromFileA
GGS4AddListFromFileW
GGS4AddListFromMemory
GGS4ClearList
GGS4CloseDevice
GGS4DeleteListItem
GGS4EnumList
GGS4GetPlayerStatus
GGS4GetSmfInformation
GGS4OpenDevice
GGS4Pause
GGS4Play
GGS4Restart
GGS4SetMasterPitch
GGS4SetMasterTempo
GGS4SetMasterVolume
GGS4Stop

Sections

.text
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Leia-me.txt
Please write me a song.ttf
razor keen.ttf

Sharing

General

Malware Config

Signatures

Files

891c3588c50fdb74500d7a3a638a31b2

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

shlwapi

oleaut32

Sections

.text Size: 104KB - Virtual size: 100KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 8KB - Virtual size: 20KB

.rsrc Size: 24KB - Virtual size: 20KB

44cc8db503a13fa9e7ab7879b73e2490

Headers

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

gdi32

shell32

wininet

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 212KB - Virtual size: 211KB

.data Size: 140KB - Virtual size: 3.7MB

.rsrc Size: 8KB - Virtual size: 5KB

b600469a29e3d62b811b9ea4936cd290

Headers

File Characteristics

Imports

winmm

kernel32

ole32

Exports

Exports

Sections

.text Size: 92KB - Virtual size: 89KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 12KB - Virtual size: 15KB

.rsrc Size: 4KB - Virtual size: 984B

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 104KB - Virtual size: 100KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 8KB - Virtual size: 20KB

.rsrc
Size: 24KB - Virtual size: 20KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 212KB - Virtual size: 211KB

.data
Size: 140KB - Virtual size: 3.7MB

.rsrc
Size: 8KB - Virtual size: 5KB

.text
Size: 92KB - Virtual size: 89KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 12KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 984B

.reloc
Size: 12KB - Virtual size: 9KB