f26e181fb33abf1d1ed2f7c15d630270N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

f26e181fb33abf1d1ed2f7c15d630270N.exe
Size

273KB
MD5

f26e181fb33abf1d1ed2f7c15d630270
SHA1

e468ef5430a2ad33860a4cd63d0f957cd0ca2230
SHA256

e9cdaa6ca4cc6fd9ee02a5b1119ac61d20b4bcc0b0bad87c7891b6c59113e602
SHA512

96df00b1d352f250b81a168f516826f7e55abcec4dc0b91156c952b977848627c54e8f9093bccbfda1c0f874cc06e4223714ab62fb4b6a069aaa16c997447db1
SSDEEP

6144:qduhYZEiLaGw4BRPIcy8iMYJZGG5a8BYPRsdU:Vhm9ab4BZHiMYLzBu6d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f26e181fb33abf1d1ed2f7c15d630270N.exe

Files

f26e181fb33abf1d1ed2f7c15d630270N.exe
.dll windows:5 windows x86 arch:x86

8d617553e9200cfe43c915682ae5937b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\projects\funny\GamePluginCtrl\Release\gamePluginCtrl.pdb

Imports

kernel32

DuplicateHandle
GetVolumeInformationA
GetModuleHandleW
GetFileSizeEx
GetCPInfo
GetOEMCP
HeapAlloc
ExitThread
HeapFree
ExitProcess
GetSystemTimeAsFileTime
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
RaiseException
RtlUnwind
HeapSize
SetStdHandle
GetFileType
GetACP
SetEndOfFile
VirtualFree
HeapCreate
HeapDestroy
GetStdHandle
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
UnlockFile
LockFile
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
InterlockedIncrement
GlobalFlags
WritePrivateProfileStringA
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
InterlockedDecrement
GetModuleFileNameW
DeleteCriticalSection
GlobalFree
GlobalUnlock
FormatMessageA
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
CompareStringA
InterlockedExchange
GlobalLock
GlobalAlloc
lstrlenA
SetLastError
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
CreateDirectoryA
FindClose
FindFirstFileA
VirtualProtectEx
VirtualAlloc
ResumeThread
LockResource
CreateEventA
SetEvent
GetFullPathNameA
QueryDosDeviceA
GetModuleFileNameA
DeleteFileA
GetWindowsDirectoryA
FlushFileBuffers
Module32Next
Module32First
Thread32Next
Thread32First
GetLocalTime
TerminateProcess
GetFileAttributesA
SizeofResource
WriteFile
LoadResource
FindResourceA
lstrcpyW
LocalFree
Process32Next
Process32First
CreateToolhelp32Snapshot
ReadProcessMemory
LocalAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
GetLastError
lstrcmpA
WideCharToMultiByte
UnmapViewOfFile
SetFilePointer
MultiByteToWideChar
FreeLibrary
CreateThread
InitializeCriticalSection
IsWow64Process
GetVersionExA
LoadLibraryA
LeaveCriticalSection
EnterCriticalSection
VirtualFreeEx
GetExitCodeThread
WaitForSingleObject
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetProcAddress
ReadFile
GetFileSize
CreateFileA
GetModuleHandleA
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
GetCurrentProcessId
GetTickCount
GetCurrentDirectoryA
OutputDebugStringA
CloseHandle
CreateProcessA
Sleep
IsValidCodePage
GetCurrentProcess
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetDlgCtrlID
GetWindowRect
PtInRect
GetSysColor
ReleaseDC
GetDC
ClientToScreen
IsWindow
DrawTextA
TabbedTextOutA
UnregisterClassA
UnhookWindowsHookEx
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
wsprintfA
SendMessageA
FindWindowA
SetCursor
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
PostQuitMessage
SetWindowsHookExA
SetWindowTextA
GetDesktopWindow
GetWindow
PostMessageA
GetClientRect
LoadIconA
RegisterWindowMessageA
RemovePropA
GetPropA
SetPropA
GetClassLongA
GetCapture
GrayStringA
WinHelpA
GetWindowThreadProcessId
GetWindowLongA
GetClassNameA
EnumChildWindows
IsWindowVisible
FindWindowExA
GetForegroundWindow
GetWindowTextA
DestroyMenu
CharUpperA
LoadCursorA
GetSysColorBrush
ShowWindow
DrawTextExA

gdi32

ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
TextOutA
RectVisible
PtVisible
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCreateKeyExA
CreateServiceA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyA
RegCreateKeyA
RegCloseKey
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegFlushKey
CloseServiceHandle
StartServiceA
OpenServiceA
OpenSCManagerA
RegSetValueExA

shell32

ShellExecuteA
ShellExecuteExA

shlwapi

PathIsUNCA
PathStripToRootA
UrlUnescapeA
PathFindFileNameA
PathFindExtensionA

ole32

CoCreateInstance

oleaut32

VariantInit
VariantChangeType
VariantClear

psapi

GetModuleFileNameExA

crypt32

CryptDecodeObject
CertFreeCertificateContext
CertGetNameStringA
CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CertCloseStore
CryptMsgClose

ntdll

ZwClose
ZwQueryInformationProcess
ZwDuplicateObject
ZwFreeVirtualMemory
ZwAllocateVirtualMemory
ZwOpenProcess
RtlAdjustPrivilege
ZwQuerySystemInformation

fltlib

FilterConnectCommunicationPort
FilterSendMessage

ws2_32

connect
closesocket
ioctlsocket
WSAGetLastError
select
__WSAFDIsSet
send
gethostbyname
inet_ntoa
gethostname
WSAStartup
htons
inet_addr
socket
recv
WSACleanup

wininet

InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetQueryDataAvailable
HttpQueryInfoA
InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA

Exports

Exports

AGS
ALDS
GDTAN
GHDDLS
GNBGT
GSCF
GSDNP
HINSD
IDBAS
IHJDE
IHPTE
INSHD
INSHDY
INSPD
IWBE
PTCP
RDTP
RGALDSE
SADP
SCTM
SDMDP3Q
SDMDPHY
SDMDPLZ
SDMDPSA
SEVI
SGDI
SGGGI
SGHHI
SGSI
SGTHI
SPEP
SRF

Sections

.text
Size: - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vvvt0
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vvvt1
Size: 268KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d617553e9200cfe43c915682ae5937b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

psapi

crypt32

ntdll

fltlib

ws2_32

wininet

Exports

Exports

Sections

.text Size: - Virtual size: 279KB

.rdata Size: - Virtual size: 68KB

.data Size: - Virtual size: 38KB

.vvvt0 Size: - Virtual size: 9KB

.vvvt1 Size: 268KB - Virtual size: 268KB

.reloc Size: 512B - Virtual size: 116B

.rsrc Size: 3KB - Virtual size: 13KB

.text
Size: - Virtual size: 279KB

.rdata
Size: - Virtual size: 68KB

.data
Size: - Virtual size: 38KB

.vvvt0
Size: - Virtual size: 9KB

.vvvt1
Size: 268KB - Virtual size: 268KB

.reloc
Size: 512B - Virtual size: 116B

.rsrc
Size: 3KB - Virtual size: 13KB