f:\git\cpp_xb\51\TOOGame_cef2015\bin\Release\玄兵骑战.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
8500f898dca6c332614bd4d6896cab14fa0e2abf97af6dbe597830dc08f12dcf.exe
Resource
win7-20240220-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
8500f898dca6c332614bd4d6896cab14fa0e2abf97af6dbe597830dc08f12dcf.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
8500f898dca6c332614bd4d6896cab14fa0e2abf97af6dbe597830dc08f12dcf
-
Size
3.1MB
-
MD5
369be3f7ebae7e3ce9a66987224b21a4
-
SHA1
8cc17a5783871412afaad16a436c2122b1f994a2
-
SHA256
8500f898dca6c332614bd4d6896cab14fa0e2abf97af6dbe597830dc08f12dcf
-
SHA512
06f514f986f7c237e7b29829548ff12344f86ed6e414ba2c8f4d8f43873752d54cfca622fc263447aa4764b7dd145d90f6bc5a6391dc9f09c4b74bc8d03d117b
-
SSDEEP
98304:NLDOLVy8xJ6U/zKY2b3/iCVvlCNaRz2L6P:EVyi/zKlPnl08P
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 8500f898dca6c332614bd4d6896cab14fa0e2abf97af6dbe597830dc08f12dcf
Files
-
8500f898dca6c332614bd4d6896cab14fa0e2abf97af6dbe597830dc08f12dcf.exe windows:6 windows x86 arch:x86
b01a290e42e3187debc6c6ce8525d2c4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
IsDebuggerPresent
Sleep
InitializeCriticalSection
SleepEx
WaitForSingleObject
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
FreeLibrary
FormatMessageA
UnhandledExceptionFilter
FormatMessageW
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
lstrcpynW
SetLastError
GetLocalTime
GlobalAlloc
HeapReAlloc
InitializeCriticalSectionAndSpinCount
HeapAlloc
GetCurrentThreadId
HeapDestroy
GetLastError
LocalFree
SystemTimeToFileTime
WriteFile
GetACP
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateFileW
GetFileSize
ReadFile
GetTickCount
GetModuleHandleW
GetProcAddress
GlobalLock
GlobalUnlock
LoadLibraryW
ExitProcess
VerSetConditionMask
GetCurrentProcessId
MulDiv
VerifyVersionInfoW
CreateDirectoryW
GetFileAttributesW
LocalFileTimeToFileTime
SetFilePointer
DeleteCriticalSection
InitializeCriticalSectionEx
RaiseException
DecodePointer
CreateThread
K32GetProcessImageFileNameW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WideCharToMultiByte
MultiByteToWideChar
WritePrivateProfileStringW
GetPrivateProfileStringW
FindResourceW
lstrcatW
lstrcpyW
SizeofResource
LockResource
LoadResource
GetModuleFileNameW
FreeResource
FindResourceExW
OpenProcess
GetProcessHeap
HeapSize
SetUnhandledExceptionFilter
HeapFree
CloseHandle
GetTempPathW
QueryDosDeviceW
GetLogicalDriveStringsW
GetCommandLineW
OutputDebugStringW
GlobalAddAtomW
lstrlenW
lstrcmpiW
ExpandEnvironmentStringsA
SetFileTime
user32
MapVirtualKeyExW
GetKeyNameTextW
GetKeyboardLayout
SetForegroundWindow
GetGUIThreadInfo
InvalidateRgn
CreateAcceleratorTableW
DrawTextA
wsprintfA
IsWindowEnabled
GetWindowTextLengthW
EqualRect
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
GetCaretBlinkTime
CreateCaret
EnableMenuItem
SetRect
FillRect
DrawTextW
CharPrevW
GetSystemMetrics
SetWindowTextW
GetWindowTextW
GetWindowRect
GetWindowRgn
UpdateLayeredWindow
LoadIconW
LoadStringW
MonitorFromPoint
SetWindowRgn
AdjustWindowRectEx
GetPropW
SetPropW
GetMenu
SetWindowPlacement
GetClassInfoExW
RegisterClassExW
RegisterClassW
CallWindowProcW
DefWindowProcW
wsprintfW
GetMonitorInfoW
MonitorFromWindow
LoadImageW
GetWindow
ShowWindow
PtInRect
IsRectEmpty
IntersectRect
GetSysColor
MapWindowPoints
ScreenToClient
GetClientRect
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
KillTimer
ReleaseCapture
SetCapture
GetKeyState
GetFocus
GetActiveWindow
SetFocus
CharNextW
CreateWindowExW
SendMessageW
GetWindowLongW
SetWindowLongW
FindWindowExW
GetClassNameW
GetWindowPlacement
EnableWindow
MoveWindow
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
SystemParametersInfoW
DestroyWindow
SetWindowPos
MessageBoxW
PostQuitMessage
IsWindow
IsWindowVisible
IsZoomed
ClientToScreen
PostMessageW
IsIconic
SetTimer
CreatePopupMenu
DestroyMenu
AppendMenuW
TrackPopupMenu
GetCursorPos
UnregisterClassW
UnregisterHotKey
RegisterHotKey
GetParent
InflateRect
SetCursor
TranslateMessage
UnionRect
DispatchMessageW
LoadCursorW
OffsetRect
GetMessageW
shell32
DragQueryFileW
