d1faadd92c91a2dec964637d4f377963d8787394aef299ed8f10b5cfd91678eb

Sharing

Copy URL Twitter E-mail

General

Target

d1faadd92c91a2dec964637d4f377963d8787394aef299ed8f10b5cfd91678eb
Size

15.9MB
MD5

36d627b6fdf8c157793b61e6af8aa010
SHA1

97e2a1f2ba59e067ee1829cd6ac58576a3ac5633
SHA256

d1faadd92c91a2dec964637d4f377963d8787394aef299ed8f10b5cfd91678eb
SHA512

6d6e4d0abbe93b3af22932aab1232cb2a3663684c715a58a38e6a48613828982ac5f1327cfab06b10dd6ae503fec4247d8c68ce696ef6eef7cbe20da8e25623f
SSDEEP

393216:gK/XtERuHCZAOWvnDBrPSefZRX5yEavJtXuIGxkjAlSy:X/m0H/DxDfbJHMxuvxJ4y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d1faadd92c91a2dec964637d4f377963d8787394aef299ed8f10b5cfd91678eb

Files

d1faadd92c91a2dec964637d4f377963d8787394aef299ed8f10b5cfd91678eb
.exe windows:6 windows x86 arch:x86

23e3e7fcda9284c18b6f7c8bd158226a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\.jenkins\workspace\MGame\WinAuth\WinAuth-inst-uninst\bin\Inst\Release\Install.pdb

Imports

kernel32

MoveFileExW
WideCharToMultiByte
WritePrivateProfileStringW
GetPrivateProfileStringW
FindNextFileW
FindFirstFileW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetSystemInfo
CreateFileW
CopyFileW
DeleteFileW
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
ExitThread
GetCurrentProcess
InitializeCriticalSectionEx
GetLastError
DecodePointer
CreateThread
MultiByteToWideChar
LoadLibraryW
FindResourceW
SizeofResource
LockResource
LoadResource
GetProcAddress
FindResourceExW
GetLocalTime
WaitForMultipleObjects
Sleep
CreateEventW
WaitForSingleObject
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeZoneInformation
GetConsoleMode
GetConsoleOutputCP
SetFilePointerEx
GetFileType
GetModuleHandleExW
RtlUnwind
lstrcmpA
DeviceIoControl
GetSystemWindowsDirectoryW
LocalFree
UnregisterWaitEx
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
QueryDepthSList
InterlockedFlushSList
RaiseException
CloseHandle
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
IsDebuggerPresent
OutputDebugStringW
GetStringTypeW
FormatMessageW
TryEnterCriticalSection
GetCurrentThreadId
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
GetExitCodeThread
EncodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
GetCurrentProcessId
OpenProcess
MulDiv
GetACP
ExitProcess
FreeResource
GetFileSize
ReadFile
lstrcmpW
SetEndOfFile
SetFilePointer
SetFileTime
WriteFile
GetVersion
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
GetTempFileNameW
GetTempPathW
ResumeThread
ResetEvent
IsBadReadPtr
lstrcpynW
lstrcpyW
lstrlenW
GetFileAttributesExW
GetLogicalDriveStringsW
QueryDosDeviceW
IsWow64Process
K32GetModuleFileNameExW
K32GetProcessImageFileNameW
CreateMutexW
GetLongPathNameW
TerminateProcess
GetExitCodeProcess
K32EnumProcesses
FindClose
GetFileAttributesW
GetFullPathNameW
RemoveDirectoryW
SetFileAttributesW
GetWindowsDirectoryW
MoveFileW
GetShortPathNameW
GetDiskFreeSpaceExW
GetDriveTypeW
CreateFileA
DeleteFileA
GetTempPathA
GetTempFileNameA
FlushFileBuffers
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
InitializeSListHead
LoadLibraryExW
CreateDirectoryW
GetStdHandle
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
GetVersionExW
VirtualAlloc
VirtualProtect

