925a48d22e699635879ac134a9170ad05467d6c9a3428dfadf97a9e4f1e9bae4

Sharing

Copy URL Twitter E-mail

General

Target

925a48d22e699635879ac134a9170ad05467d6c9a3428dfadf97a9e4f1e9bae4
Size

564KB
MD5

17f6de93a5e86cce95d467c8e1a6da6f
SHA1

2394afef0a15fb321b4236169ac7ed1898f88fd1
SHA256

925a48d22e699635879ac134a9170ad05467d6c9a3428dfadf97a9e4f1e9bae4
SHA512

24a063d5c1dfb478a7d1cf1ec2ff5fa0bb984e548b83a5c1990842d6361254de90697f7839e4175dda2857f2c3e960970279f890e792e7c5077e6ade20717850
SSDEEP

6144:x6fzs6DBwwdDg9Bh7i9QUr+RSQnZwxab1blUWWLxSAVBATH0:QY6DB8i9/yDwxA1uWecAc70

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
925a48d22e699635879ac134a9170ad05467d6c9a3428dfadf97a9e4f1e9bae4

Files

925a48d22e699635879ac134a9170ad05467d6c9a3428dfadf97a9e4f1e9bae4
.dll windows:4 windows x86 arch:x86

d4efd317ab3cc06f943138ed175a7532

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Code\Pirate101\Pirate_1_035\Pirate101\Bin\PirateLauncherUI.pdb

Imports

kernel32

ReadFile
GlobalFree
GetLastError
GetCurrentThreadId
lstrlenA
GlobalAlloc
TlsFree
VirtualQuery
TlsAlloc
InitializeCriticalSection
DeleteCriticalSection
CompareStringA
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryA
InterlockedExchange
SetLastError
InterlockedDecrement
SetEndOfFile
CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeA
LCMapStringA
UnlockFile
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetOEMCP
GetACP
GetStdHandle
ExitProcess
HeapSize
Sleep
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
RtlUnwind
RaiseException
GetVersionExA
GetCommandLineA
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeLibrary
SizeofResource
TlsGetValue
WriteFile
LockResource
InterlockedIncrement
LoadResource
EnterCriticalSection
LeaveCriticalSection
CloseHandle
TlsSetValue
FlushFileBuffers
GetCurrentProcess
TerminateProcess
HeapAlloc
GetProcessHeap
HeapFree
SetFilePointer
LockFile
GetLocaleInfoA

advapi32

RegCloseKey

user32

GetSystemMenu
UpdateWindow
SetWindowPos
DrawIcon
ShowOwnedPopups
ValidateRect
GetParent
CallNextHookEx
ReleaseDC
SetWindowContextHelpId
UnhookWindowsHookEx
IsMenu
IsIconic
GetTopWindow
DestroyMenu
DestroyWindow
GetWindowRect
GetClientRect
MapDialogRect
GetDlgItem
SetFocus
GetDlgCtrlID
IsWindow
EndPaint
EndDialog
IntersectRect
GetActiveWindow
WindowFromDC
SetActiveWindow
GetFocus
SetRect
BeginPaint
GetKeyState
GetNextDlgTabItem
IsWindowVisible
CopyRect
GetSystemMetrics
IsWindowEnabled
PostQuitMessage
GetWindow
MessageBeep
RedrawWindow
TranslateMessage
ShowWindow

gdi32

DeleteDC
GetStockObject
CreateCompatibleDC
RestoreDC
AddFontMemResourceEx
SaveDC
DeleteObject
BitBlt
SetTextColor
SetBkMode
SelectObject

ole32

OleInitialize
CLSIDFromProgID
CLSIDFromString
CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

VariantClear
SysFreeString
VariantInit
SysStringLen
SysAllocStringLen
VariantChangeType
SysAllocString

comctl32

InitCommonControlsEx
ord17

Exports

Exports

?IFnAlreadyRunning@@YAXXZ
?IFnConnectToLogin@@YAXXZ
?IFnGetUserNameAndPassword@@YAXAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0@Z
?IFnGotoPage@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z
?IFnHideWindow@@YAXXZ
?IFnHomeButtonFocus@@YAXXZ
?IFnInitialize@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?IFnLaunchingGameClient@@YAXXZ
?IFnLaunchingNewPatchClient@@YAXXZ
?IFnPatchingPatchClient@@YAXXZ
?IFnPostQuitMessage@@YAXXZ
?IFnReadyToPlay@@YAXXZ
?IFnReportFileProgress@@YAXPBDI_N@Z
?IFnReportTotalProgress@@YAXI@Z
?IFnShowLoginControls@@YAXXZ
?IFnShowProgressControls@@YAXXZ
?IFnShowUI@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H0PAV?$Delegate@AAUExeParams@@@@@Z

Sections

.text
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 324KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d4efd317ab3cc06f943138ed175a7532

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

user32

gdi32

ole32

oleaut32

comctl32

Exports

Exports

Sections

.text Size: 168KB - Virtual size: 167KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 12KB - Virtual size: 18KB

.rsrc Size: 324KB - Virtual size: 322KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 168KB - Virtual size: 167KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 12KB - Virtual size: 18KB

.rsrc
Size: 324KB - Virtual size: 322KB

.reloc
Size: 20KB - Virtual size: 19KB