Nestopia140bin[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Nestopia140bin.zip
Size

1.2MB
MD5

dc841222d47fec2884b96d3486a55074
SHA1

2e0a89ca006a4af1b3cd708e796cb55b9a45d21e
SHA256

d30aeff27ffd8a22099b8edd043763b07a62a19e8bf8710e09c4f11b1f69764f
SHA512

adff77c731a3a30b708de9672453a241f9c151bec48754e3f498f0ceb36bbde1d91bb0a6ccf9b3db27e2edc0e8c364a7fcbb103772b03f4325e6ce629d99d444
SSDEEP

24576:5RCnHfRsxeTmxUjfInTjzd17Ld09TNOnevua13F8QG7LVD0IQG6WGs:f8XuZ17Ld09TNOnet1w7L1070

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/kailleraclient.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/kailleraclient.dll	upx

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7zxa.dll
unpack001/kailleraclient.dll
unpack002/out.upx
unpack001/language/english.nlg
unpack001/nestopia.exe
unpack001/unrar.dll

Files

Nestopia140bin.zip
.zip
7zxa.dll
.dll windows:4 windows x86 arch:x86

dd1fcfec6ca1a2b0bfb46d7f425f87a4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

CharUpperW
CharUpperA

oleaut32

SysFreeString
SysAllocStringByteLen
VariantClear
SysAllocString

kernel32

GetStringTypeW
GetStringTypeA
LCMapStringW
VirtualAlloc
VirtualFree
GetProcAddress
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
CloseHandle
WriteFile
CreateEventA
LeaveCriticalSection
EnterCriticalSection
ResetEvent
SetEvent
WaitForSingleObject
WaitForMultipleObjects
CreateThread
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
GetSystemInfo
HeapAlloc
HeapFree
RaiseException
RtlUnwind
GetCommandLineA
GetVersion
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
HeapReAlloc
IsBadWritePtr
ExitProcess
SetUnhandledExceptionFilter
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
InterlockedDecrement
InterlockedIncrement
LCMapStringA

Exports

Exports

CreateObject
GetHandlerProperty

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
changelog.txt
copying.txt
kailleraclient.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

_kailleraChatSend@4
_kailleraEndGame@0
_kailleraGetVersion@4
_kailleraInit@0
_kailleraModifyPlayValues@8
_kailleraSelectServerDialog@4
_kailleraSetInfos@4
_kailleraShutdown@0

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
language/english.nlg
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nestopia.exe
.exe windows:4 windows x86 arch:x86

e2ecc1d8e24a9bfcd100f1a2f85dc5a3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
GetModuleHandleA
ExitProcess
GetStdHandle
GetModuleFileNameA
HeapSize
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetACP
GetOEMCP
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
SetHandleCount
GetFileType
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
RaiseException
InterlockedExchange
LoadLibraryA
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA
GetWindowsDirectoryA
GetSystemDirectoryA
GetStartupInfoA
GetProcessHeap
GetVersionExA
GetCommandLineA
CreateThread
ResumeThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapReAlloc
HeapAlloc
HeapFree
GetUserDefaultLangID
VirtualQuery
UnmapViewOfFile
OutputDebugStringA
IsProcessorFeaturePresent
CompareStringA
QueryPerformanceCounter
QueryPerformanceFrequency
GetLocalTime
FileTimeToSystemTime
GetCommandLineW
SystemTimeToTzSpecificLocalTime
SetEvent
GetSystemInfo
LockResource
SizeofResource
LoadResource
GlobalUnlock
GlobalLock
ReadFile
WriteFile
SetEndOfFile
SetFilePointer
GetFileSize
CloseHandle
FlushFileBuffers
WaitForSingleObject
SetThreadPriority
GetCurrentThread
GetTickCount
FindClose
GetLastError
FreeLibrary
GetCurrentThreadId
Sleep

user32

GetWindow
GetSubMenu
GetClientRect
GetTopWindow
ReleaseDC
GetDC
CallNextHookEx
GetAsyncKeyState
SetCursor
GetDlgItem
GetDlgCtrlID
GetMenuBarInfo
DeleteMenu
CheckMenuItem
GetMenu
CheckMenuRadioItem
EnableMenuItem
GetMenuState
SetMenu
ShowScrollBar
DrawMenuBar
DestroyAcceleratorTable
SetMenuInfo
GetMenuItemCount
TranslateMessage
GetForegroundWindow
IsChild
InvalidateRect
SendInput
DestroyMenu
DestroyCursor
CloseClipboard
OpenClipboard
GetSysColorBrush
EnumThreadWindows
GetCursorPos
GetKeyState
AdjustWindowRectEx
UnhookWindowsHookEx
GetActiveWindow
LockWindowUpdate
ShowWindow
IsWindowEnabled
PostQuitMessage
SetTimer
KillTimer
GetWindowRect
EndDialog
DestroyWindow
ClientToScreen
GetWindowPlacement
GetWindowTextLengthA
SetFocus
GetParent
GetWindowThreadProcessId
SetWindowPos
SetWindowPlacement
ScreenToClient
GetSystemMetrics
IsWindowVisible
IsIconic
SetWindowTextA
IsZoomed
SetForegroundWindow
ValidateRect
GetFocus
GetWindowTextA

