5282c767a018a00ce7988addaf601508c1e339e1e7acf9d24da0c4a0db0e70d1

Sharing

Copy URL Twitter E-mail

General

Target

5282c767a018a00ce7988addaf601508c1e339e1e7acf9d24da0c4a0db0e70d1
Size

1.1MB
MD5

315e62f062541a804b6ba177061b5c14
SHA1

c9647bc82e17001538bb54150b4c598cfa0c9556
SHA256

5282c767a018a00ce7988addaf601508c1e339e1e7acf9d24da0c4a0db0e70d1
SHA512

23103f49d0670d7a7bf71d7d29d5b29951dae6252caf16e2b1580d943c2d3468571fc427b9e7b5df4afedb15c150b8337d7af020179f2aa0f78df470e619d519
SSDEEP

24576:rio3EfzEEK7K65oCVi2MeVBkSSTiiq5ttdyrThXv8DsoX:dY4En3TqtdyrThXEDRX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5282c767a018a00ce7988addaf601508c1e339e1e7acf9d24da0c4a0db0e70d1

Files

5282c767a018a00ce7988addaf601508c1e339e1e7acf9d24da0c4a0db0e70d1
.exe windows:4 windows x86 arch:x86

d7ebd5a771b6256fc78fe9187de09d61

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\work\kuai8App\GMApps\GMStartGame\bin\win32\release\startgame.pdb

Imports

wininet

InternetSetOptionW
InternetOpenUrlW
InternetReadFile
InternetOpenW
InternetCloseHandle
HttpQueryInfoW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

msimg32

AlphaBlend

comctl32

_TrackMouseEvent

riched20

ord4

kernel32

GetTempPathW
FreeEnvironmentStringsW
SetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
GetFileAttributesW
GetCurrentThreadId
ResumeThread
CreateEventW
ResetEvent
SetEvent
MultiByteToWideChar
WideCharToMultiByte
FindNextFileW
FindFirstFileW
FindClose
GetProcAddress
LoadLibraryW
FreeLibrary
GetVersionExW
GetSystemInfo
GetWindowsDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetLongPathNameW
MoveFileW
GetFullPathNameW
MoveFileExW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GlobalUnlock
GlobalAlloc
GlobalFree
GlobalLock
VirtualQueryEx
ReadProcessMemory
Sleep
TerminateProcess
SetLastError
VirtualProtectEx
VirtualAllocEx
WriteProcessMemory
GetEnvironmentVariableW
GetCurrentProcess
MulDiv
InterlockedDecrement
InterlockedIncrement
FreeResource
FindResourceW
LoadResource
LockResource
SizeofResource
HeapFree
GetProcessHeap
GetModuleFileNameA
GetStdHandle
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
ExitProcess
GetModuleHandleA
GetCPInfo
LCMapStringW
LCMapStringA
RaiseException
HeapReAlloc
RtlUnwind
CreateThread
ExitThread
GetStartupInfoW
GetVersionExA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapAlloc
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
GetCommandLineA
QueryPerformanceCounter
GetCurrentProcessId
GetLocalTime
GetEnvironmentStringsW
GetTempFileNameW
SetEnvironmentVariableW
GetTimeZoneInformation
lstrcmpW
GetCommandLineW
GetModuleHandleW
GetModuleFileNameW
GetLastError
OpenMutexW
OpenProcess
ReleaseMutex
CreateMutexW
GetExitCodeProcess
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrlenA
WritePrivateProfileStringW
CreateFileW
SetFilePointer
ReadFile
DeleteFileW
SetEndOfFile
WriteFile
lstrlenW
GetFileSize
CreateProcessW
WaitForSingleObject
CloseHandle
GetTickCount
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetFileType
GetStartupInfoA
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
LoadLibraryA
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA

user32

SetWindowRgn
GetKeyState
InvalidateRect
GetMonitorInfoW
ScreenToClient
ReleaseCapture
GetFocus
BeginPaint
MonitorFromWindow
IsWindow
CreateWindowExW
RegisterClassExW
RegisterClassW
SendMessageW
GetMessageW
EnableWindow
SetFocus
LoadImageW
DestroyIcon
GetClassInfoExW
CharNextA
MoveWindow
ReleaseDC
RedrawWindow
GetDC
CharNextW
PtInRect
DrawFocusRect
UpdateLayeredWindow
IsRectEmpty
IntersectRect
DestroyWindow
IsChild
GetUpdateRect
EndPaint
InvalidateRgn
LoadBitmapW
LoadStringW
GetActiveWindow
AttachThreadInput
IsIconic
MapWindowPoints
GetWindowTextW
IsZoomed
GetWindowTextLengthW
OffsetRect
DrawTextW
CharPrevW
FillRect
CopyImage
DrawIconEx
DestroyAcceleratorTable
GetAsyncKeyState
SetCaretPos
TranslateAcceleratorW
SetCapture
LoadCursorW
SetForegroundWindow
GetWindowRect
GetParent
PostQuitMessage
CallNextHookEx
SetWindowTextW
GetWindowThreadProcessId
SetWindowsHookExW
EnumThreadWindows
FindWindowW
MessageBoxW
GetForegroundWindow
GetSystemMetrics
ShowWindow
IsWindowVisible
GetDesktopWindow
GetClientRect
SystemParametersInfoW
wsprintfA
wsprintfW
SetWindowPos
PostMessageW
KillTimer
TranslateMessage
PeekMessageW
DispatchMessageW
SetTimer
CallWindowProcW
DefWindowProcW
SetPropW
GetClassNameW
SetWindowLongW
GetPropW
GetWindow
GetWindowLongW
ShowCaret
ClientToScreen
HideCaret
GetSysColor
CreateCaret
CreateAcceleratorTableW
GetCursorPos
SetCursor

gdi32

CreateSolidBrush
GetBitmapBits
GetClipBox
SetStretchBltMode
GetStockObject
CreateEllipticRgn
SelectClipRgn
GetCharABCWidthsW
CreateCompatibleDC
SetBkMode
StretchBlt
GetTextExtentPoint32W
TextOutW
ExtSelectClipRgn
RoundRect
SetBitmapBits
ExtTextOutW
CreateCompatibleBitmap
BitBlt
CreateRectRgnIndirect
SetBkColor
CreateRoundRectRgn
CombineRgn
CreateRectRgn
EnumFontsW
Rectangle
CreatePen
DeleteDC
CreateDIBSection
CreateFontIndirectW
GetTextMetricsW
GetDeviceCaps
DeleteObject
GetObjectW
SetTextColor
SelectObject

advapi32

RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey

shell32

SHGetSpecialFolderPathW
CommandLineToArgvW
SHGetFolderPathW
ShellExecuteW
ShellExecuteExW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
CoInitializeEx
CoUninitialize
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CreateStreamOnHGlobal

oleaut32

SysFreeString
SysAllocString
OleLoadPicture

shlwapi

StrStrIW
StrStrIA

Sections

.text
Size: 824KB - Virtual size: 821KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7ebd5a771b6256fc78fe9187de09d61

Headers

File Characteristics

PDB Paths

Imports

wininet

version

msimg32

comctl32

riched20

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 824KB - Virtual size: 821KB

.rdata Size: 156KB - Virtual size: 153KB

.data Size: 16KB - Virtual size: 24KB

.tls Size: 4KB - Virtual size: 9B

.rsrc Size: 124KB - Virtual size: 122KB

.text
Size: 824KB - Virtual size: 821KB

.rdata
Size: 156KB - Virtual size: 153KB

.data
Size: 16KB - Virtual size: 24KB

.tls
Size: 4KB - Virtual size: 9B

.rsrc
Size: 124KB - Virtual size: 122KB