e49c6bd212dccaa4975cc654023f75aad0e454fba1ab61b7055cfd3ab3250c06

Sharing

Copy URL Twitter E-mail

General

Target

e49c6bd212dccaa4975cc654023f75aad0e454fba1ab61b7055cfd3ab3250c06
Size

9.4MB
MD5

0b9ca55fffa119b9cc73c9f2bc8431a3
SHA1

d9bba867049ecfa8ecb5543a12aff3f5c8fe8052
SHA256

e49c6bd212dccaa4975cc654023f75aad0e454fba1ab61b7055cfd3ab3250c06
SHA512

1b9fcfb9c33c066d0f133b0f766085924ccf721d8b29c84991e7844f35308ab3b89562f544f18f924c7d6630b9f296f7e2ddbae5605e9a99c29cc9acfe7ba194
SSDEEP

98304:ts6FNdnVvpGbOXWBVLrbuOQrKqjwF/wcNaUBz2ZyS29:ts6bv1mBxKrV0F1z3S29

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e49c6bd212dccaa4975cc654023f75aad0e454fba1ab61b7055cfd3ab3250c06

Files

e49c6bd212dccaa4975cc654023f75aad0e454fba1ab61b7055cfd3ab3250c06
.exe windows:6 windows x86 arch:x86

4a77921333b7fc785585d964c8e10a3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\bohe_game\product\win32d\speed_ball.pdb

Imports

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree
CoInitializeEx
CLSIDFromString
CoInitializeSecurity
ReleaseStgMedium
OleDuplicateData
DoDragDrop
RevokeDragDrop
RegisterDragDrop
CLSIDFromProgID
OleLockRunning
CoUninitialize
CreateStreamOnHGlobal

kernel32

GetModuleHandleW
GetSystemWow64DirectoryW
GetWindowsDirectoryW
GetSystemDirectoryW
IsBadStringPtrA
IsBadReadPtr
ReadFile
GetFileSize
GetDiskFreeSpaceExW
GetDiskFreeSpaceExA
VerifyVersionInfoW
FindNextFileW
FindFirstFileW
FindClose
CreateFileA
CreateDirectoryA
MultiByteToWideChar
CreateProcessW
QueryPerformanceFrequency
VerSetConditionMask
DeleteFileW
GetPrivateProfileStringA
lstrcatW
lstrcpyW
LoadLibraryW
GetProcAddress
GetModuleFileNameW
GetModuleFileNameA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
OpenProcess
CreatePipe
Sleep
OpenEventW
CreateEventW
OpenMutexW
CreateMutexW
QueryPerformanceCounter
GetVersionExW
WaitForSingleObject
ReleaseMutex
OutputDebugStringW
GetTempPathW
WriteFile
CreateFileW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
CreateDirectoryW
GetTickCount
WideCharToMultiByte
FormatMessageW
FormatMessageA
LocalFree
CreateEventA
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
GetLastError
RaiseException
CloseHandle
DecodePointer
PeekNamedPipe
DeviceIoControl
GetCurrentProcess
GetStartupInfoW
SystemTimeToTzSpecificLocalTime
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetStdHandle
GetTimeZoneInformation
GetFileSizeEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
EncodePointer
LCMapStringEx
GetLocaleInfoEx
GetStringTypeW
CompareStringEx
GetCPInfo
ResetEvent
ReleaseSemaphore
WaitForSingleObjectEx
WaitForMultipleObjectsEx
OpenEventA
SetWaitableTimer
GetCurrentProcessId
GetCurrentThreadId
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemInfo
GetLogicalProcessorInformation
GetModuleHandleA
CreateWaitableTimerA
GetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
FlushFileBuffers
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFileTime
GetFullPathNameW
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFilePointerEx
SetFileTime
CreateDirectoryExW
CopyFileExW
MoveFileExW
AreFileApisANSI
IsBadStringPtrW
GetACP
MulDiv
GlobalUnlock
GlobalLock
lstrlenW
ExitProcess
FreeResource
LoadResource
LockResource
SizeofResource
FindResourceW
LocalFileTimeToFileTime
SetFilePointer
SystemTimeToFileTime
GlobalAlloc
GetLocalTime
lstrcmpiW
lstrcpynW
GetStdHandle
GetFileType
GetModuleHandleExW
SwitchToFiber
DeleteFiber
CreateFiber
GetSystemTimeAsFileTime
ConvertFiberToThread
ConvertThreadToFiber
FreeLibrary
LoadLibraryA
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
SleepEx
CompareFileTime
GetEnvironmentVariableA
WaitForMultipleObjects
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
VirtualQuery
InitializeSListHead
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
LoadLibraryExW
HeapValidate
CreateThread
ExitThread
FreeLibraryAndExitThread
WriteConsoleW
SetConsoleCtrlHandler
GetDriveTypeW
GetSystemTime
FileTimeToSystemTime
GetConsoleOutputCP
GetCurrentThread
HeapQueryInformation
GetDateFormatW

user32

MonitorFromPoint
GetMessageW
TranslateMessage
DispatchMessageW
SendMessageW
CreateWindowExW
IsWindow
DestroyWindow
IsIconic
IsZoomed
SetFocus
GetFocus
GetKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
GetCursorPos
MapWindowPoints
GetSysColor
IntersectRect
IsRectEmpty
PtInRect
GetParent
GetWindow
LoadImageW
MonitorFromWindow
GetMonitorInfoW
UpdateWindow
wsprintfW
DefWindowProcW
PostQuitMessage
CallWindowProcW
RegisterClassW
ReleaseDC
GetClassInfoExW
EnableWindow
GetMenu
SetPropW
GetPropW
AdjustWindowRectEx
SetWindowRgn
UpdateLayeredWindow
MoveWindow
IsWindowEnabled
GetWindowRgn
CharPrevW
DrawTextW
FillRect
SetRect
CreatePopupMenu
DestroyMenu
EnableMenuItem
AppendMenuW
TrackPopupMenu
CreateCaret
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
EqualRect
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
wsprintfA
DrawTextA
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
GetKeyboardLayout
GetKeyNameTextW
MapVirtualKeyExW
GetProcessWindowStation
GetUserObjectInformationW
SetWindowPos
IsWindowVisible
GetActiveWindow
SetForegroundWindow
MessageBoxW
GetWindowLongW
SetWindowLongW
GetDC
OffsetRect
UnionRect
InflateRect
CharNextW
FindWindowW
ShowWindow
GetSystemMetrics
LoadCursorW
ScreenToClient
SetCursor
PostMessageW
GetWindowRect
UnregisterClassW
RegisterClassExW

shell32

ShellExecuteW
DragQueryFileW
CommandLineToArgvW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetKnownFolderPath
SHGetSpecialFolderPathA

oleaut32

VariantClear
CreateErrorInfo
SetErrorInfo
VariantChangeType
VariantInit
GetErrorInfo
OleCreatePictureIndirect
SysAllocString
SysFreeString

shlwapi

PathRemoveFileSpecA
PathRemoveFileSpecW
PathFileExistsW
PathFileExistsA

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertGetEnhancedKeyUsage
CertGetNameStringA
CertOpenSystemStoreW
CertGetIntendedKeyUsage

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueW

imagehlp

ImageDirectoryEntryToDataEx

bcrypt

BCryptGenRandom

ws2_32

send
WSASetLastError
accept
bind
closesocket
connect
listen
setsockopt
socket
getpeername
htons
WSAIoctl
htonl
__WSAFDIsSet
select
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
recvfrom
sendto
WSAStartup
recv
getnameinfo
freeaddrinfo
getaddrinfo
WSAGetLastError
WSACleanup
ntohs
shutdown
getsockopt
getsockname
gethostbyname
gethostname
ioctlsocket

gdi32

CreateSolidBrush
CreatePenIndirect
GetClipBox
GetObjectType
GetTextExtentPoint32W
GetCharABCWidthsW
CreateRectRgnIndirect
CreateDIBSection
PtInRegion
SelectObject
CreateRectRgn
CreateRoundRectRgn
SetWindowOrgEx
GetObjectW
GetTextMetricsW
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateEnhMetaFileW
LineTo
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
GetObjectA
MoveToEx
TextOutW
GdiFlush
CreatePatternBrush
GetTextExtentPointA
GetBitmapBits
SetBitmapBits
SaveDC
RestoreDC
Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
CombineRgn
CreateDIBitmap
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CloseEnhMetaFile
GetDeviceCaps

advapi32

CryptGetUserKey
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
RegisterEventSourceW
ReportEventW
CryptExportKey
DeregisterEventSource
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW

comctl32

InitCommonControlsEx
_TrackMouseEvent
ord17

gdiplus

GdipAddPathLine
GdipAddPathArc
GdipCreateMatrix
GdipDeleteMatrix
GdipTranslateMatrix
GdipRotateMatrix
GdipCreatePath
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipSetPenDashStyle
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipFree
GdipDisposeImage
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipCreateFromHDC
GdipDeleteGraphics
GdipReleaseDC
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipSetWorldTransform
GdipResetWorldTransform
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdipFillPath
GdipDrawImageRectRect
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipDrawImageRectI
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipCreatePen2
GdipSetPenStartCap
GdipSetPenEndCap
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipDrawLine
GdipDrawImageI
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipDeletePath
GdipCloneImage
GdipCloneBrush

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

wldap32

ord145
ord301
ord219
ord46
ord14
ord147
ord216
ord208
ord133
ord41
ord117
ord26
ord27
ord127
ord167
ord142
ord79

Sections

.textbss
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

unique
Size: 512B - Virtual size: 265B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 794B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 265B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 241KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a77921333b7fc785585d964c8e10a3c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ole32

kernel32

user32

shell32

oleaut32

shlwapi

crypt32

iphlpapi

version

imagehlp

bcrypt

ws2_32

gdi32

advapi32

comctl32

gdiplus

imm32

wldap32

Sections

.textbss Size: - Virtual size: 2.9MB

.text Size: 6.1MB - Virtual size: 6.1MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 128KB - Virtual size: 165KB

.idata Size: 18KB - Virtual size: 17KB

.msvcjmc Size: 5KB - Virtual size: 4KB

unique Size: 512B - Virtual size: 265B

.tls Size: 1024B - Virtual size: 794B

.00cfg Size: 512B - Virtual size: 265B

.rsrc Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 241KB - Virtual size: 240KB

.textbss
Size: - Virtual size: 2.9MB

.text
Size: 6.1MB - Virtual size: 6.1MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 128KB - Virtual size: 165KB

.idata
Size: 18KB - Virtual size: 17KB

.msvcjmc
Size: 5KB - Virtual size: 4KB

unique
Size: 512B - Virtual size: 265B

.tls
Size: 1024B - Virtual size: 794B

.00cfg
Size: 512B - Virtual size: 265B

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 241KB - Virtual size: 240KB