2f38e9b6573a79d23bda46a1e75b703d9e22aae7a3e8391b700ee024c8f67dd7

Sharing

Copy URL

Twitter E-mail

General

Target

2f38e9b6573a79d23bda46a1e75b703d9e22aae7a3e8391b700ee024c8f67dd7
Size

398KB
MD5

e591bd94c3b0ae855cb011eba644e5d8
SHA1

f69ca3c2689bd0882007baa96c56dd1d2c3d382a
SHA256

2f38e9b6573a79d23bda46a1e75b703d9e22aae7a3e8391b700ee024c8f67dd7
SHA512

b9e6221891573709f634fc9507fa4e1326112722913e68040e8f57a8fbc0e2e41b3ca55af61ab4dbf617ed0e25821f70051d6d828db8728f81585e78b3d79678
SSDEEP

12288:+cMhz2IHk51b8MeMAtvuxcjcWt93xyF5Smy9ModE8c:+cMhzMAt2iYw93xmyyod1c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f38e9b6573a79d23bda46a1e75b703d9e22aae7a3e8391b700ee024c8f67dd7

Files

2f38e9b6573a79d23bda46a1e75b703d9e22aae7a3e8391b700ee024c8f67dd7
.exe windows:4 windows x86 arch:x86

7ff9aacd9f78fd0b5c5c68330c25aa16

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\SourceCodeDev\NineWorldsCodeDev\tools\launcher\source\bin\Release\GenPatchRuntime.pdb

Imports

kernel32

InterlockedExchangeAdd
LoadLibraryA
GetVersionExA
GetCurrentThreadId
DeleteCriticalSection
GetModuleHandleA
EnterCriticalSection
GetThreadLocale
InterlockedExchange
RaiseException
FlushInstructionCache
GetACP
CreateProcessA
LeaveCriticalSection
InitializeCriticalSection
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
IsBadCodePtr
QueryPerformanceCounter
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetProcessHeap
HeapFree
GetCurrentProcess
HeapAlloc
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetOEMCP
FlushFileBuffers
ReadFile
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
CloseHandle
CreateMutexA
GetLastError
UnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
HeapSize
GetProcAddress
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
LCMapStringW
LCMapStringA
RtlUnwind
GetCPInfo
VirtualAlloc
VirtualProtect
CreateThread
SetFileTime
GetFileTime
CreateFileA
GetFileSize
GetSystemTimeAsFileTime
GetFileAttributesA
CreateDirectoryA
SetCurrentDirectoryA
RemoveDirectoryA
SetFileAttributesA
MoveFileA
GetCurrentDirectoryA
DeleteFileA
AllocConsole
Process32First
GetLogicalDrives
GetStdHandle
AttachConsole
Process32Next
GetModuleFileNameA
CreateToolhelp32Snapshot
GetDiskFreeSpaceExA
ExitProcess
SetFilePointer
WaitForSingleObject
GetTickCount
WriteFile
SetLastError
OutputDebugStringA
ReleaseMutex
GetCurrentProcessId
ExpandEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
GetExitCodeProcess
TerminateProcess
GetCurrentThread
IsDebuggerPresent
FileTimeToDosDateTime
GlobalMemoryStatus
VirtualQuery
lstrcpynA
SetUnhandledExceptionFilter
IsBadStringPtrA
Module32First
GetLocalTime
GetSystemInfo
Module32Next
FileTimeToLocalFileTime
GetVersion
LocalFree
FindResourceA
lstrlenA
FreeLibrary
LoadResource
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
SizeofResource
IsDBCSLeadByte
MultiByteToWideChar
lstrlenW
lstrcmpiA
LoadLibraryExA
IsBadReadPtr
HeapReAlloc
GetStartupInfoA
GetCommandLineA
SetStdHandle
GetFileType
GetTimeZoneInformation
ExitThread

user32

SystemParametersInfoA
SetWindowPos
MapWindowPoints
GetSystemMetrics
EnableWindow
CallWindowProcA
SetWindowTextA
LoadImageA
GetDlgItem
EndDialog
CreateWindowExA
GetWindowLongA
UnregisterClassA
LoadCursorA
GetWindow
IsWindow
PostMessageA
DefWindowProcA
GetActiveWindow
DialogBoxParamA
GetWindowRect
RegisterClassExA
GetClassInfoExA
GetParent
LoadIconA
wsprintfA
GetClientRect
SendMessageA
GetWindowTextA
CharNextA
SetWindowLongA
MessageBoxA

gdi32

GetStockObject
GetObjectA
DeleteObject
CreateFontIndirectA

shell32

ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA

oleaut32

VarUI4FromStr

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shlwapi

wnsprintfA

dbghelp

SymSetOptions
SymInitialize
SymFromAddr
SymGetTypeInfo
SymGetLineFromAddr
SymCleanup
SymFunctionTableAccess
SymGetModuleBase
MiniDumpWriteDump
StackWalk
SymEnumSymbols
UnDecorateSymbolName
SymSetContext

advapi32

RegCloseKey
RegQueryValueExA
RegEnumKeyExA
GetUserNameA
RegDeleteKeyA
RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance

Sections

.text
Size: 304KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ff9aacd9f78fd0b5c5c68330c25aa16

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

oleaut32

version

shlwapi

dbghelp

advapi32

ole32

Sections

.text Size: 304KB - Virtual size: 300KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 12KB - Virtual size: 18KB

.rsrc Size: 8KB - Virtual size: 5KB

.text
Size: 304KB - Virtual size: 300KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 12KB - Virtual size: 18KB

.rsrc
Size: 8KB - Virtual size: 5KB