0cf9400fe1f78901290df654df0bc1a2fce3e4321b4108f6b4d6fa0a4376f454

Sharing

Copy URL Twitter E-mail

General

Target

0cf9400fe1f78901290df654df0bc1a2fce3e4321b4108f6b4d6fa0a4376f454
Size

1.2MB
MD5

cbd165cad12a136fc03598bcc618fb17
SHA1

871e4f715755f98265f1911b9958623e8726440d
SHA256

0cf9400fe1f78901290df654df0bc1a2fce3e4321b4108f6b4d6fa0a4376f454
SHA512

f45917afb9463caf90090619aa0496c89dfbf4f36fe6b4f0a850abbfde54e3a9ec4655aa039f7fbe8ec604edda96874f8a550bbffcb19e00ad3940e65f59dd4a
SSDEEP

24576:g+gsDyRh0R/NsCeZmpACcN2FySvaxPQzuCxr0DRkmhiU:gjUWC0mpLcNGWPQzvU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0cf9400fe1f78901290df654df0bc1a2fce3e4321b4108f6b4d6fa0a4376f454

Files

0cf9400fe1f78901290df654df0bc1a2fce3e4321b4108f6b4d6fa0a4376f454
.exe windows:5 windows x86 arch:x86

8ab9abb822c5d348dadd5eb4839748d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

I:\build\trunk_cn_9.0build\simulator\bin\dnmultiplayer.pdb

Imports

kernel32

DecodePointer
EncodePointer
TerminateThread
IsDebuggerPresent
QueryPerformanceCounter
SetEvent
CreateMutexW
WriteFile
RemoveDirectoryW
DeleteFileW
FindNextFileW
Sleep
TerminateProcess
CreateThread
ReleaseSemaphore
CreateSemaphoreW
GetCurrentThreadId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetWindowsDirectoryW
K32GetModuleFileNameExW
K32EnumProcessModules
OpenProcess
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
CreatePipe
GetSystemDirectoryW
GlobalMemoryStatusEx
GetSystemInfo
GetCurrentProcessId
CreateEventW
GlobalUnlock
GlobalLock
MulDiv
GetLastError
FindResourceW
SizeofResource
LockResource
LoadResource
FreeResource
ReadFile
GetFileSize
FindFirstFileW
FindClose
ExitProcess
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetTickCount
DeleteCriticalSection
WideCharToMultiByte
CloseHandle
GetFileTime
CreateFileW
FreeLibrary
GetModuleFileNameW
LoadLibraryW
GetPrivateProfileStringW
GetVersionExW
GetProcAddress
GetModuleHandleW
GlobalFree
GlobalAlloc
GetLocalTime
MultiByteToWideChar

user32

ShowCaret
HideCaret
CreateCaret
SetRect
FillRect
DrawTextW
CharPrevW
GetCaretPos
GetCaretBlinkTime
GetWindowTextLengthW
GetWindowTextW
LoadImageW
GetPropW
SetPropW
ShowWindow
GetClassInfoExW
RegisterClassExW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetWindow
PtInRect
IsRectEmpty
IntersectRect
MapWindowPoints
GetCursorPos
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
ReleaseCapture
SetCapture
GetFocus
GetActiveWindow
SetFocus
CharNextW
DestroyWindow
IsWindow
CreateWindowExW
InvalidateRgn
SetCaretPos
TranslateMessage
GetMessageW
LoadCursorW
OffsetRect
UnionRect
SetCursor
wvsprintfW
SetWindowLongW
GetWindowLongW
ScreenToClient
MessageBoxW
GetClientRect
SetWindowRgn
IsZoomed
GetSystemMetrics
GetMonitorInfoW
MonitorFromWindow
GetParent
MoveWindow
EnableWindow
GetWindowRect
SetTimer
KillTimer
EnumDisplaySettingsW
wsprintfW
MapVirtualKeyW
GetGUIThreadInfo
GetWindowThreadProcessId
GetClassNameW
EnumWindows
GetKeyState
SetWindowTextW
GetDesktopWindow
PostQuitMessage
IsWindowVisible
GetSysColor
DispatchMessageW
CreateAcceleratorTableW
ClientToScreen
IsIconic
SendMessageW
SetWindowPos
SetForegroundWindow
BringWindowToTop
SystemParametersInfoW
EnumDisplayMonitors
FindWindowExW
PostMessageW

shell32

SHGetPathFromIDListW
ShellExecuteExW
SHGetSpecialFolderLocation
ShellExecuteW
ord165
SHGetFolderPathW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree
CreateStreamOnHGlobal
OleLockRunning
CLSIDFromProgID
CLSIDFromString

msvcp120

?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??0_Pad@std@@QAE@XZ
?_Release@_Pad@std@@QAEXXZ
??1_Pad@std@@QAE@XZ
?_Launch@_Pad@std@@QAEXPAU_Thrd_imp_t@@@Z
_Thrd_equal
_Thrd_current
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_current_owns
_Cnd_timedwait
_Thrd_join
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
_Do_call
_Call_onceEx
?_1@placeholders@std@@3V?$_Ph@$00@2@A
?_2@placeholders@std@@3V?$_Ph@$01@2@A
_Xtime_get_ticks
?_Copy_file@sys@tr2@std@@YAHPB_W0_N@Z
?_Remove_dir@sys@tr2@std@@YA_NPB_W@Z
?_Statvfs@sys@tr2@std@@YA?AUspace_info@123@PB_W@Z
?_Read_dir@sys@tr2@std@@YAPA_WAAY0BAE@_WPAXAAW4file_type@123@@Z
?_Close_dir@sys@tr2@std@@YAXPAX@Z
?_Open_dir@sys@tr2@std@@YAPAXAAY0BAE@_WPB_WAAHAAW4file_type@123@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Future_error_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
??_7_Facet_base@std@@6B@
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?tolower@?$ctype@_W@std@@QBE_W_W@Z
?is@?$ctype@_W@std@@QBE_NF_W@Z
_Wcsxfrm
?_Incref@facet@locale@std@@UAEXXZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??1_Locinfo@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
??0_Lockit@std@@QAE@H@Z
??1facet@locale@std@@MAE@XZ
??_7facet@locale@std@@6B@
??0facet@locale@std@@IAE@I@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?id@?$ctype@_W@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?id@?$collate@_W@std@@2V0locale@2@A
_Wcscoll
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?tolower@?$ctype@_W@std@@QBEPB_WPA_WPB_W@Z
?_Throw_C_error@std@@YAXH@Z
_Mtx_init
_Mtx_lock
_Mtx_unlock
_Cnd_init
_Cnd_wait
_Cnd_broadcast
_Cnd_destroy
_Mtx_destroy
_Cnd_register_at_thread_exit
_Cnd_unregister_at_thread_exit
?_Throw_future_error@std@@YAXABVerror_code@1@@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?_Xinvalid_argument@std@@YAXPBD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?always_noconv@codecvt_base@std@@QBE_NXZ
?_BADOFF@std@@3_JB
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??Bios_base@std@@QBE_NXZ
?width@ios_base@std@@QAE_J_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Stat@sys@tr2@std@@YA?AW4file_type@123@PB_WAAH@Z
?_Make_dir@sys@tr2@std@@YAHPB_W@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?_Winerror_map@std@@YAPBDH@Z
?_Unlink@sys@tr2@std@@YAHPB_W@Z

