c16ef577cdfbf60eff114b5a72189b659b18c286556511fde19154b73aa7f400

Sharing

Copy URL Twitter E-mail

General

Target

c16ef577cdfbf60eff114b5a72189b659b18c286556511fde19154b73aa7f400
Size

3.0MB
MD5

70ec1ed3ae68508251d565a5d16d654c
SHA1

31657c7bee5baf7db6267549703288b297319cd5
SHA256

c16ef577cdfbf60eff114b5a72189b659b18c286556511fde19154b73aa7f400
SHA512

87d52d591da6d8bdcbded4238af71ebd95a96c529904bd55629f12127e2d51785eff4f8b9bb9dfa718521748c8d6ed247ad4d32911289d83156bb466c02e8d36
SSDEEP

49152:HqUhRHySQ6BUwcKWyIo9pLSUMhaOh4dip9FpLkMNMPO66xSNn7AAP8RXfEU:KUhRSH6BUwcUILUs9h/97v16ueAAPQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c16ef577cdfbf60eff114b5a72189b659b18c286556511fde19154b73aa7f400

Files

c16ef577cdfbf60eff114b5a72189b659b18c286556511fde19154b73aa7f400
.exe windows:5 windows x86 arch:x86

bce81a4b82f7d7404fcb779909639bea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\.jenkins\workspace\WeiDuanGame\MicroGame\MicroGameBox\Release\MicroGameBox.pdb

Imports

kernel32

SetErrorMode
GetCurrentThreadId
LeaveCriticalSection
lstrcmpiW
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
MultiByteToWideChar
WideCharToMultiByte
GetShortPathNameW
SetEvent
WaitForSingleObject
WaitForMultipleObjects
CloseHandle
CreateEventW
GetProcAddress
FreeLibrary
InterlockedDecrement
InterlockedIncrement
FindResourceExW
FindResourceW
SizeofResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
LoadLibraryW
DeleteFileW
CopyFileW
MoveFileW
lstrcmpW
GetCommandLineW
GetTickCount
SetLastError
lstrcpynW
OpenProcess
GetCurrentProcess
MoveFileExW
FindNextFileW
FindFirstFileW
GetFileAttributesW
SetFileAttributesW
CreateFileW
GetFullPathNameW
RemoveDirectoryW
GetTempFileNameW
lstrlenW
FindClose
SetFilePointer
WriteFile
GetExitCodeProcess
TerminateProcess
GetSystemWindowsDirectoryW
GetProcessHeap
HeapSize
QueryDepthSList
ReleaseSemaphore
InitializeCriticalSection
VirtualProtect
GetThreadTimes
UnregisterWait
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SignalObjectAndWait
CreateTimerQueue
WriteConsoleW
ReadConsoleW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
GetFileType
FreeLibraryAndExitThread
ExitThread
InterlockedFlushSList
RtlUnwind
CreateFileA
lstrcmpiA
lstrcmpA
DeviceIoControl
DosDateTimeToFileTime
LocalFileTimeToFileTime
CreateDirectoryW
GetSystemDirectoryW
EnterCriticalSection
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LockResource
GetCurrentProcessId
UnregisterWaitEx
RegisterWaitForSingleObject
OutputDebugStringA
GetModuleHandleExW
GetModuleHandleExA
GetModuleHandleA
IsDebuggerPresent
OutputDebugStringW
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetStringTypeW
FormatMessageW
DuplicateHandle
WaitForSingleObjectEx
Sleep
SwitchToThread
GetCurrentThread
GetNativeSystemInfo
TryEnterCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
QueryPerformanceFrequency
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
LocalFree
ReleaseMutex
CreateMutexW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetVersionExW
GetFileSizeEx
ReadFile
GetACP
FreeResource
ExitProcess
GlobalAlloc
GlobalLock
GlobalUnlock
GetFileSize
MulDiv
IsBadReadPtr
GlobalFree
ResetEvent
GetVersion
InterlockedExchange
InterlockedCompareExchange
ResumeThread
GetLocalTime
SetEndOfFile
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetTempPathW
CreateThread
SetThreadPriority
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetStdHandle
FlushFileBuffers
SetFilePointerEx
SetFileTime
DecodePointer

user32

MapWindowPoints
PtInRect
LoadIconW
SystemParametersInfoW
CallWindowProcW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
SetTimer
GetWindowLongW
SetWindowLongW
LoadCursorW
GetDC
ReleaseDC
GetIconInfo
MoveWindow
SetWindowPos
GetCursorPos
GetWindowRect
GetClientRect
SetForegroundWindow
ScreenToClient
SwitchToThisWindow
wvsprintfW
SetCursor
InflateRect
OffsetRect
GetMessageW
TranslateMessage
DispatchMessageW
SendMessageW
IsChild
UpdateLayeredWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
UpdateWindow
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
IsRectEmpty
GetParent
GetClassNameW
GetWindow
RegisterClassW
EnableWindow
GetMenu
SetPropW
GetPropW
AdjustWindowRectEx
CopyRect
IntersectRect
IsIconic
SetWindowRgn
MonitorFromWindow
GetMonitorInfoW
FindWindowExW
CharPrevW
DrawTextW
SetRect
DrawIconEx
CreateCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
GetSysColor
RemovePropW
GetWindowDC
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
CreateAcceleratorTableW
InvalidateRgn
FillRect
PeekMessageW
WaitMessage
CallMsgFilterW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetFocus
IsZoomed
IsWindowVisible
ShowWindow
IsWindow
PostQuitMessage
RegisterWindowMessageW
MessageBoxW
LoadImageW
DestroyIcon
PostMessageW
KillTimer
CharNextW
DestroyWindow
DefWindowProcW
UnregisterClassW
wsprintfW

gdi32

GetTextMetricsW
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectW
CreatePen
DeleteDC
GetStockObject
GetTextExtentPoint32W
Rectangle
RestoreDC
SaveDC
SelectObject
SetDIBitsToDevice
GetObjectW
SetWindowOrgEx
CreateRoundRectRgn
CombineRgn
CreateDCW
GetDeviceCaps
CreateRectRgnIndirect
GetCharABCWidthsW
GetClipBox
LineTo
RoundRect
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
ExtTextOutW
GetDIBits
DeleteObject
SetTextColor
CreateDIBSection
MoveToEx
TextOutW
CreateSolidBrush

advapi32

RegDeleteValueW
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
RegCreateKeyW
RegQueryValueExW
GetTokenInformation

shell32

SHChangeNotify
SHCreateDirectoryExW
ShellExecuteW
Shell_NotifyIconW
ord165
SHFileOperationW
ShellExecuteExW
SHGetSpecialFolderPathW

ole32

OleLockRunning
CLSIDFromProgID
CoCreateGuid
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
CoUninitialize
CLSIDFromString
CoCreateInstance

oleaut32

SafeArrayPutElement
VariantInit
SysFreeString
VarUI4FromStr
VariantClear
SysAllocString
SysAllocStringLen
SafeArrayCreate

shlwapi

StrStrIW
StrStrIA
StrCmpNIW
PathFileExistsW
PathIsDirectoryW
PathRemoveFileSpecW
SHDeleteKeyW
PathCombineW
PathFindFileNameW
SHGetValueW
SHSetValueW
AssocQueryStringW
StrCpyW
StrTrimA
StrCmpIW
SHSetValueA
SHGetValueA
PathAppendW

comctl32

_TrackMouseEvent
InitCommonControlsEx
ord17

gdiplus

GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipGraphicsClear
GdipDrawImageRectI
GdipCreatePath
GdipDeletePath
GdipClosePathFigure
GdipAddPathArcI
GdipCreateTexture
GdipSaveImageToFile
GdipGetImageGraphicsContext
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipCloneBitmapAreaI
GdipImageGetFrameCount
GdipBitmapUnlockBits
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipLoadImageFromStream
GdipSetInterpolationMode
GdipFillPath
GdipDrawImagePointsI
GdipDrawImageRectRectI
GdipGetImageEncodersSize
GdipGetImageEncoders
ord1
GdipCreatePen1
GdipDeletePen
GdipDrawPath
GdipDrawEllipseI
GdipLoadImageFromStreamICM
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipFillEllipseI
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipCloneImage
GdipBitmapLockBits

psapi

EnumProcesses
EnumProcessModules
GetModuleFileNameExW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wininet

InternetGetConnectedState
InternetSetCookieW
InternetGetCookieExW
InternetCrackUrlW

iphlpapi

GetAdaptersInfo

crypt32

CertGetNameStringW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

winmm

timeGetTime
timeBeginPeriod
timeEndPeriod

msimg32

GradientFill
AlphaBlend

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 290KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 28KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 146KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bce81a4b82f7d7404fcb779909639bea

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

psapi

version

wininet

iphlpapi

crypt32

wintrust

winmm

msimg32

urlmon

imm32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 290KB - Virtual size: 289KB

.data Size: 28KB - Virtual size: 42KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 146KB - Virtual size: 148KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 290KB - Virtual size: 289KB

.data
Size: 28KB - Virtual size: 42KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 146KB - Virtual size: 148KB