0b2a017fca657c758f17f5ab1f3eb52654ffbb1fbcc5393aa3b4a3008d6411da

Sharing

Copy URL Twitter E-mail

General

Target

0b2a017fca657c758f17f5ab1f3eb52654ffbb1fbcc5393aa3b4a3008d6411da
Size

5.4MB
MD5

bbc12475ba7f569f87fc6eca03673580
SHA1

381307567489c1446d264d3cdd590f468293dc67
SHA256

0b2a017fca657c758f17f5ab1f3eb52654ffbb1fbcc5393aa3b4a3008d6411da
SHA512

d5cb384289480739d2fa776ff386af4fce32f9c96343061b1aea1953922278af9535a75d1999e684caeafbb572089fc9c51102097889d140057c8c6a67d03750
SSDEEP

98304:NK5Xv0lm5mCDDQIDj2qlWiDzA0mQcu/gL6eDcTv5KEQlNmTd3L+:Nomur2qlWio0eLZ4z5Yq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b2a017fca657c758f17f5ab1f3eb52654ffbb1fbcc5393aa3b4a3008d6411da

Files

0b2a017fca657c758f17f5ab1f3eb52654ffbb1fbcc5393aa3b4a3008d6411da
.dll windows:6 windows x86 arch:x86

8159c3227c361200e7727e45f1de617e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Z:\OsmosisGameGuard\EyeProtocol\UserProtocol\Release\UserProtocol.pdb

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSetValueExW
RegCloseKey
RegSetValueExA
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegDeleteValueA
RegEnumValueA
RegDeleteKeyA
RegOpenKeyExA
RegEnumKeyExA
RegCreateKeyExA
RegQueryValueExA

user32

DefMDIChildProcA
DefFrameProcA
DrawMenuBar
SubtractRect
GetUpdateRect
IsClipboardFormatAvailable
CharUpperBuffA
RegisterClipboardFormatA
ModifyMenuA
GetDoubleClickTime
LockWindowUpdate
SetRect
CopyAcceleratorTableA
UnionRect
CreateAcceleratorTableA
LoadAcceleratorsW
ToAsciiEx
GetKeyboardState
MapVirtualKeyExA
IsCharLowerA
GetKeyboardLayout
WaitMessage
PostThreadMessageA
GetComboBoxInfo
ReuseDDElParam
UnpackDDElParam
InsertMenuItemA
CreateMenu
GetWindowRgn
DestroyCursor
InvertRect
TranslateMDISysAccel
LoadCursorW
SetMenuDefaultItem
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
MapVirtualKeyA
GetKeyNameTextA
MessageBoxA
DrawIcon
FrameRect
CopyIcon
EnumDisplayMonitors
SetWindowDisplayAffinity
SetLayeredWindowAttributes
wsprintfW
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateA
SetClassLongA
SetWindowRgn
SetParent
DrawEdge
DrawFrameControl
IsZoomed
LoadMenuW
GetSystemMenu
BringWindowToTop
SetCursorPos
HideCaret
EnableScrollBar
MessageBeep
GetIconInfo
DrawIconEx
LoadImageA
IsRectEmpty
DrawFocusRect
WindowFromPoint
ReleaseCapture
SetCapture
GetNextDlgGroupItem
LoadImageW
TrackMouseEvent
IntersectRect
InvalidateRect
KillTimer
SetTimer
DeleteMenu
SetCursor
ShowOwnedPopups
MapDialogRect
GetAsyncKeyState
GetNextDlgTabItem
EndDialog
UpdateLayeredWindow
MonitorFromPoint
DestroyAcceleratorTable
GetClassNameA
CreateDialogIndirectParamA
OffsetRect
SetRectEmpty
CopyImage
SystemParametersInfoA
InflateRect
LoadMenuA
TranslateAcceleratorA
GetMenuItemInfoA
DestroyMenu
FillRect
GetWindowDC
TabbedTextOutA
GrayStringA
DrawTextExA
GetMenuStringA
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuA
AppendMenuA
RemoveMenu
UnhookWindowsHookEx
SendMessageA
EnableWindow
IsWindowEnabled
GetWindowLongA
GetParent
GetWindowThreadProcessId
GetLastActivePopup
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
LoadCursorA
GetWindowTextA
GetWindowTextLengthA
GetMessageA
TranslateMessage
DispatchMessageA
PeekMessageA
IsWindowVisible
GetActiveWindow
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExA
CallNextHookEx
DestroyIcon
CharUpperA
GetDlgCtrlID
GetFocus
SetWindowTextA
GetWindowRect
ClientToScreen
PtInRect
GetDesktopWindow
DrawTextA
GetWindow
RealChildWindowFromPoint
SetFocus
SetScrollPos
GetScrollPos
IsWindow
ShowWindow
MoveWindow
SetWindowPos
GetDlgItem
CheckDlgButton
SendDlgItemMessageA
SetWindowLongA
IsDialogMessageA
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoA
LoadBitmapW
RegisterWindowMessageA
GetMessagePos
GetMessageTime
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
GetClassInfoA
GetClassInfoExA
CreateWindowExA
IsMenu
IsChild
DestroyWindow
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsIconic
GetCapture
GetMenu
SetMenu
TrackPopupMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
RedrawWindow
ScrollWindow
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropA
GetPropA
RemovePropA
GetClientRect
AdjustWindowRectEx
ScreenToClient
MapWindowPoints
CopyRect
EqualRect
GetClassLongA
GetTopWindow
LoadIconA
LoadIconW
SetScrollInfo
GetScrollInfo
WinHelpA
MonitorFromWindow
GetMonitorInfoA
PostQuitMessage
LoadAcceleratorsA

kernel32

UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsValidCodePage
SearchPathA
GetProfileIntA
GetTickCount
VerifyVersionInfoA
VerSetConditionMask
GetWindowsDirectoryA
FindResourceExW
lstrcpyA
GetACP
GetCurrentDirectoryA
GetCPInfo
GetOEMCP
GetUserDefaultUILanguage
GetFileTime
GetFileSizeEx
GetFileAttributesExA
GetFileAttributesA
FileTimeToLocalFileTime
GetVersionExA
GlobalFindAtomA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetSystemDirectoryW
EncodePointer
GlobalFlags
FreeLibrary
GetVolumeInformationA
lstrcmpiA
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetFileSize
FlushFileBuffers
GlobalAddAtomA
ResumeThread
SetThreadPriority
WaitForSingleObject
GetThreadLocale
FileTimeToSystemTime
GlobalGetAtomNameA
lstrcmpA
CompareStringA
LoadLibraryW
GetModuleHandleW
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
HeapSize
HeapReAlloc
RaiseException
DecodePointer
OutputDebugStringA
GetModuleFileNameA
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CopyFileA
MulDiv
GlobalUnlock
GlobalLock
GlobalSize
FindResourceW
SetLastError
SetUnhandledExceptionFilter
FormatMessageA
LocalFree
GetTempPathA
OpenProcess
VirtualProtectEx
VirtualFree
MultiByteToWideChar
GetFullPathNameA
HeapFree
FindResourceA
SizeofResource
LoadResource
GlobalAlloc
LockResource
GlobalFree
LoadLibraryA
VirtualProtect
DeleteFileA
WriteFile
GetDateFormatA
GetTimeFormatA
Sleep
GetSystemTime
SystemTimeToTzSpecificLocalTime
Process32Next
Process32First
CreateToolhelp32Snapshot
SleepEx
GetTickCount64
VirtualAlloc
GetProcAddress
WideCharToMultiByte
GetProcessHeap
HeapAlloc
GetLastError
WTSGetActiveConsoleSessionId
CreateFileA
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
GetModuleHandleA
CloseHandle
ExitProcess
IsBadReadPtr
FindNextFileW
FindFirstFileExW
GetConsoleCP
GetStringTypeW
GetTimeZoneInformation
LCMapStringW
CompareStringW
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetStdHandle
GetFileType
SetStdHandle
QueryPerformanceFrequency
GetCommandLineW
GetCommandLineA
HeapQueryInformation
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetSystemInfo
VirtualQuery
InterlockedFlushSList
RtlUnwind
OutputDebugStringW
FindFirstFileA
FindClose
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
CreateFileW
DeleteCriticalSection
GetTempFileNameA
WriteConsoleW

gdi32

GetTextFaceA
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
OffsetRgn
GetRgnBox
Rectangle
LPtoDP
CreateRoundRectRgn
Polyline
Polygon
CreatePolygonRgn
GetTextColor
Ellipse
CreateEllipticRgn
SetDIBColorTable
CreateDIBSection
StretchBlt
SetPixel
GetTextCharsetInfo
EnumFontFamiliesA
CreateDIBitmap
CreateCompatibleBitmap
GetBkColor
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
EnumFontFamiliesExA
GetTextMetricsA
DPtoLP
SetRectRgn
PatBlt
CreateRectRgnIndirect
CombineRgn
GetTextExtentPoint32A
CreateFontIndirectA
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutA
TextOutA
MoveToEx
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
BitBlt
GetObjectA
SetTextColor
SetBkColor
CreateBitmap
DeleteObject
DeleteDC
GetDeviceCaps
CreateDCA
CopyMetaFileA

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

shell32

SHGetFileInfoA
SHAppBarMessage
SHBrowseForFolderA
DragFinish
DragQueryFileA
ShellExecuteA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetDesktopFolder

shlwapi

PathFindExtensionA
PathStripToRootA
PathIsUNCA
PathFindFileNameA
PathRemoveFileSpecW
StrFormatKBSizeA

uxtheme

CloseThemeData
DrawThemeParentBackground
GetThemeColor
GetCurrentThemeName
GetWindowTheme
DrawThemeBackground
OpenThemeData
DrawThemeText
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
GetThemePartSize

ntdll

RtlDosPathNameToNtPathName_U
NtUnloadDriver
RtlInitUnicodeString
NtLoadDriver

wtsapi32

WTSSendMessageA

dbghelp

MiniDumpWriteDump

ws2_32

htons
socket
connect
inet_addr
send
gethostname
recv
closesocket
WSAStartup
WSACleanup
getservbyname
gethostbyaddr
gethostbyname

ole32

OleCreateMenuDescriptor
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
RegisterDragDrop
OleLockRunning
RevokeDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CreateStreamOnHGlobal
CoInitializeEx
CoInitialize
CoUninitialize
CoCreateInstance
CoDisconnectObject
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc

oleaut32

SysAllocString
VariantInit
VarBstrFromDate
VariantChangeType
VariantCopy
VariantClear
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringLen
SysStringLen
LoadTypeLi
SysAllocStringByteLen
SysFreeString

gdiplus

GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdiplusShutdown
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipAlloc
GdipGetImageWidth

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmGetOpenStatus
ImmGetContext
ImmReleaseContext

winmm

PlaySoundA

Exports

Exports

HelperOpenCrashDumpCatch
HelperSendMail
KeepaliveMethod
NiajiaGetKernelLastError
NiajiaGetLastError
NiajiaSwapCabinMemoryLoad
NiajiaUserLogin
NiajiaUserLoginEx
RtlAllocateVirtualMemory
RtlAntiScreenshotForHwnd
RtlFlushGlobalCache
RtlGainProcessModuleHandle
RtlGainProcessModuleHandleSpecial
RtlGainProcessPid
RtlHwndGuard
RtlInitProcess
RtlIntConvertToInt64
RtlMouseClickLeftDown
RtlMouseClickLeftUp
RtlMouseClickRightDown
RtlMouseClickRightUp
RtlMoveMouseRelative
RtlProtectProcess
RtlReadProcessMemory32
RtlReadProcessMemory64
RtlUnsignedAdd
RtlUnsignedAddConvertToInt64
RtlUnsignedInt64Add
RtlUnsignedInt64Sub
RtlUnsignedSub
RtlUnsignedSubConvertToInt64
RtlVirtualProtect
RtlWriteProcessMemory32
RtlWriteProcessMemory64

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 339KB - Virtual size: 339KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.trace
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8159c3227c361200e7727e45f1de617e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

user32

kernel32

gdi32

msimg32

winspool.drv

shell32

shlwapi

uxtheme

ntdll

wtsapi32

dbghelp

ws2_32

ole32

oleaut32

gdiplus

oleacc

imm32

winmm

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 339KB - Virtual size: 339KB

.data Size: 68KB - Virtual size: 90KB

.data1 Size: 5KB - Virtual size: 5KB

.trace Size: 8KB - Virtual size: 8KB

.rsrc Size: 3.4MB - Virtual size: 3.4MB

.reloc Size: 133KB - Virtual size: 133KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 339KB - Virtual size: 339KB

.data
Size: 68KB - Virtual size: 90KB

.data1
Size: 5KB - Virtual size: 5KB

.trace
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 3.4MB - Virtual size: 3.4MB

.reloc
Size: 133KB - Virtual size: 133KB