ShellExecuteW
Shell_NotifyIconW
ole32
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
ReleaseStgMedium
OleDuplicateData
DoDragDrop
RegisterDragDrop
CoCreateInstance
CoInitialize
OleInitialize
OleLockRunning
msvcp140
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?_Xout_of_range@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
?_BADOFF@std@@3_JB
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
libcef
cef_post_data_element_create
cef_print_settings_create
cef_stream_reader_create_for_handler
cef_stream_reader_create_for_data
cef_stream_reader_create_for_file
cef_post_data_create
cef_response_create
cef_v8stack_trace_get_current
cef_menu_model_create
cef_urlrequest_create
cef_request_create
cef_string_multimap_free
cef_string_multimap_alloc
cef_string_list_clear
cef_media_router_get_global
cef_cookie_manager_get_global_manager
cef_stream_writer_create_for_handler
cef_stream_writer_create_for_file
cef_image_create
cef_task_runner_get_for_thread
cef_task_runner_get_for_current_thread
cef_value_create
cef_binary_value_create
cef_string_multimap_append
cef_string_multimap_value
cef_string_multimap_size
cef_string_map_append
cef_string_map_value
cef_string_map_key
cef_string_map_size
cef_string_list_append
cef_string_list_value
cef_string_list_size
cef_create_context_shared
cef_request_context_create_context
cef_request_context_get_global_context
cef_drag_data_create
cef_dictionary_value_create
cef_list_value_create
cef_command_line_get_global
cef_command_line_create
cef_string_map_free
cef_string_map_alloc
cef_v8value_create_function
cef_v8value_create_array_buffer
cef_v8value_create_array
cef_v8value_create_object
cef_v8value_create_string
cef_v8value_create_date
cef_v8value_create_double
cef_v8value_create_uint
cef_v8value_create_int
cef_v8value_create_bool
cef_v8value_create_null
cef_v8value_create_undefined
cef_v8context_in_context
cef_v8context_get_entered_context
cef_v8context_get_current_context
cef_api_hash
cef_execute_java_script_with_user_gesture_for_tests
cef_register_widevine_cdm
cef_is_web_plugin_unstable
cef_register_web_plugin_crash
cef_unregister_internal_web_plugin
cef_refresh_web_plugins
cef_visit_web_plugin_info
cef_now_from_system_trace_time
cef_end_tracing
cef_begin_tracing
cef_launch_process
cef_get_path
cef_write_json
cef_parse_jsonand_return_error
cef_parse_json_buffer
cef_parse_json
cef_uridecode
cef_uriencode
cef_base64decode
cef_base64encode
cef_get_extensions_for_mime_type
cef_get_mime_type
cef_format_url_for_security_display
cef_create_url
cef_parse_url
cef_clear_cross_origin_whitelist
cef_string_utf16_set
cef_string_utf16_clear
cef_string_utf8_to_utf16
cef_string_utf8_clear
cef_string_utf16_cmp
cef_string_utf16_to_utf8
cef_string_ascii_to_utf16
cef_log
cef_string_wide_to_utf8
cef_remove_cross_origin_whitelist_entry
cef_add_cross_origin_whitelist_entry
cef_load_crlsets_file
cef_zip_directory
cef_delete_file
cef_directory_exists
cef_create_temp_directory_in_directory
cef_create_new_temp_directory
cef_get_temp_directory
cef_create_directory
cef_set_crash_key_value
cef_crash_reporting_enabled
cef_enable_highdpi_support
cef_set_osmodal_loop
cef_quit_message_loop
cef_run_message_loop
cef_do_message_loop_work
cef_shutdown
cef_initialize
cef_execute_process
cef_clear_scheme_handler_factories
cef_register_scheme_handler_factory
cef_register_extension
cef_post_delayed_task
cef_post_task
cef_currently_on
cef_is_cert_status_error
cef_browser_host_create_browser_sync
cef_browser_host_create_browser
cef_string_list_free
cef_string_list_alloc
cef_process_message_create
cef_string_userfree_utf16_free
cef_string_multimap_key
comctl32
ord17
_TrackMouseEvent
InitCommonControlsEx
gdiplus
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipDrawImageRectI
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipFillRectangleI
GdipDrawRectangleI
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipFree
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipSetPenMode
imm32
ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext
shlwapi
PathFileExistsW
StrChrW
