361a7eeb2ba5caad3610226a1cf20f8bb2520773f0e6f81d349d046817bf3e07

Sharing

Copy URL Twitter E-mail

General

Target

361a7eeb2ba5caad3610226a1cf20f8bb2520773f0e6f81d349d046817bf3e07
Size

250KB
MD5

dfe20cd76b1d24adbd9a6997e8ea9331
SHA1

609c1abad69aea4b7c21e387457f27b6ffc9d467
SHA256

361a7eeb2ba5caad3610226a1cf20f8bb2520773f0e6f81d349d046817bf3e07
SHA512

cdc42b1dddc81e9be41abefd2900641679074daea6a02fe4035fbe900fa8f61b78d2131ed515d7ecc884150b6195048af60ab147f69aff218f96de2d0dcec865
SSDEEP

6144:aXXDxgm4Vxb6mrFHYjM4CapB2n+w2HEyXmC:6XDxgm4D6Q322nAHEO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
361a7eeb2ba5caad3610226a1cf20f8bb2520773f0e6f81d349d046817bf3e07

Files

361a7eeb2ba5caad3610226a1cf20f8bb2520773f0e6f81d349d046817bf3e07
.dll windows:6 windows x86 arch:x86

e531971f5019d9ecd4e9eac9736571c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Z:\vs2015\duokaiwegame\Release\Project1.pdb

Imports

kernel32

CloseHandle
WaitForSingleObject
CreateMutexA
GetCurrentProcessId
ExitProcess
TerminateProcess
GetCurrentThread
ResumeThread
GetProcessId
VirtualAlloc
VirtualAllocEx
WriteProcessMemory
IsWow64Process
WriteConsoleW
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
GetStdHandle
GetProcessHeap
GetLastError
GetCurrentProcess
GetCurrentThreadId
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualProtect
VirtualFree
VirtualQuery
SetLastError
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateEventW
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
InterlockedFlushSList
RaiseException
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
DecodePointer

user32

IsWindow
wsprintfA
wsprintfW

ntdll

RtlInitUnicodeString
NtProtectVirtualMemory
NtWriteVirtualMemory
RtlCreateUserThread
LdrGetDllHandle
RtlAdjustPrivilege

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Jimmy0
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e531971f5019d9ecd4e9eac9736571c0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ntdll

Sections

.text Size: 71KB - Virtual size: 71KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 3KB - Virtual size: 6KB

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.Jimmy0 Size: 132KB - Virtual size: 131KB

.reloc Size: 8KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 71KB - Virtual size: 71KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 3KB - Virtual size: 6KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.Jimmy0
Size: 132KB - Virtual size: 131KB

.reloc
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB