13b7f17f16124031e708129db9a6f414131b441f920254c380928724b1a29f70

Sharing

Copy URL Twitter E-mail

General

Target

13b7f17f16124031e708129db9a6f414131b441f920254c380928724b1a29f70
Size

4.4MB
MD5

30d5bd1cd1d107b7404788725bf5a886
SHA1

516397bbc751f5dc361c50d06f6ddb6d26b41215
SHA256

13b7f17f16124031e708129db9a6f414131b441f920254c380928724b1a29f70
SHA512

15e70a1c392bb75d76644b0222da2448aff173570b179bc98e97711b055b3f580472c44f6acf552f406728c32f31f9acfdb197b25fe679dc0b8f6f2c55a24f66
SSDEEP

98304:H0oPqRWEkXFD3dWVz/+PRdpZBj8l01hSJ8V6:HhP9t1kVD+PpDe01gJr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13b7f17f16124031e708129db9a6f414131b441f920254c380928724b1a29f70

Files

13b7f17f16124031e708129db9a6f414131b441f920254c380928724b1a29f70
.exe windows:5 windows x86 arch:x86

323a789d64ba8311a070fe489b5b9e38

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32 kernel32

HeapAlloc �

kernel32

GetPrivateProfileIntA
TerminateProcess
GetCurrentProcess
WinExec
lstrcatA
GetModuleFileNameA
ExitProcess
GetCommandLineA
DeleteFileA
Sleep
CreateThread
VirtualAlloc
FreeLibrary
GetProcAddress
LoadLibraryA
VirtualQueryEx
ReadProcessMemory
GetThreadContext
CreateProcessA
CloseHandle
ResumeThread
SetThreadContext
WriteProcessMemory
VirtualProtectEx
VirtualFree
GetModuleHandleA
SetFilePointer
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceA
GetLastError
FlushFileBuffers
GetStringTypeW
GetStringTypeA
SetStdHandle
LCMapStringW
LCMapStringA
MultiByteToWideChar
WriteFile
RtlUnwind
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetVersion
HeapFree
HeapReAlloc
HeapAlloc
HeapSize
GetCPInfo
GetACP
GetOEMCP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA

user32

DispatchMessageA
GetMessageA
TranslateMessage

ws2_32

socket
recv
send
htons
inet_addr
WSAStartup
closesocket
connect

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.K2game
Size: 464KB - Virtual size: 464KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.K2game
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.K2game
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.K2game
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

323a789d64ba8311a070fe489b5b9e38

Headers

File Characteristics

Imports

kernel32 kernel32

kernel32

user32

ws2_32

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

.K2game Size: 464KB - Virtual size: 464KB

.K2game Size: 16KB - Virtual size: 16KB

.K2game Size: 8KB - Virtual size: 8KB

.K2game Size: 4KB - Virtual size: 4KB

.text
Size: 3.9MB - Virtual size: 3.9MB

.K2game
Size: 464KB - Virtual size: 464KB

.K2game
Size: 16KB - Virtual size: 16KB

.K2game
Size: 8KB - Virtual size: 8KB

.K2game
Size: 4KB - Virtual size: 4KB