wininet
InternetSetOptionW
InternetCloseHandle
InternetOpenUrlW
InternetReadFile
InternetOpenW
ws2_32
freeaddrinfo
bind
ioctlsocket
closesocket
listen
accept
ntohs
getsockname
setsockopt
socket
getaddrinfo
sendto
recvfrom
WSAStartup
gethostbyname
connect
getpeername
gethostname
getsockopt
WSACleanup
htons
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAIoctl
wldap32
ord27
ord145
ord147
ord301
ord127
ord118
ord167
ord41
ord79
ord46
ord142
ord133
ord216
ord208
ord26
ord14
iphlpapi
GetAdaptersInfo
vcruntime140
memset
_CxxThrowException
__CxxFrameHandler3
_purecall
wcsstr
__std_terminate
strchr
wcsrchr
wcschr
__RTDynamicCast
strrchr
strstr
__vcrt_InitializeCriticalSectionEx
_except_handler4_common
__std_exception_copy
__std_exception_destroy
__std_type_info_destroy_list
memchr
memcpy
memmove
memcmp
api-ms-win-crt-runtime-l1-1-0
_getpid
__sys_nerr
strerror
_beginthreadex
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
terminate
_seh_filter_exe
_set_app_type
_get_narrow_winmain_command_line
_initterm
_initterm_e
exit
_exit
_get_errno
_c_exit
_register_thread_local_exe_atexit_callback
_errno
_invalid_parameter_noinfo
_controlfp_s
_invalid_parameter_noinfo_noreturn
api-ms-win-crt-string-l1-1-0
wcscmp
strcat
_strnicmp
_stricmp
_strdup
isgraph
isprint
islower
isupper
_wcsicmp
isalnum
strpbrk
isxdigit
strncpy
wcsnlen
_wcsdup
strlen
wcsncmp
iswalnum
wcsncat
toupper
isdigit
_wcsupr
_wcslwr
wcsncpy
strncmp
tolower
isspace
isalpha
wcsspn
wcscspn
iswspace
wmemcpy_s
strcpy
strcmp
strcat_s
strcpy_s
_wcsnicmp
wcslen
api-ms-win-crt-stdio-l1-1-0
__p__commode
_set_fmode
_close
_open
_read
_write
fflush
_lseeki64
fgets
fopen
fputs
__stdio_common_vsprintf_s
__stdio_common_vfscanf
__stdio_common_vfprintf_p
feof
__stdio_common_vsscanf
__stdio_common_vsnprintf_s
ftell
fseek
fread
fputc
ferror
fclose
fopen_s
_wfopen_s
__stdio_common_vfprintf
__stdio_common_vswprintf_s
__stdio_common_vswprintf
__acrt_iob_func
__stdio_common_vsprintf_p
fwrite
__stdio_common_vsprintf
__stdio_common_vfwprintf
__stdio_common_vfwprintf_s
__stdio_common_vfwprintf_p
__stdio_common_vfwscanf
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf_p
__stdio_common_vswscanf
__stdio_common_vfprintf_s
api-ms-win-crt-heap-l1-1-0
realloc
calloc
free
malloc
_callnewh
_recalloc
_set_new_mode
api-ms-win-crt-convert-l1-1-0
atoi
atof
strtoul
_itow
wcstol
wcstoul
wcstod
strtol
_strtoi64
_wtoi
api-ms-win-crt-filesystem-l1-1-0
_fstat64
_rmdir
_findnext64i32
_findfirst64i32
_findclose
remove
_stat64
api-ms-win-crt-math-l1-1-0
ldexp
_libm_sse2_pow_precise
__setusermatherr
_except1
_libm_sse2_sqrt_precise
api-ms-win-crt-utility-l1-1-0
qsort_s
qsort
api-ms-win-crt-time-l1-1-0
_gmtime64
_time64
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
gdi32
GetBitmapBits
GetTextExtentPointA
CreatePatternBrush
GdiFlush
TextOutW
MoveToEx
GetObjectA
SetTextColor
SetStretchBltMode
StretchBlt
SetBkMode
SetBkColor
ExtSelectClipRgn
SelectClipRgn
RoundRect
LineTo
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
CreateDIBSection
PtInRegion
CreateRectRgn
CreateRoundRectRgn
SetWindowOrgEx
GetObjectW
GetTextMetricsW
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateEnhMetaFileW
CloseEnhMetaFile
SelectObject
SaveDC
RestoreDC
Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateDIBitmap
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SetBitmapBits
advapi32
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextW
CryptImportKey
CryptReleaseContext
CryptEncrypt
CryptDestroyKey
oleaut32
CreateErrorInfo
SysAllocString
SysFreeString
VariantInit
VariantClear
GetErrorInfo
VariantChangeType
SetErrorInfo
Sections
.text Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 318KB - Virtual size: 317KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 1024B - Virtual size: 820B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_RDATA Size: 512B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1.7MB - Virtual size: 1.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 74KB - Virtual size: 74KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