IRULE 0[.]2[.]0[.]77[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

IRULE 0.2.0.77.zip
Size

21.1MB
MD5

b9e375eb82a69e4c41df564de7814000
SHA1

bad0b19a9e230f7ff05a30d61590ae01cbdda15c
SHA256

20cdd6a077ace489df7a33963ec1d1daf97f9b5fb779f4ad27b44eaead15ce9b
SHA512

65998d48708598d2c4b76efd955984c4836f262fd983bfb958b4b9161c7d5b7fbe705f5632c02a76b4a36f0c2b7617ababea9c97acf8a35b24de8d06b73e24b5
SSDEEP

393216:t93iBNfH98PKMWkIP5uVdyAurnn3c1oSxVfGKs5e/b5o4ZqTZVlDuIeGat:t9yXmPKMWXP5mRuLM5NG150i4QlVsIeL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/IRULE.exe

Files

IRULE 0.2.0.77.zip
.zip
IRULE.exe
.exe windows:6 windows x64 arch:x64

3d6d7559d6b933deccb2d87036ac6cf7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\GameMaker\GameMaker\GameMaker\Runner\VC_Runner\x64\Release-Zeus\Runner.pdb

Imports

rpcrt4

UuidToStringW
UuidCreate

wininet

HttpEndRequestW
InternetWriteFile
InternetCloseHandle
HttpSendRequestA
InternetCrackUrlA
InternetCanonicalizeUrlA
HttpOpenRequestA
HttpQueryInfoA
InternetOpenA
InternetConnectA
InternetReadFile
InternetGetConnectedState

d3d11

D3D11CreateDevice

dbghelp

MiniDumpWriteDump
SymInitialize
SymFromAddr

winmm

joyGetPos
mciSendStringA
timeGetTime
timeGetDevCaps
timeEndPeriod
timeBeginPeriod
joyGetPosEx

ws2_32

WSAStartup
WSAAddressToStringA
inet_pton
socket
connect
gethostname
recvfrom
recv
getsockopt
freeaddrinfo
sendto
ioctlsocket
setsockopt
WSAGetLastError
getpeername
inet_ntop
getnameinfo
__WSAFDIsSet
select
ntohl
ntohs
htonl
htons
getaddrinfo
listen
closesocket
bind
accept
WSACleanup
getsockname
send

gdiplus

GdiplusStartup
GdiplusShutdown

comctl32

InitCommonControlsEx

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

mfplat

MFStartup
MFCreateSourceResolver
MFCreateMediaType
MFShutdown

mf

MFCreateAudioRendererActivate
MFCreateTopologyNode
MFCreateMediaSession
MFCreateSampleGrabberSinkActivate
MFGetService
MFCreateTopology

iphlpapi

GetAdaptersAddresses
NotifyIpInterfaceChange
CancelMibChangeNotify2

kernel32

GetTempPathW
SetConsoleCtrlHandler
GetCurrentThread
WriteFile
GetStdHandle
FreeLibraryAndExitThread
ExitThread
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
MoveFileExW
SetFileAttributesW
GetFileAttributesExW
GetModuleHandleExW
HeapWalk
HeapValidate
RtlUnwind
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlPcToFileHeader
GetDateFormatW
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
InitializeSListHead
RaiseException
GetStartupInfoW
IsDebuggerPresent
GetFileSizeEx
SetFilePointerEx
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
RtlVirtualUnwind
ReadConsoleW
SetStdHandle
GetTimeZoneInformation
HeapReAlloc
SetCurrentDirectoryW
GetUserDefaultLCID
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeFormatW
CompareStringW
LCMapStringW
RtlUnwindEx
LoadLibraryW
GetProcAddress
WideCharToMultiByte
MultiByteToWideChar
GetLastError
LoadLibraryA
OutputDebugStringA
GetConsoleWindow
SetLastError
GetFullPathNameW
GetExitCodeThread
FormatMessageW
DeleteFileW
CloseHandle
CreateThread
GetCurrentDirectoryW
LocalFree
GetModuleHandleW
ReadFile
SetFilePointer
CreateFileW
GetFileAttributesW
GetCurrentDirectoryA
SetCurrentDirectoryA
GetFileSize
FreeLibrary
FormatMessageA
CreateDirectoryW
SetEnvironmentVariableW
FindNextFileW
RemoveDirectoryW
GetModuleFileNameW
GetEnvironmentVariableW
FindClose
WaitForSingleObject
ResumeThread
EnumSystemLocalesW
CreateProcessW
OpenThread
SetWaitableTimer
CreateWaitableTimerW
GetTickCount64
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentProcess
K32GetProcessMemoryInfo
GlobalAlloc
GlobalLock
GlobalUnlock
GetLocaleInfoW
GetVersionExW
GetSystemInfo
GlobalMemoryStatusEx
VerSetConditionMask
VerifyVersionInfoW
GlobalFree
GetCurrentProcessId
DebugBreak
GetEnvironmentVariableA
ExitProcess
lstrlenA
GetVersion
SetEnvironmentVariableA
CreateFileMappingW
MapViewOfFile
MoveFileA
GetCommandLineW
ExpandEnvironmentStringsW
GetFinalPathNameByHandleW
SetErrorMode
GetCurrentThreadId
SetUnhandledExceptionFilter
WaitForSingleObjectEx
CreateEventExA
OutputDebugStringW
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
ResetEvent
SetEvent
GetStringTypeW
GetLocaleInfoEx
GetCPInfo
CompareStringEx
LCMapStringEx
DecodePointer
EncodePointer
CreateSymbolicLinkW
GetFileInformationByHandleEx
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
GetSystemTimeAsFileTime
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
InitOnceExecuteOnce
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetFileInformationByHandle
GetNativeSystemInfo
SwitchToThread
SleepConditionVariableSRW
SleepConditionVariableCS
SetEndOfFile
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryEnterCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
TlsFree
TlsGetValue
TlsAlloc
SetThreadPriority
TlsSetValue
DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
RtlCaptureStackBackTrace
IsValidLocale
FlushFileBuffers
GetConsoleOutputCP
Sleep
GetConsoleMode
HeapSize
FindFirstFileW
WriteConsoleW

user32

DispatchMessageW
IsDialogMessageW
PeekMessageW
EnumDisplaySettingsA
TranslateMessage
UpdateWindow
SetDlgItemTextA
MessageBoxA
GetFocus
OpenClipboard
CloseClipboard
EmptyClipboard
GetMonitorInfoW
MonitorFromWindow
SetProcessDPIAware
SetParent
GetRawInputDeviceList
GetRawInputDeviceInfoA
MessageBoxW
LoadImageW
SetForegroundWindow
GetClipboardData
SetClipboardData
IsClipboardFormatAvailable
keybd_event
GetAsyncKeyState
ReleaseCapture
FindWindowA
EnumDisplaySettingsW
PostThreadMessageW
GetClientRect
IsWindowVisible
GetWindowLongPtrW
GetLayeredWindowAttributes
IntersectRect
wsprintfW
GetCursorPos
GetActiveWindow
SetWindowLongPtrW
ClientToScreen
MoveWindow
SetCursorPos
CreateDialogParamW
GetDC
EndDialog
SetWindowTextW
SetDlgItemTextW
GetDlgItemTextW
GetDlgItem
DialogBoxParamW
ReleaseDC
GetWindowLongW
DefWindowProcW
AdjustWindowRectEx
GetKeyState
PostMessageW
GetWindowRect
DestroyWindow
SetWindowPos
CreateWindowExW
ScreenToClient
SendMessageW
CallNextHookEx
GetSystemMetrics
RegisterClassExW
ShowWindow
FindWindowExA
MapWindowPoints
UnhookWindowsHookEx
EnumWindows
SetFocus
BringWindowToTop
EnumDisplayDevicesW
LoadCursorW
SendMessageA
DrawTextW
SetCapture
SetWindowsHookExW
SetCursor

gdi32

GetStockObject
DeleteObject
CombineRgn
GetRgnBox
CreateRectRgnIndirect
GetDeviceCaps
SelectObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegOpenKeyExW
RegCloseKey
CryptGenRandom
CryptReleaseContext
RegQueryValueExW
CryptAcquireContextA

shell32

ShellExecuteW
SHGetFolderPathW

ole32

CoInitialize
CoTaskMemFree
CoCreateInstance
CoCreateFreeThreadedMarshaler
PropVariantClear

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext
ImmSetCandidateWindow

dwmapi

DwmGetCompositionTimingInfo
DwmGetWindowAttribute

Sections

.text
Size: 8.7MB - Virtual size: 8.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 432KB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 407KB - Virtual size: 406KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

minATL
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mydata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
data.win
locales/assets_ru/game_over_text.png
.png
locales/assets_ru/ui_achievement.png
.png
locales/assets_ru/ui_announcement.png
.png
locales/assets_ru/ui_babies_catalogue.png
.png
locales/assets_ru/ui_continue_button.png
.png
locales/assets_ru/ui_item_soldout.png
.png
locales/assets_ru/ui_pause_button.png
.png
locales/assets_ru/ui_readysetcry.png
.png
locales/assets_ru/ui_start_button.png
.png
locales/assets_ru/ui_wave_huge.png
.png
locales/en.json
locales/ru.json
mus_boss1.ogg
mus_boss2.ogg
mus_boss3.ogg
mus_boss_win.ogg
mus_calm.ogg
mus_ch1.ogg
mus_ch1_layer.ogg
mus_ch2.ogg
mus_ch2_layer.ogg
mus_ch3.ogg
mus_ch3_layer.ogg
mus_echoes.ogg
mus_game_over_real.ogg
mus_lalala.ogg
mus_menu.ogg
mus_shop.ogg
options.ini
s_punch1.ogg
s_voice_fullhealth.ogg
s_voice_percs.ogg
s_voice_powerpill.ogg
s_voice_speeddown.ogg
s_voice_speedup.ogg
s_voice_wrong.ogg

Sharing

General

Malware Config

Signatures

Files

3d6d7559d6b933deccb2d87036ac6cf7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

wininet

d3d11

dbghelp

winmm

ws2_32

gdiplus

comctl32

version

mfplat

mf

iphlpapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

imm32

dwmapi

Sections

.text Size: 8.7MB - Virtual size: 8.7MB

.rdata Size: 2.0MB - Virtual size: 2.0MB

.data Size: 432KB - Virtual size: 2.8MB

.pdata Size: 407KB - Virtual size: 406KB

minATL Size: 512B - Virtual size: 24B

_RDATA Size: 512B - Virtual size: 244B

.mydata Size: 512B - Virtual size: 24B

.rsrc Size: 47KB - Virtual size: 46KB

.text
Size: 8.7MB - Virtual size: 8.7MB

.rdata
Size: 2.0MB - Virtual size: 2.0MB

.data
Size: 432KB - Virtual size: 2.8MB

.pdata
Size: 407KB - Virtual size: 406KB

minATL
Size: 512B - Virtual size: 24B

_RDATA
Size: 512B - Virtual size: 244B

.mydata
Size: 512B - Virtual size: 24B

.rsrc
Size: 47KB - Virtual size: 46KB