gdi32

SetDIBitsToDevice
Rectangle
SelectObject
GetDeviceCaps
CreateSolidBrush
CreatePen
GetObjectA
GetTextMetricsA
GetGlyphOutlineA
CreateDIBSection
DeleteDC
GetCharacterPlacementA
SetTextColor
SetBkColor
SetBkMode
GetFontLanguageInfo
CreateFontIndirectA
SetTextAlign
SetMapMode
CreateCompatibleDC
ExtTextOutA
MoveToEx
DeleteObject
GetStockObject

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey

shell32

DragQueryPoint
SHGetMalloc
DragFinish

ole32

CoInitializeEx
CoUninitialize

oleaut32

VariantClear

comctl32

ImageList_Destroy
InitCommonControlsEx
ImageList_Create
ImageList_AddMasked

avifil32

AVIFileExit
AVIStreamWrite
AVIFileRelease
AVIStreamRelease
AVIFileInit
AVIFileCreateStreamW
AVIMakeCompressedStream
AVIStreamSetFormat
AVIFileOpenW

msvfw32

ICCompressorChoose
ICCompressorFree

shlwapi

StrStrIW
StrTrimW
StrCmpW
StrIsIntlEqualW
PathCompactPathExW
SHDeleteKeyW
StrStrW

winmm

mmioSeek
timeGetTime
timeEndPeriod
timeGetDevCaps
timeBeginPeriod
mmioDescend
mmioSetInfo
mmioAscend
mmioAdvance
mmioClose
mmioCreateChunk
mmioWrite
mmioRead
mmioGetInfo

d3d9

Direct3DCreate9

dinput8

DirectInput8Create

dsound

ord11
ord3

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 245KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
readme.html
.html
schemadb.xsd
.xml
schemaromset.xsd
.xml
unrar.dll
.dll windows:4 windows x86 arch:x86

244d2f9772f4886a651db44514a2a29b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetFileSecurityA
SetFileSecurityW

kernel32

CloseHandle
CompareStringA
CompareStringW
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
DeviceIoControl
ExitProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCPInfo
GetCurrentProcess
GetCurrentThreadId
GetEnvironmentStrings
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
IsDBCSLeadByte
LCMapStringA
LoadLibraryA
LocalFileTimeToFileTime
MoveFileA
MultiByteToWideChar
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleCount
Sleep
SystemTimeToFileTime
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WideCharToMultiByte
WriteFile

user32

CharLowerA
CharLowerW
CharToOemA
CharToOemBuffA
CharUpperA
CharUpperW
EnumThreadWindows
MessageBoxA
OemToCharA
OemToCharBuffA
wsprintfA

Exports

Exports

RARCloseArchive
RARGetDllVersion
RAROpenArchive
RAROpenArchiveEx
RARProcessFile
RARProcessFileW
RARReadHeader
RARReadHeaderEx
RARSetCallback
RARSetChangeVolProc
RARSetPassword
RARSetProcessDataProc
___CPPdebugHook

Sections

.text
Size: 133KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd1fcfec6ca1a2b0bfb46d7f425f87a4

Headers

File Characteristics

Imports

user32

oleaut32

kernel32

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 120KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 13KB - Virtual size: 37KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 11KB - Virtual size: 10KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 56KB

UPX1 Size: 27KB - Virtual size: 28KB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 47KB - Virtual size: 47KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 58KB - Virtual size: 58KB

.reloc Size: 512B - Virtual size: 8B

e2ecc1d8e24a9bfcd100f1a2f85dc5a3

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

avifil32

msvfw32

shlwapi

winmm

d3d9

dinput8

dsound

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 245KB - Virtual size: 245KB

.data Size: 56KB - Virtual size: 89KB

.rsrc Size: 304KB - Virtual size: 304KB

244d2f9772f4886a651db44514a2a29b

Headers

File Characteristics

Imports

advapi32

kernel32

user32

Exports

Exports

Sections

.text Size: 133KB - Virtual size: 136KB

.data Size: 15KB - Virtual size: 44KB

.tls Size: 512B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.text
Size: 120KB - Virtual size: 120KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 13KB - Virtual size: 37KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 11KB - Virtual size: 10KB

UPX0
Size: - Virtual size: 56KB

UPX1
Size: 27KB - Virtual size: 28KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 58KB - Virtual size: 58KB

.reloc
Size: 512B - Virtual size: 8B

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 245KB - Virtual size: 245KB

.data
Size: 56KB - Virtual size: 89KB

.rsrc
Size: 304KB - Virtual size: 304KB

.text
Size: 133KB - Virtual size: 136KB

.data
Size: 15KB - Virtual size: 44KB

.tls
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB