d:\Cris Files\Output\WorldServer\Release\WorldServer.pdb
Static task
static1
Behavioral task
behavioral1
Sample
348dd29b0dc905642b947954db8465b54c12c809dd1d3d7e6548f4969a3bb3aa.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
348dd29b0dc905642b947954db8465b54c12c809dd1d3d7e6548f4969a3bb3aa.exe
Resource
win10v2004-20240704-en
General
-
Target
348dd29b0dc905642b947954db8465b54c12c809dd1d3d7e6548f4969a3bb3aa
-
Size
2.4MB
-
MD5
d398698bd736f490a3477b61918721f3
-
SHA1
9c89e5167c05da80d94099d230a99db2430b1c00
-
SHA256
348dd29b0dc905642b947954db8465b54c12c809dd1d3d7e6548f4969a3bb3aa
-
SHA512
3ee9c3aa72f4202f17554c48736e7dc889e4c03243acb00cb04cd3053776c070170eaa01480913bca699fbe274599db1703dfaae3210d0c57c38c3f166661cfe
-
SSDEEP
49152:2rqElCGq76eFPbPnCxBJ0GeTQEKo/xbx:wVu6e1LnuBKAK
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 348dd29b0dc905642b947954db8465b54c12c809dd1d3d7e6548f4969a3bb3aa
Files
-
348dd29b0dc905642b947954db8465b54c12c809dd1d3d7e6548f4969a3bb3aa.exe windows:4 windows x86 arch:x86
08fbcfa372f5252d4587d425a3703af3
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
winmm
timeGetTime
ws2_32
WSACloseEvent
WSACreateEvent
ntohs
WSASocketA
htonl
bind
gethostname
htons
closesocket
shutdown
WSASetLastError
WSAGetLastError
connect
gethostbyname
WSAEnumNetworkEvents
WSAAccept
WSAEventSelect
listen
setsockopt
WSAWaitForMultipleEvents
WSAResetEvent
inet_addr
WSARecv
getpeername
WSASend
WSACleanup
WSAStartup
WSASetEvent
kernel32
WriteFile
DeleteFileA
ReadFile
GetProfileIntA
GetModuleHandleA
LocalFree
FormatMessageA
GetFileSize
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
GetLocalTime
lstrcpynA
CreateFileA
GetFileAttributesA
GetModuleFileNameA
QueryPerformanceCounter
HeapCreate
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
CreateIoCompletionPort
PostQueuedCompletionStatus
GetOverlappedResult
GetQueuedCompletionStatus
GetSystemInfo
SetThreadPriority
WaitForMultipleObjects
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSection
GetCurrentDirectoryA
SetCurrentDirectoryA
FreeLibrary
LoadLibraryA
GetProcAddress
lstrcatA
CreateEventA
OpenEventA
SetEvent
GetExitCodeProcess
TerminateProcess
CompareStringW
CompareStringA
lstrcmpiA
GetVersion
GetLastError
MultiByteToWideChar
lstrcmpA
MulDiv
lstrlenA
ExitProcess
CloseHandle
OutputDebugStringA
WaitForSingleObject
GetTickCount
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
lstrcpyA
CreateProcessA
CreatePipe
GlobalMemoryStatus
FileTimeToDosDateTime
SetEnvironmentVariableA
GetLocaleInfoW
IsBadCodePtr
IsBadReadPtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
SetLastError
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentThreadId
MoveFileA
SetFilePointer
FlushFileBuffers
SetEndOfFile
DuplicateHandle
GetCurrentProcess
RaiseException
LocalAlloc
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetCurrentThread
GetCPInfo
GetOEMCP
FileTimeToLocalFileTime
GetFileTime
RtlUnwind
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
VirtualProtect
VirtualQuery
ExitThread
CreateThread
GetStartupInfoA
GetCommandLineA
HeapSize
GetCurrentProcessId
GetTimeZoneInformation
LCMapStringA
LCMapStringW
IsBadWritePtr
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
SetHandleCount
GetStdHandle
GetFileType
SetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
user32
GetTopWindow
GetDlgItem
GetLastActivePopup
GetForegroundWindow
GetWindowTextA
GetFocus
RemovePropA
GetPropA
SetPropA
GetClassNameA
GetClassInfoExA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
GetCapture
WinHelpA
RegisterWindowMessageA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
ClientToScreen
UnhookWindowsHookEx
IsWindowEnabled
LoadBitmapA
GetMenuCheckMarkDimensions
CheckMenuItem
EnableMenuItem
ModifyMenuA
SetMenuItemBitmaps
ValidateRect
DestroyMenu
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
SetForegroundWindow
wsprintfA
CharNextExA
MessageBoxA
GetClientRect
GetDC
ReleaseDC
GetMessageA
TranslateMessage
DispatchMessageA
CreateWindowExA
SetWindowPos
ShowWindow
LoadIconA
LoadCursorA
RegisterClassExA
SetWindowTextA
DefWindowProcA
DestroyWindow
BeginPaint
EndPaint
PostQuitMessage
InvalidateRect
LoadStringA
EnableWindow
KillTimer
SetTimer
UpdateWindow
GetWindowRect
SetRect
PtInRect
GetMenu
PostMessageA
GetSysColor
AdjustWindowRectEx
GetParent
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
SendMessageA
CallWindowProcA
GetWindowLongA
SetWindowLongA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
CopyRect
GetWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetKeyState
GetSysColorBrush
gdi32
GetStockObject
CreateBitmap
SetBkColor
SaveDC
RestoreDC
SetTextColor
GetClipBox
SelectObject
DeleteObject
DeleteDC
TextOutA
GetDeviceCaps
SetMapMode
PtVisible
RectVisible
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
advapi32
GetUserNameA
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
CryptReleaseContext
oleaut32
VariantClear
VariantChangeType
VariantInit
VariantTimeToSystemTime
SystemTimeToVariantTime
comctl32
ord17
oleacc
CreateStdAccessibleObject
LresultFromObject
winspool.drv
ClosePrinter
DocumentPropertiesA
OpenPrinterA
mscoree
_CorExeMain
version
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA
Sections
.text Size: 1.8MB - Virtual size: 1.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 262KB - Virtual size: 261KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 70KB - Virtual size: 1.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 354KB - Virtual size: 353KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