绝情谷三城专用版[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

绝情谷三城专用版.exe
Size

7.2MB
MD5

fc4b4952ce972f26333371132f800f2a
SHA1

50555139421389803ac1a69fa8697d0a56f2df09
SHA256

8a0590a2b0c404384f3499147d2ebaa8a92604afecfbf7275148b5d0a1b534d9
SHA512

4f4c460a28269900ebb0d50218c08181d2425fa55b0f919fa61f21d497675c34c60ac81e34102b41de6418f0100d60ebe54f6387c4a08a1df73e2bcd3895d3dc
SSDEEP

196608:5Z2Lwm2kZzvG/ahjQ2VMEOrBj72A5cid7sVSUW:Jm2kpWahjQ2VeF72yzUW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
绝情谷三城专用版.exe

Files

绝情谷三城专用版.exe
.exe windows:5 windows x86 arch:x86

a78f0898319d4676ac6b9a47a7128371

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winspool.drv

DocumentPropertiesW

comdlg32

ChooseColorW

comctl32

FlatSB_SetScrollInfo

shell32

SHGetSpecialFolderLocation

user32

CopyImage

version

GetFileVersionInfoSizeW

urlmon

URLDownloadToFileW

oleaut32

SafeArrayPutElement

netapi32

NetWkstaGetInfo

wtsapi32

WTSUnRegisterSessionNotification

advapi32

RegSetValueExW

msvcrt

memcpy

winhttp

WinHttpGetIEProxyConfigForCurrentUser

kernel32

GetVersion
GetVersionExW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

shfolder

SHGetFolderPathW

ole32

IsEqualGUID

gdi32

Pie

ntdll

ZwQueryInformationProcess

Exports

Exports

__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 109KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 122B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 296B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.操你�
Size: - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.操你�
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.操你�
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 350KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a78f0898319d4676ac6b9a47a7128371

Headers

DLL Characteristics

File Characteristics

Imports

winspool.drv

comdlg32

comctl32

shell32

user32

version

urlmon

oleaut32

netapi32

wtsapi32

advapi32

msvcrt

winhttp

kernel32

shfolder

ole32

gdi32

ntdll

Exports

Exports

Sections

.text Size: - Virtual size: 5.7MB

.itext Size: - Virtual size: 19KB

.data Size: - Virtual size: 74KB

.bss Size: - Virtual size: 109KB

.idata Size: - Virtual size: 16KB

.didata Size: - Virtual size: 6KB

.edata Size: - Virtual size: 122B

.tls Size: - Virtual size: 296B

.rdata Size: - Virtual size: 93B

.操你� Size: - Virtual size: 4.6MB

.操你� Size: 4KB - Virtual size: 3KB

.操你� Size: 6.9MB - Virtual size: 6.9MB

.rsrc Size: 350KB - Virtual size: 350KB

.text
Size: - Virtual size: 5.7MB

.itext
Size: - Virtual size: 19KB

.data
Size: - Virtual size: 74KB

.bss
Size: - Virtual size: 109KB

.idata
Size: - Virtual size: 16KB

.didata
Size: - Virtual size: 6KB

.edata
Size: - Virtual size: 122B

.tls
Size: - Virtual size: 296B

.rdata
Size: - Virtual size: 93B

.操你�
Size: - Virtual size: 4.6MB

.操你�
Size: 4KB - Virtual size: 3KB

.操你�
Size: 6.9MB - Virtual size: 6.9MB

.rsrc
Size: 350KB - Virtual size: 350KB