d38b71d06b78dc3c12f9d9a9fb467b3bd55781cec8026d4ecd321cc0e70d0666

Sharing

Copy URL

Twitter E-mail

General

Target

d38b71d06b78dc3c12f9d9a9fb467b3bd55781cec8026d4ecd321cc0e70d0666
Size

1.4MB
MD5

8ad3f57a3d124c8043f2f240d5eb9c5e
SHA1

09e1bbb51decbace9d73e48256dd3ad960e3d55f
SHA256

d38b71d06b78dc3c12f9d9a9fb467b3bd55781cec8026d4ecd321cc0e70d0666
SHA512

9086f358859a4d81522c99f32cb5749a20ad00d6fa1ab5d44c50fab1152f0d7a815ec9ea2ebe9e98f1e1cdaf1c484c99fe74a24e6831db4841295e87babb5bf8
SSDEEP

24576:v/JVunWQCmg/h10ZwR9jFcUpX75Ckf96DSOlckt:vHGwV75Ckf9IJ1t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d38b71d06b78dc3c12f9d9a9fb467b3bd55781cec8026d4ecd321cc0e70d0666

Files

d38b71d06b78dc3c12f9d9a9fb467b3bd55781cec8026d4ecd321cc0e70d0666
.exe windows:5 windows x86 arch:x86

ca3dc9c32c010f92f3366844cdab79eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\src\sun\Server\_binv90\WorldServer.pdb

Imports

kernel32

FindResourceA
FindResourceExA
GetVolumeInformationA
FreeLibrary
GetProcAddress
LoadLibraryA
GetTickCount
CreateDirectoryA
LoadResource
GetPrivateProfileStringA
GetPrivateProfileIntA
GetCurrentDirectoryA
IsBadReadPtr
IsBadWritePtr
FileTimeToSystemTime
SystemTimeToFileTime
LockResource
SizeofResource
Sleep
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CreateFileW
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
CreateProcessA
GetExitCodeProcess
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetTimeZoneInformation
GetConsoleCP
VirtualAlloc
IsValidCodePage
GetOEMCP
GetACP
GetModuleHandleA
QueryPerformanceCounter
VirtualFree
HeapCreate
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ExitProcess
GetModuleHandleW
GetCPInfo
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetFileType
SetStdHandle
CreateThread
ExitThread
GetSystemTimeAsFileTime
GetNumberOfConsoleInputEvents
PeekConsoleInputA
WaitForSingleObject
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
CreateIoCompletionPort
WaitForMultipleObjects
PostQueuedCompletionStatus
InterlockedCompareExchange
SuspendThread
ResumeThread
CreateEventA
SetEvent
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetLastError
GetQueuedCompletionStatus
OutputDebugStringA
SetCurrentDirectoryA
GetModuleFileNameA
WriteFile
InitializeCriticalSection
GetStdHandle
SetConsoleTitleA
ReadFile
GetFileSize
CreateFileA
FlushFileBuffers
HeapAlloc
GetProcessHeap
HeapFree
WriteConsoleA
FreeConsole
SetConsoleMode
ReadConsoleInputA
SetConsoleScreenBufferSize
SetConsoleWindowInfo
GetConsoleScreenBufferInfo
GetConsoleMode
AllocConsole
lstrcpynA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
RaiseException
SetUnhandledExceptionFilter
GetLocalTime
CompareStringA
HeapDestroy
HeapReAlloc
HeapSize
InterlockedIncrement
InterlockedDecrement
LocalFree
FormatMessageA
SetFilePointer
FindClose
FindFirstFileA
GetFileInformationByHandle
CopyFileA
DeleteFileA
RemoveDirectoryA
GetCommandLineA
GetStartupInfoA
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetFileAttributesA
WideCharToMultiByte

sunwritelogmng

??1BaseLog@@UAE@XZ
??0ActionData@@QAE@XZ
??0MoneyData@@QAE@XZ
??0ChatData@@QAE@XZ
??1ChatData@@UAE@XZ
??1MoneyData@@UAE@XZ
?Serialize@CWriteLogMng@@QAEXAAVBaseLogData@@@Z
?AddAddInfo@BaseLogData@@QAEXPAD@Z
?SetMapCode@ActionData@@QAEXG@Z
?SetCharName@BaseLogData@@QAEXPBDK@Z
?SetLogType@BaseLogData@@QAEXH@Z
?Init@ActionData@@QAEXXZ
?IsRun@BaseLog@@QAEHXZ
?SetContext@ChatData@@QAEXPADK@Z
?SetUserGuid@ChatData@@QAEXH@Z
??1ActionData@@UAE@XZ
?Init@BaseLog@@QAEHEPAD00@Z
??0BaseLog@@QAE@XZ
?Init@MoneyData@@QAEXXZ
?SetListenUserGuid@ChatData@@QAEXH@Z
?SetListenCharName@ChatData@@QAEXPADK@Z
?Init@ChatData@@QAEXXZ
?SetAccountID@BaseLogData@@QAEXPBDK@Z
?SetUserIP@BaseLogData@@QAEXPBDK@Z
?SetMapCode@ChatData@@QAEXG@Z
?SetChannel@ChatData@@QAEXH@Z
?SetRoomNo@ChatData@@QAEXH@Z

shlwapi

PathFileExistsA
PathIsDirectoryA

ws2_32

inet_addr
WSASocketA
WSAGetLastError
WSASend
setsockopt
htons
listen
bind
htonl
WSAIoctl
closesocket
inet_ntoa
WSAStartup
connect
WSARecv
WSACleanup

solarlog

?Create@SolarLog@@QAEHPAD0@Z
?LOG@SolarLog@@QAEHPAEK@Z
??1SolarLog@@QAE@XZ
??0SolarLog@@QAE@XZ

winmm

timeGetTime

user32

wvsprintfA
wsprintfA

advapi32

RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
SetServiceStatus

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca3dc9c32c010f92f3366844cdab79eb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

sunwritelogmng

shlwapi

ws2_32

solarlog

winmm

user32

advapi32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 114KB - Virtual size: 113KB

.data Size: 21KB - Virtual size: 78KB

.rsrc Size: 512B - Virtual size: 436B

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 114KB - Virtual size: 113KB

.data
Size: 21KB - Virtual size: 78KB

.rsrc
Size: 512B - Virtual size: 436B