ebe450c3b834e69397510bd7737cdb28540bf8886e67d0f1761b1e963901a185

Sharing

Copy URL Twitter E-mail

General

Target

ebe450c3b834e69397510bd7737cdb28540bf8886e67d0f1761b1e963901a185
Size

1.6MB
MD5

1715e401ef30121bb992f2e694ed7fe5
SHA1

57af56daf5ee38e96633918fbc5827694c94856c
SHA256

ebe450c3b834e69397510bd7737cdb28540bf8886e67d0f1761b1e963901a185
SHA512

f24d3cc5b7f3a94772f2af8dbf36102f96c4c5c1b7d16971ff7554fda6f578eca2f27b976fefff7bd5b78f0c4803116628b37bacdf540aceaebc3ada5dc142bb
SSDEEP

24576:wisQSQe7meTD6QdW8GHyFHjd8V4ayjTO0:NsQSQATD6ntHGDFXO0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ebe450c3b834e69397510bd7737cdb28540bf8886e67d0f1761b1e963901a185

Files

ebe450c3b834e69397510bd7737cdb28540bf8886e67d0f1761b1e963901a185
.exe windows:5 windows x86 arch:x86

4a4fb78960880eedd2047bf19e5265f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\WorkPlace\AndroidEmulator\7KMarket_Release_Packet\Basic\Client\Output\Binfinal\AppMarket\GameLogin.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

htons
htonl

kernel32

InterlockedCompareExchange
InterlockedExchange
Sleep
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetModuleFileNameW
GetCommandLineW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileSectionW
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetLocaleInfoW
GetEnvironmentVariableW
GetSystemDirectoryW
LeaveCriticalSection
EnterCriticalSection
GetSystemTime
SystemTimeToFileTime
GetModuleFileNameA
WideCharToMultiByte
MultiByteToWideChar
GetFileAttributesExW
DeleteFileW
WriteFile
SetFilePointer
MoveFileW
InterlockedIncrement
InterlockedDecrement
GetLocalTime
GetTickCount
InterlockedExchangeAdd
GetCurrentThreadId
GetSystemInfo
GlobalMemoryStatusEx
OutputDebugStringW
InitializeCriticalSection
SearchPathW
lstrcpynW
VirtualQuery
GetCurrentProcessId
WriteProcessMemory
SetUnhandledExceptionFilter
CreateToolhelp32Snapshot
Thread32Next
OpenThread
SuspendThread
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateEventW
DuplicateHandle
Module32FirstW
Module32NextW
SetErrorMode
CreateProcessW
WaitForMultipleObjects
TerminateProcess
ReadProcessMemory
VirtualAllocEx
RaiseException
ResetEvent
SetEvent
WaitForSingleObject
DecodePointer
LocalFree
OpenProcess
LocalAlloc
FlushInstructionCache
GetCurrentThread
TlsAlloc
TlsSetValue
TlsGetValue
TlsFree
VirtualProtectEx
GlobalAlloc
lstrcmpW
MulDiv
GlobalLock
GlobalUnlock
SetLastError
GetWindowsDirectoryW
VirtualProtect
VirtualAlloc
ResumeThread
GetThreadContext
SetThreadContext
SwitchToThread
CloseHandle
LoadLibraryA
GetVersionExW
GetSystemDefaultLangID
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
CreateFileW
GetCurrentProcess
GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryW
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualFree
LoadLibraryExA
WaitForSingleObjectEx
UnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
Thread32First

user32

SetWindowLongW
wsprintfW
LoadCursorW
GetClassInfoExW
RegisterWindowMessageW
ReleaseCapture
CreateAcceleratorTableW
GetDesktopWindow
FillRect
GetFocus
DestroyAcceleratorTable
GetSysColor
GetClassNameW
GetDlgItem
GetParent
IsChild
GetWindow
SetFocus
SetCapture
RedrawWindow
InvalidateRgn
GetSystemMetrics
EndPaint
BeginPaint
ScreenToClient
ClientToScreen
GetClientRect
SetWindowPos
MoveWindow
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
SendMessageW
GetWindowLongW
CharNextW
CallWindowProcW
InvalidateRect
SendMessageTimeoutW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
PostThreadMessageW
RegisterClassExW
UnregisterClassW
IsWindow
CreateWindowExW
EnumDisplayDevicesW
FindWindowW
CreateWindowExA
RegisterClassExA
DefWindowProcW
DestroyWindow
GetDC
ReleaseDC

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
GetStockObject
GetObjectW
CreateSolidBrush
DeleteObject
SelectObject
SetPixelFormat
ChoosePixelFormat
BitBlt
GetDeviceCaps

advapi32

RegQueryValueExA
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW
CommandLineToArgvW
SHFileOperationW

ole32

CLSIDFromString
CreateStreamOnHGlobal
CLSIDFromProgID
CoGetClassObject
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoLoadLibrary
StringFromGUID2
CoTaskMemFree
CoReleaseServerProcess
OleLockRunning
CoAddRefServerProcess
CoCreateGuid
CoCreateInstance

oleaut32

SysAllocStringLen
SysAllocString
SysStringLen
VariantInit
VariantClear
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysFreeString

shlwapi

PathAppendW
PathRemoveFileSpecA
PathAddBackslashW
PathFileExistsW
PathRemoveFileSpecW

msvcp140

?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
_To_wide
_To_byte
?_Xinvalid_argument@std@@YAXPBD@Z
_Xtime_get_ticks
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_BADOFF@std@@3_JB
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
_Thrd_hardware_concurrency

d3d9

Direct3DCreate9

opengl32

wglCreateContext
wglMakeCurrent
glGetString
wglGetProcAddress
wglDeleteContext

psapi

GetModuleFileNameExA
GetProcessMemoryInfo

wininet

InternetCloseHandle
InternetGetCookieW
HttpQueryInfoW
InternetOpenUrlW
InternetSetStatusCallbackW
InternetSetOptionW
InternetOpenW

vcruntime140

_set_purecall_handler
_CxxThrowException
__CxxFrameHandler3
memcpy
memset
__vcrt_InitializeCriticalSectionEx
_except_handler4_common
memchr
__std_type_info_compare
wcschr
wcsstr
wcsrchr
_purecall
memmove
__std_exception_copy
__std_exception_destroy
__std_terminate

api-ms-win-crt-runtime-l1-1-0

_controlfp_s
_errno
_invalid_parameter_noinfo
_get_wide_winmain_command_line
_initterm
_exit
_configure_wide_argv
_c_exit
_initterm_e
_set_app_type
_seh_filter_exe
terminate
_cexit
_crt_atexit
_initialize_wide_environment
_set_invalid_parameter_handler
exit
_invalid_parameter_noinfo_noreturn
_beginthreadex
_register_onexit_function
_initialize_onexit_table
_register_thread_local_exe_atexit_callback

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vswscanf
__p__commode
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf_s
__stdio_common_vsprintf_s
__stdio_common_vswprintf
_set_fmode
__stdio_common_vsscanf

api-ms-win-crt-math-l1-1-0

_dtest
_dsign
__setusermatherr

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath_s

api-ms-win-crt-string-l1-1-0

_wcsupr_s
wcsnlen
_wcslwr_s
wcscpy_s
wcscat_s
_wcslwr
wmemcpy_s
toupper
_wcsicmp
wcsncpy_s
strnlen
wcsncat_s

api-ms-win-crt-convert-l1-1-0

strtoull
_wtoi
_wtol
strtod
strtoll

api-ms-win-crt-heap-l1-1-0

calloc
realloc
_recalloc
_callnewh
free
malloc
_set_new_mode

beacon_sdk

?Report@BeaconClient@@SAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@std@@@2@@3@W4RequestPriority@Beacon@@@Z
?set_common_params@BeaconClient@@SAXABV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@std@@@2@@std@@@Z
?set_common_param_getters@BeaconClient@@SAXABV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$function@$$A6A?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$function@$$A6A?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ@2@@std@@@2@@std@@@Z
?UninitSDK@BeaconClient@@SAXXZ
?InitSDK@BeaconClient@@SAXABUBeaconConfig@@@Z

Sections

.text
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4a4fb78960880eedd2047bf19e5265f2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp140

d3d9

opengl32

psapi

wininet

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

beacon_sdk

Sections

.text Size: 262KB - Virtual size: 262KB

.rdata Size: 70KB - Virtual size: 70KB

.data Size: 7KB - Virtual size: 16KB

.gfids Size: 512B - Virtual size: 92B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 48KB - Virtual size: 48KB

.reloc Size: 1.2MB - Virtual size: 1.8MB

.text
Size: 262KB - Virtual size: 262KB

.rdata
Size: 70KB - Virtual size: 70KB

.data
Size: 7KB - Virtual size: 16KB

.gfids
Size: 512B - Virtual size: 92B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 48KB - Virtual size: 48KB

.reloc
Size: 1.2MB - Virtual size: 1.8MB