eb964a3ebed826fe892b6d733481613d3ac1900e2342c101c9ceafec21a0e1cc

Sharing

Copy URL Twitter E-mail

General

Target

eb964a3ebed826fe892b6d733481613d3ac1900e2342c101c9ceafec21a0e1cc
Size

3.1MB
MD5

c40ea6e5a86da5d7698a6fc4e37a6e79
SHA1

0c7663d0dcc111316487983c6919e12bcc0b1477
SHA256

eb964a3ebed826fe892b6d733481613d3ac1900e2342c101c9ceafec21a0e1cc
SHA512

b653b4a90ff414dc50b3d9c87381b3eeffa0e64896023dac6072ade1fcaa7e96e95fe6af34a9d36c27552e6fdf733db525025c52a672d52fdb3fbd30b5bce3d0
SSDEEP

98304:YgVFLrKMTwMGCpKt1/vPZKHVmeZPmjBsAHLzBa2zR5tuH6S4VvXick12tvxaSVUG:dFLrKMTmCpKt1/vPZKHVmeZPmjBsAHnX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb964a3ebed826fe892b6d733481613d3ac1900e2342c101c9ceafec21a0e1cc

Files

eb964a3ebed826fe892b6d733481613d3ac1900e2342c101c9ceafec21a0e1cc
.exe windows:6 windows x86 arch:x86

bee208259e36255bf9f59e24a9546d8d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\DBO源码大全\Archer源碼\server2.0\Archer\Bin\Archer.pdb

Imports

winmm

timeGetTime

d3dx9_27

D3DXVec3TransformCoord
D3DXVec3TransformNormal
D3DXMatrixMultiplyTranspose
D3DXQuaternionSlerp
D3DXMatrixMultiply
D3DXMatrixTranspose
D3DXAssembleShader

kernel32

CreatePipe
CreateFileW
MoveFileExW
GetFileAttributesExW
GetExitCodeProcess
DeleteFileW
HeapReAlloc
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
WriteFile
GetCurrentDirectoryW
SetEnvironmentVariableW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindNextFileW
FindFirstFileExW
WriteConsoleW
GetModuleFileNameW
GetFileType
GetStdHandle
SetStdHandle
IsValidCodePage
CreateProcessW
DuplicateHandle
GetTempPathW
ExitProcess
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
SetEndOfFile
SuspendThread
CloseHandle
WaitForSingleObject
Sleep
InitializeCriticalSection
GetCurrentThread
FormatMessageA
GetCurrentProcess
OutputDebugStringA
GetModuleFileNameA
SetUnhandledExceptionFilter
FindClose
LeaveCriticalSection
EnterCriticalSection
lstrlenW
DecodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
MultiByteToWideChar
GetACP
WideCharToMultiByte
DeleteFileA
GetModuleHandleExW
FreeLibraryAndExitThread
FreeLibrary
GetProcAddress
LoadLibraryA
CreateEventA
ExitThread
CreateThread
GetFullPathNameW
GetDriveTypeW
ReadFile
LoadLibraryExW
RtlUnwind
OutputDebugStringW
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
InterlockedExchange
WaitForSingleObjectEx
ResetEvent
SetEvent
GetStringTypeW
LCMapStringW
CompareStringW
GetModuleHandleW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
SetLastError
EncodePointer
QueryPerformanceFrequency
InterlockedExchangeAdd
InterlockedCompareExchange
GetSystemDirectoryA
SetThreadAffinityMask
SetThreadPriority
ReleaseMutex
ReleaseSemaphore
CreateMutexA
CreateSemaphoreA
GetCPInfo
IsBadReadPtr
InitializeCriticalSectionAndSpinCount
LoadLibraryExA
SetFileAttributesA
GetFileAttributesA
CreateFileA
GetFileSize
GetSystemDirectoryW
LoadLibraryW
HeapAlloc
GetProcessHeap
HeapFree
GetLocaleInfoW
QueryPerformanceCounter
LocalFree

user32

GetClientRect
SetWindowLongW
IsWindowVisible
GetMenu
AdjustWindowRectEx
GetWindowLongW
GetKeyboardLayout
EndDialog
EndPaint
BeginPaint
DefWindowProcA
DialogBoxParamA
UpdateWindow
ShowWindow
SetWindowPos
GetWindowRect
CreateWindowExA
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
LoadStringW
GetSystemMetrics
RegisterClassA
LoadIconA
MessageBoxA
LoadAcceleratorsA
LoadCursorA
PostQuitMessage
IsIconic
RegisterWindowMessageA

shell32

ShellExecuteA

ole32

CoCreateInstance
CoInitialize
CoUninitialize
OleRun

oleaut32

SysFreeString
GetErrorInfo
SysAllocString
VariantInit
VariantClear

fmod

?getChannelsPlaying@System@FMOD@@QAG?AW4FMOD_RESULT@@PAH0@Z
?setPaused@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?set3DAttributes@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@PBUFMOD_VECTOR@@00@Z
?playSound@System@FMOD@@QAG?AW4FMOD_RESULT@@PAVSound@2@PAVChannelGroup@2@_NPAPAVChannel@2@@Z
?get3DListenerAttributes@System@FMOD@@QAG?AW4FMOD_RESULT@@HPAUFMOD_VECTOR@@000@Z
?close@System@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?release@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?setVolume@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?createSound@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDIPAUFMOD_CREATESOUNDEXINFO@@PAPAVSound@2@@Z
?createStream@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDIPAUFMOD_CREATESOUNDEXINFO@@PAPAVSound@2@@Z
?getName@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@PADH@Z
?release@Sound@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?release@DSP@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?stop@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?set3DMinMaxDistance@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@MM@Z
?release@System@FMOD@@QAG?AW4FMOD_RESULT@@XZ

bugtrap

BT_SetFlags
BT_SetAppName
BT_SetSupportURL

ws2_32

ntohl
gethostname
recvfrom
sendto
inet_addr
socket
WSASetLastError
getservbyport
gethostbyaddr
getservbyname
htonl
accept
ntohs
htons
recv
send
connect
setsockopt
ioctlsocket
listen
bind
closesocket
WSACleanup
WSAStartup
WSAGetLastError
inet_ntoa
gethostbyname

d3d9

Direct3DCreate9

gdi32

DeleteObject
RemoveFontResourceExW
DeleteDC
SelectObject

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 446KB - Virtual size: 445KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 85KB - Virtual size: 457KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

��٣u�
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bee208259e36255bf9f59e24a9546d8d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

d3dx9_27

kernel32

user32

shell32

ole32

oleaut32

fmod

bugtrap

ws2_32

d3d9

gdi32

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 446KB - Virtual size: 445KB

.data Size: 85KB - Virtual size: 457KB

.rsrc Size: 52KB - Virtual size: 51KB

.reloc Size: 114KB - Virtual size: 113KB

���٣u� Size: 16KB - Virtual size: 20KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 446KB - Virtual size: 445KB

.data
Size: 85KB - Virtual size: 457KB

.rsrc
Size: 52KB - Virtual size: 51KB

.reloc
Size: 114KB - Virtual size: 113KB

��٣u�
Size: 16KB - Virtual size: 20KB