a7ee3a02c6c181a42a043fa565a9b310N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

a7ee3a02c6c181a42a043fa565a9b310N.exe
Size

210KB
MD5

a7ee3a02c6c181a42a043fa565a9b310
SHA1

3e10919adfad44b492e78fe9cf4bbc53562283d6
SHA256

26978ba5b031dcaf9192e3c70e41370670b91fcfa02230839e7c6b6d8add1a25
SHA512

493a2962df7969ec954e9c38e9d212509338896286be099443e1467aa39b7179cb224a3c917b9f1c61c443e616f4cd5abe5099ecdd484ac0b7243beaa7d875c0
SSDEEP

6144:gPbY7XHnpg+/5nqaPCM9hnjmFMWjOae5kT:gPbY7XHnpgW5nHjhnaWWx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7ee3a02c6c181a42a043fa565a9b310N.exe

Files

a7ee3a02c6c181a42a043fa565a9b310N.exe
.dll windows:5 windows x86 arch:x86

aca05c9b064c790dacfe6ff266ae47ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\MagicWar Conquer\serve\Source\اعمالى\الفول اسكرين\VISUAL 15 PROJECT\VIS 15\Debug\COServer.pdb

Imports

advapi32

CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW
GetCurrentHwProfileW
CryptGetHashParam

kernel32

Sleep
VirtualProtect
GetProcAddress
LoadLibraryA
GetCurrentThread
GetModuleHandleA
GetCurrentThreadId
WriteProcessMemory
VirtualAlloc
Thread32Next
CloseHandle
Thread32First
CreateToolhelp32Snapshot
VirtualFreeEx
CreateRemoteThread
VirtualAllocEx
OpenProcess
Process32NextW
WideCharToMultiByte
Process32FirstW
VirtualProtectEx
GetCurrentProcess
GetPrivateProfileIntA
WritePrivateProfileStringA
GetModuleHandleW
GetPriorityClass
IsDebuggerPresent
ExitProcess
GetCurrentProcessId
Beep
GetProcessId
SetConsoleCtrlHandler
GetComputerNameW
WaitForSingleObject
CreateThread
TerminateProcess
GetTickCount
VirtualQuery
GetPrivateProfileStringA
FreeLibrary
GetModuleFileNameW
GetProcessHeap
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryW
lstrlenA
RaiseException
MultiByteToWideChar
InterlockedExchange
DecodePointer
EncodePointer
SetLastError
DebugBreak
SuspendThread
GetLastError
VirtualFree
GetThreadContext
SetThreadContext
FlushInstructionCache
ResumeThread
InterlockedCompareExchange

user32

CallNextHookEx
SetClassLongA
SetWindowsHookExW
SetCursor
SystemParametersInfoW
EnumWindows
GetWindowTextA
GetWindowTextLengthA
FindWindowA
FindWindowExA
GetParent
FindWindowW
IsWindowVisible
MessageBoxA
ShowWindow
SetForegroundWindow
SetFocus
GetWindowLongW
SetWindowLongW
EndDialog
MessageBoxW
GetMessageW
TranslateMessage
DispatchMessageW
GetForegroundWindow
GetWindowThreadProcessId
GetAsyncKeyState
GetWindowTextLengthW

psapi

GetModuleInformation

msvcp100d

?_DebugHeapTag_func@std@@YAABU_DebugHeapTag_t@1@XZ
??2@YAPAXIABU_DebugHeapTag_t@std@@PADH@Z
??3@YAXPAXABU_DebugHeapTag_t@std@@PADH@Z
?_Xout_of_range@std@@YAXPBD@Z
??1_Container_base12@std@@QAE@XZ
??0_Container_base12@std@@QAE@XZ
?_Orphan_all@_Container_base12@std@@QAEXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Debug_message@std@@YAXPB_W0I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QBE_JXZ
??Bios_base@std@@QBEPAXXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??7ios_base@std@@QBE_NXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?setf@ios_base@std@@QAEHHH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_BADOFF@std@@3_JB
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Getpfirst@_Container_base12@std@@QBEPAPAU_Iterator_base12@2@XZ
?width@ios_base@std@@QAE_J_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bid@locale@std@@QAEIXZ
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?is@?$ctype@D@std@@QBE_NFD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?setf@ios_base@std@@QAEHH@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z

msvcr100d

??0bad_cast@std@@QAE@ABV01@@Z
__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
fclose
fprintf
fopen
_ctime64
_time64
__CxxFrameHandler3
exit
sprintf
strstr
wcstombs_s
malloc
_wassert
printf
strlen
memcmp
memchr
memcpy
??3@YAXPAX@Z
memmove
_CxxThrowException
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
memcpy_s
wcsstr
memset
_stricmp
isalnum
strcpy
ftell
fseek
fopen_s
asctime
_stat64i32
_localtime64
_getcwd
rand
??_V@YAXPAX@Z
_invalid_parameter
_CrtDbgReportW
_lock_file
_unlock_file
fwrite
fputc
ungetc
fgetc
fgetpos
_fseeki64
fsetpos
setvbuf
fflush
free
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
_wcsicmp
_except_handler3
_CRT_RTC_INITW
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_malloc_dbg
_free_dbg
_encoded_null
_CrtSetCheckCount
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook

ws2_32

recv
send
closesocket
WSACleanup
connect
WSAGetLastError
WSAStartup
socket
inet_addr
htons
gethostname

Exports

Exports

EntryPointx
SetKeyboardHook
Thread
Thread1

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aca05c9b064c790dacfe6ff266ae47ef

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

psapi

msvcp100d

msvcr100d

ws2_32

Exports

Exports

Sections

.text Size: 156KB - Virtual size: 156KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 1KB - Virtual size: 13KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 156KB - Virtual size: 156KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 1KB - Virtual size: 13KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 10KB