user32

ReleaseCapture
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
GetCursorPos
CreateCaret
GetCaretBlinkTime
SetCaretPos
ScreenToClient
MapWindowPoints
IntersectRect
UnionRect
IsRectEmpty
PtInRect
GetWindowLongW
SetWindowLongW
GetParent
GetClassNameW
GetWindow
MonitorFromWindow
wsprintfW
DefWindowProcW
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
EnableWindow
GetSystemMetrics
SetPropW
GetPropW
LoadCursorW
SetCapture
wvsprintfW
SetCursor
InflateRect
OffsetRect
IsIconic
SetWindowRgn
MessageBoxW
GetMonitorInfoW
CharPrevW
DrawTextW
SetRect
DestroyIcon
DrawIconEx
GetIconInfo
GetMessagePos
MoveWindow
GetDlgCtrlID
DrawFocusRect
FillRect
HideCaret
ShowCaret
ClientToScreen
GetSysColor
GetWindowDC
GetWindowTextW
GetWindowTextLengthW
CreateAcceleratorTableW
InvalidateRgn
GetKeyState
FindWindowExW
IsWindowEnabled
AttachThreadInput
BringWindowToTop
GetForegroundWindow
GetWindowThreadProcessId
GetFocus
PostMessageW
PeekMessageW
PostQuitMessage
IsWindow
SetWindowPos
SetTimer
KillTimer
GetWindowRect
SystemParametersInfoW
ShowWindow
IsWindowVisible
SetForegroundWindow
SetWindowTextW
SetFocus
CharNextW
IsZoomed
UpdateLayeredWindow
DestroyWindow
IsChild
CreateWindowExW
SendMessageW
DispatchMessageW
TranslateMessage
GetMessageW
MonitorFromPoint
ReleaseDC
GetDC
LoadImageW
RemovePropW

shell32

ShellExecuteExW
ShellExecuteW
ord165
SHGetSpecialFolderPathW
SHGetKnownFolderPath
SHFileOperationW
SHChangeNotify
SHCreateDirectoryExW

ole32

CoUninitialize
CoInitialize
CoTaskMemFree
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoCreateInstance
CreateStreamOnHGlobal

shlwapi

PathRenameExtensionA
SHSetValueA
StrCmpNIW
PathIsPrefixW
wnsprintfW
SHAutoComplete
PathIsDirectoryW
SHSetValueW
PathCombineW
PathAppendW
SHGetValueW
PathFileExistsW
StrCmpIW
StrStrIA
StrTrimA
PathFindFileNameA
PathRemoveFileSpecW
PathFindFileNameW
PathIsRelativeW
StrStrIW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

gdiplus

GdipAddPathLineI
GdipAddPathArcI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipSetPenDashStyle
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipDrawLineI
GdipDrawRectangleI
GdipDeletePath
GdipDrawPath
GdipFillEllipseI
GdipClosePathFigure
GdipCreateTexture
GdipCloneImage
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipAlloc
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipDrawImageRectI
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipCreateHBITMAPFromBitmap
GdipCloneBitmapAreaI
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipSetInterpolationMode
GdipGraphicsClear
GdipFillPath
GdipDrawImagePointsI
GdipDrawImageRectRectI
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipAddPathArc
GdipLoadImageFromStreamICM
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdiplusStartup
GdiplusShutdown
GdipDrawEllipseI
GdipFree
GdipGetImageHeight
GdipLoadImageFromFile
GdipCreatePath

msimg32

GradientFill
AlphaBlend

comctl32

ord17
_TrackMouseEvent
ImageList_DrawEx
ImageList_GetIconSize
InitCommonControlsEx

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

setupapi

SetupIterateCabinetW

gdi32

StretchBlt
SetStretchBltMode
SetTextColor
CreateDIBSection
SetDIBColorTable
TextOutW
ExtTextOutW
CreateSolidBrush
SetBkMode
GetTextMetricsW
SaveDC
RestoreDC
Rectangle
GetStockObject
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetDeviceCaps
ExtSelectClipRgn
SelectClipRgn
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreateRectRgnIndirect
CombineRgn
CreateRoundRectRgn
SetWindowOrgEx
SelectObject
GetObjectW
GetDIBits
SetBkColor
GetTextColor
SetDIBitsToDevice
CreateDCW

advapi32

RegCloseKey
RegCreateKeyW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegCreateKeyExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
RegEnumKeyExW

oleaut32

SysStringLen
SysAllocString
SysAllocStringLen
VariantClear
VariantInit
SafeArrayPutElement
SafeArrayCreate
SysFreeString

Exports

Exports

BasicEntry
_BasicEntry@12

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 235KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

23e3e7fcda9284c18b6f7c8bd158226a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

ole32

shlwapi

version

gdiplus

msimg32

comctl32

wininet

iphlpapi

urlmon

setupapi

gdi32

advapi32

oleaut32

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 235KB - Virtual size: 235KB

.data Size: 23KB - Virtual size: 68KB

.rsrc Size: 3.4MB - Virtual size: 3.4MB

.reloc Size: 66KB - Virtual size: 65KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 235KB - Virtual size: 235KB

.data
Size: 23KB - Virtual size: 68KB

.rsrc
Size: 3.4MB - Virtual size: 3.4MB

.reloc
Size: 66KB - Virtual size: 65KB