msvcr120

??3@YAXPAX@Z
_purecall
??2@YAPAXI@Z
memmove
free
mbstowcs_s
_setjmp3
malloc
??_V@YAXPAX@Z
wcstoul
swprintf_s
iswdigit
wcstol
realloc
swscanf_s
strchr
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
?Alloc@Concurrency@@YAPAXI@Z
?Free@Concurrency@@YAXPAX@Z
?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z
?_GetCurrentInlineDepth@_StackGuard@details@Concurrency@@CAAAIXZ
?_Schedule@_TaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z
?_Cancel@_TaskCollection@details@Concurrency@@QAEXXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?set@event@Concurrency@@QAEXXZ
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBDH@Z
??0event@Concurrency@@QAE@XZ
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
_except1
_commode
_fmode
_wcmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
??1type_info@@UAE@XZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
vsprintf_s
_beginthreadex
_vswprintf_c_l
_wcsnicmp
wcscpy_s
sscanf_s
srand
??8type_info@@QBE_NABV0@@Z
vswprintf_s
_vswprintf
longjmp
??0exception@std@@QAE@ABQBD@Z
wcsncmp
iswalnum
qsort_s
_wtof
wcstod
_itow
toupper
isalnum
??1event@Concurrency@@QAE@XZ
_vsnwprintf
_wcslwr
wcsstr
wcsrchr
wcsncpy
wcschr
memset
memcpy
__CxxFrameHandler3
_CxxThrowException
_wcsicmp
_wtoi
_lock_file
_unlock_file
fgetc
ungetc
memcpy_s
fsetpos
_fseeki64
fgetpos
setvbuf
fflush
fputc
fwrite
fclose
sprintf_s
?terminate@@YAXXZ
_snprintf_s
_snwprintf_s
_errno
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrToBool@@YA_NPBX@Z
_time64
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?_Oversubscribe@_Context@details@Concurrency@@SAX_N@Z
?_ScheduleTask@_CurrentScheduler@details@Concurrency@@SAXP6AXPAX@Z0@Z
?_NewCollection@_AsyncTaskCollection@details@Concurrency@@SAPAV123@PAV_CancellationTokenState@23@@Z
rand
?wait@event@Concurrency@@QAEII@Z
??1scoped_lock@critical_section@Concurrency@@QAE@XZ
??0scoped_lock@critical_section@Concurrency@@QAE@AAV12@@Z
??1critical_section@Concurrency@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0critical_section@Concurrency@@QAE@XZ
isdigit

iphlpapi

GetAdaptersInfo

comctl32

ord17
_TrackMouseEvent

imm32

ImmSetCompositionWindow
ImmSetCompositionFontW
ImmReleaseContext
ImmGetContext
ImmGetVirtualKey

shlwapi

PathFileExistsW

wininet

HttpSendRequestW
InternetReadFile
HttpOpenRequestW
InternetConnectW
InternetOpenW
HttpQueryInfoW
InternetCloseHandle
InternetCrackUrlW

gdi32

SetWindowOrgEx
GetObjectA
CreatePatternBrush
GetStockObject
SetBkMode
SetTextColor
CombineRgn
CreatePenIndirect
CreateRectRgnIndirect
GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
LineTo
RoundRect
GetObjectW
ExtSelectClipRgn
SetBkColor
StretchBlt
SaveDC
CreateDIBSection
MoveToEx
TextOutW
ExtTextOutW
GdiFlush
GetDeviceCaps
GetTextMetricsW
SelectClipRgn
SelectObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteObject
RestoreDC
SetStretchBltMode
Rectangle
CreateSolidBrush
CreateRoundRectRgn

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

DuplicateTokenEx
OpenProcessToken
RegOpenKeyW
RegCloseKey
RegSetValueExW

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

gdiplus

GdipLoadImageFromStream
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageWidth
GdipGetImageHeight
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCloneBrush
GdipDeleteBrush
GdipCreateLineBrushI
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetCompositingQuality
GdipSetSmoothingMode
GdipSetPixelOffsetMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipGraphicsClear
GdipDrawImage
GdipDrawImageRectI
GdipDeleteFontFamily
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipGetFamily
GdipDrawString
GdipCreateStringFormat
GdipDeleteStringFormat

Sections

.text
Size: 815KB - Virtual size: 815KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ab9abb822c5d348dadd5eb4839748d4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

ole32

msvcp120

msvcr120

iphlpapi

comctl32

imm32

shlwapi

wininet

gdi32

comdlg32

advapi32

oleaut32

gdiplus

Sections

.text Size: 815KB - Virtual size: 815KB

.rdata Size: 206KB - Virtual size: 205KB

.data Size: 19KB - Virtual size: 89KB

.rsrc Size: 149KB - Virtual size: 148KB

.reloc Size: 54KB - Virtual size: 53KB

.text
Size: 815KB - Virtual size: 815KB

.rdata
Size: 206KB - Virtual size: 205KB

.data
Size: 19KB - Virtual size: 89KB

.rsrc
Size: 149KB - Virtual size: 148KB

.reloc
Size: 54KB - Virtual size: 53KB