Repack-Patch-41-to-42[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Repack-Patch-41-to-42.exe
Size

12.8MB
MD5

3985e452a29a99dd39d9d4b9c248d83e
SHA1

aaf0e6c87c243cd6ef93046f01ab89ad45cd8b99
SHA256

b0b8cc29c1c08ddbd26f7b12fe64c7ae7fd24a201da81d52efbacd44996749c5
SHA512

665617a284456c028b7199a3e657fede035eb5aacfe237dd33c15c7bd598d6955f4b5677912369592befed6995c7d1427c41d12fc623eaf27f7f6189a8cfc9c8
SSDEEP

196608:DfHsmejWDNNoF5K7xJFmKhzOxAHbrSYI6iQJ8N+++wklpJW2cvyE8CiN+Gl0+7v4:wi3oO7VOC7Ot6BqN+dwk3JWyLB+j+Ib1

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
Repack-Patch-41-to-42.exe
unpack001/Plugins/BovExpansionPlugin.dll
unpack001/Plugins/ClientSideAddonPlugin.dll
unpack001/Plugins/MathPlugin.dll
unpack001/Plugins/ServerSidePlugin.dll
unpack001/Tribes.exe
unpack001/Uninstall.exe
unpack001/mem.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/Uninstall.exe	nsis_installer_1
static1/unpack001/Uninstall.exe	nsis_installer_2

Files

Repack-Patch-41-to-42.exe
.exe windows:4 windows x86 arch:x86

b1a57b635b23ffd553b3fd1e0960b2bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
SetFileAttributesA
CompareFileTime
SearchPathA
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
Sleep
lstrcmpiA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrcatA
GetSystemDirectoryA
WaitForSingleObject
SetFileTime
CloseHandle
GlobalFree
lstrcmpA
ExpandEnvironmentStringsA
GetExitCodeProcess
GlobalAlloc
GetCommandLineA
GetTempPathA
GetProcAddress
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
ReadFile
FindClose
GetPrivateProfileStringA
WritePrivateProfileStringA
WriteFile
MulDiv
MultiByteToWideChar
LoadLibraryExA
GetModuleHandleA
FreeLibrary

user32

SetCursor
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
EndDialog
ScreenToClient
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetForegroundWindow
GetWindowLongA
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
SetTimer
PostQuitMessage
SetWindowLongA
SendMessageTimeoutA
LoadImageA
wsprintfA
GetDlgItem
FindWindowExA
IsWindow
SetClipboardData
EmptyClipboard
OpenClipboard
EndPaint
CreateDialogParamA
DestroyWindow
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA
ShellExecuteA

advapi32

RegDeleteValueA
SetFileSecurityA
RegOpenKeyExA
RegDeleteKeyA
RegEnumValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_AddMasked
ImageList_Destroy
ImageList_Create
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Plugins/BovExpansionPlugin.dll
.dll windows:6 windows x86 arch:x86

03799829bd5ab756afb8c8546c5d0f66

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Programming\Games\Tribes\Plugins\BovExpansionPlugin\Release\BovExpansionPlugin.pdb

Imports

kernel32

VirtualProtect
GetLastError
GetTickCount
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
UnhandledExceptionFilter
InitializeSListHead
GetSystemTimeAsFileTime

vcruntime140

__std_exception_copy
__std_type_info_destroy_list
_except_handler4_common
memset
__std_exception_destroy
_CxxThrowException
memcpy

api-ms-win-crt-heap-l1-1-0

calloc
free
realloc
_callnewh
malloc

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-string-l1-1-0

strncpy

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vsscanf

api-ms-win-crt-convert-l1-1-0

strtol
atoi

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-runtime-l1-1-0

_cexit
_initterm
_crt_atexit
_execute_onexit_table
_register_onexit_function
_seh_filter_dll
_initialize_narrow_environment
_configure_narrow_argv
_initterm_e
_initialize_onexit_table

Exports

Exports

getPlugin

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 514KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/BovExpansionPlugin.txt
Plugins/ClientSideAddon-DemoCam.txt
.vbs
Plugins/ClientSideAddonPlugin.dll
.dll .vbs windows:6 windows x86 arch:x86 polyglot

01b9db3a2b124c554e916ade314ca0f0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Programming\Games\Tribes\Plugins\ClientSideAddonPlugin\Release\ClientSideAddonPlugin.pdb

Imports

kernel32

VirtualProtect
GetLastError
GetTickCount
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
ResetEvent

user32

SetWindowPos
SetWindowLongA
GetWindowLongA
ChangeDisplaySettingsA
SetForegroundWindow

msvcp140

_Query_perf_frequency
_Query_perf_counter
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ

vcruntime140

memmove
memcpy
__std_type_info_destroy_list
_except_handler4_common
memset
_CxxThrowException
__CxxFrameHandler3
__std_exception_copy
__vcrt_InitializeCriticalSectionEx
__std_exception_destroy

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh
realloc

api-ms-win-crt-convert-l1-1-0

strtof
atof
atoi

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
__stdio_common_vsprintf

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_seh_filter_dll
_configure_narrow_argv
_initterm_e
_initterm
_cexit
_crt_atexit
_register_onexit_function
_execute_onexit_table
_initialize_narrow_environment

api-ms-win-crt-string-l1-1-0

_stricmp
strncpy

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-math-l1-1-0

_libm_sse2_sqrt_precise
floor
_except1
_CIfmod
_CIatan2

Exports

Exports

getPlugin

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/ClientSideAddonPlugin.txt
Plugins/CommLinkPlugin.txt
Plugins/GraphicPlugin.txt
Plugins/MathPlugin.dll
.dll windows:6 windows x86 arch:x86

fd7186d567ef689d750aae6d81d211d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetLastError
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetProcAddress
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringW
GetStringTypeW
GetCPInfo
RtlUnwind
RaiseException
InterlockedFlushSList
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapReAlloc
HeapFree
HeapAlloc
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapSize
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
CreateFileW
WriteConsoleW

Exports

Exports

getPlugin

Sections

.text
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/MathPlugin.txt
Plugins/PatchesPlugin.txt
Plugins/Scripts/DoSFix.cs
Plugins/Scripts/PluginLoader.cs
Plugins/ServerSidePlugin.dll
.dll windows:6 windows x86 arch:x86

86b54c1bc6274c02dfedb74131091138

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Programming\Games\Tribes\Plugins\ServerSidePlugin\Release\ServerSidePlugin.pdb

Imports

kernel32

VirtualProtect
GetLastError
GetTickCount
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
UnhandledExceptionFilter

msvcp140

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?_BADOFF@std@@3_JB
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ

vcruntime140

memcpy
__CxxFrameHandler3
memmove
__std_terminate
__std_type_info_destroy_list
_except_handler4_common
memset
_CxxThrowException
__std_exception_copy
__std_exception_destroy

api-ms-win-crt-heap-l1-1-0

malloc
realloc
calloc
free
_callnewh

api-ms-win-crt-convert-l1-1-0

atof
strtoul
atoi
strtol

api-ms-win-crt-stdio-l1-1-0

fwrite
_get_stream_buffer_pointers
_fseeki64
fsetpos
ungetc
fgetc
fclose
fflush
fputc
__stdio_common_vsprintf
__stdio_common_vsscanf
setvbuf
fgetpos

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_seh_filter_dll
_errno
_invalid_parameter_noinfo
_initialize_narrow_environment
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-string-l1-1-0

strncpy
_stricmp

api-ms-win-crt-math-l1-1-0

_CIatan2
_libm_sse2_sin_precise
floor
_libm_sse2_sqrt_precise
_libm_sse2_cos_precise

Exports

Exports

getPlugin

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/ServerSidePlugin.txt
Plugins/StringPlugin.txt
Plugins/_install.txt
Plugins/_newStuff.txt
Repack readme.txt
Tribes.exe
.exe windows:1 windows x86 arch:x86

52cef68f3caa7541438eb431288274b1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

kernel32

AllocConsole
CloseHandle
CopyFileA
CreateEventA
CreateFileA
CreateFileMappingA
CreateProcessA
CreateSemaphoreA
CreateThread
DebugBreak
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FlushFileBuffers
FormatMessageA
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatA
GetDriveTypeA
GetEnvironmentStrings
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetNumberOfConsoleInputEvents
GetOEMCP
GetProcAddress
GetShortPathNameA
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetTickCount
GetTimeZoneInformation
GetVersion
GetVersionExA
GlobalAlloc
GlobalLock
GlobalMemoryStatus
GlobalUnlock
InitializeCriticalSection
InterlockedExchange
IsBadReadPtr
LeaveCriticalSection
LoadLibraryA
LocalAlloc
LocalFree
MapViewOfFile
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleInputA
ReadFile
ResetEvent
RtlUnwind
SetConsoleCtrlHandler
SetConsoleTitleA
SetCurrentDirectoryA
SetEndOfFile
SetEvent
SetFilePointer
SetHandleCount
SetThreadPriority
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile

wsock32

WSACancelBlockingCall
WSACleanup
WSAGetLastError
WSASetBlockingHook
WSAStartup
WSAUnhookBlockingHook
accept
closesocket
connect
gethostbyname
getsockname
getsockopt
htonl
htons
inet_addr
ioctlsocket
listen
ntohs
recv
recvfrom
send
sendto
setsockopt
socket
bind

comctl32

CreateStatusWindowA
CreateToolbarEx
ImageList_AddMasked
ImageList_BeginDrag
ImageList_Create
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_EndDrag
InitCommonControls

comdlg32

GetOpenFileNameA
GetSaveFileNameA

gdi32

AnimatePalette
BitBlt
ChoosePixelFormat
CreateCompatibleDC
CreateDIBSection
CreateDIBitmap
CreatePalette
DeleteDC
DeleteObject
DescribePixelFormat
GetDIBColorTable
GetDeviceCaps
GetPixelFormat
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32A
RealizePalette
SelectObject
SelectPalette
SetDIBColorTable
SetPixelFormat
StretchBlt
SwapBuffers

shell32

ShellExecuteA

user32

AdjustWindowRect
AdjustWindowRectEx
AppendMenuA
BeginDeferWindowPos
BeginPaint
CallNextHookEx
CallWindowProcA
ChangeDisplaySettingsA
CheckMenuItem
ClientToScreen
CloseClipboard
CreateDialogParamA
CreateMenu
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DeferWindowPos
DeleteMenu
DestroyMenu
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawMenuBar
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndDeferWindowPos
EndDialog
EndPaint
EnumDisplaySettingsA
EnumThreadWindows
GetActiveWindow
GetAsyncKeyState
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetDesktopWindow
GetDlgItem
GetDoubleClickTime
GetFocus
GetForegroundWindow
GetKeyState
GetKeyboardState
GetMenu
GetMenuItemCount
GetMenuItemID
GetParent
GetScrollPos
GetSubMenu
GetSystemMetrics
GetTopWindow
GetWindow
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
GetWindowThreadProcessId
InvalidateRect
IsClipboardFormatAvailable
IsDialogMessageA
IsIconic
IsMenu
IsWindow
LoadCursorA
LoadIconA
LoadMenuA
LoadStringA
MessageBeep
MessageBoxA
MoveWindow
MsgWaitForMultipleObjects
OpenClipboard
PeekMessageA
PostMessageA
PostQuitMessage
RegisterClassA
RegisterClassExA
ReleaseCapture
ReleaseDC
ScreenToClient
SendDlgItemMessageA
SendMessageA
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetDlgItemTextA
SetFocus
SetForegroundWindow
SetMenu
SetRect
SetScrollPos
SetWindowLongA
SetWindowPos
SetWindowTextA
SetWindowsHookExA
ShowCursor
ShowWindow
ToAscii
TrackPopupMenuEx
TranslateAcceleratorA
TranslateMessage
UnhookWindowsHookEx
UpdateWindow
ValidateRect
WindowFromPoint
wsprintfA

winmm

auxGetDevCapsA
auxGetNumDevs
auxGetVolume
auxSetVolume
mciSendCommandA
mixerClose
mixerGetControlDetailsA
mixerGetLineControlsA
mixerGetLineInfoA
mixerGetNumDevs
mixerOpen
mixerSetControlDetails

dsound

DirectSoundCreate

ole32

CoCreateInstance
CoInitialize

Exports

Exports

__GetExceptDLLinfo
___CPPdebugHook
_m_Point3F_len
_m_Point3F_lenf
_m_Point3F_normalizef

Sections

.text
Size: 2.0MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 318KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 126KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Uninstall.exe
.exe windows:4 windows x86 arch:x86

b1a57b635b23ffd553b3fd1e0960b2bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
SetFileAttributesA
CompareFileTime
SearchPathA
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
Sleep
lstrcmpiA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrcatA
GetSystemDirectoryA
WaitForSingleObject
SetFileTime
CloseHandle
GlobalFree
lstrcmpA
ExpandEnvironmentStringsA
GetExitCodeProcess
GlobalAlloc
GetCommandLineA
GetTempPathA
GetProcAddress
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
ReadFile
FindClose
GetPrivateProfileStringA
WritePrivateProfileStringA
WriteFile
MulDiv
MultiByteToWideChar
LoadLibraryExA
GetModuleHandleA
FreeLibrary

user32

SetCursor
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
EndDialog
ScreenToClient
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetForegroundWindow
GetWindowLongA
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
SetTimer
PostQuitMessage
SetWindowLongA
SendMessageTimeoutA
LoadImageA
wsprintfA
GetDlgItem
FindWindowExA
IsWindow
SetClipboardData
EmptyClipboard
OpenClipboard
EndPaint
CreateDialogParamA
DestroyWindow
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA
ShellExecuteA

advapi32

RegDeleteValueA
SetFileSecurityA
RegOpenKeyExA
RegDeleteKeyA
RegEnumValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_AddMasked
ImageList_Destroy
ImageList_Create
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
base/scripts.vol
config/Presto/Install.cs
config/ServerPrefs.cs
console.cs
mem.dll
.dll windows:4 windows x86 arch:x86

4fa62e3b2d213b225bf01153be15be7b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_vsnprintf
strtok
_snprintf
strchr
strstr
malloc
calloc
free
realloc
_strcmpi
memset

kernel32

GetProcAddress
FindFirstFileA
LeaveCriticalSection
InitializeCriticalSection
GetCommandLineA
FreeLibrary
GetCurrentThreadId
DeleteCriticalSection
LoadLibraryA
VirtualProtect
GetModuleHandleA
FindNextFileA

Exports

Exports

MS_Calloc
MS_Free
MS_Malloc
MS_Realloc

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 206B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rpg/Skins/AIL_BLEED.DTS
rpg/Skins/AIL_CHILL.DTS
rpg/Skins/AIL_POISON.DTS
rpg/Skins/AIL_PROJ.DTS
rpg/Skins/AIL_SHOCK.DTS
rpg/Skins/BLOOD_1.bmp
rpg/Skins/skins2021.vol
rpg/Skins/titanhammerskn.bmp
rpg/Skins/tornado.bmp
rpg/Skins/treasure_wood.bmp
rpg/Skins/tribalbrick1.bmp
rpg/Skins/tribalbrick2.bmp
rpg/Skins/tribalbrick3.bmp
rpg/Skins/tribalbrick4.bmp
rpg/Skins/uparrow.bmp
rpg/Skins/vibrosskin.bmp
rpg/Skins/volcanic1.bmp
rpg/Skins/volcanic3.bmp
rpg/Skins/volcanic4.bmp
rpg/Skins/volcanic6.bmp
rpg/Skins/volcanic7.bmp
rpg/Skins/volcanic_1.bmp
rpg/Skins/volcanic_2.bmp
rpg/Skins/volcanic_3.bmp
rpg/Skins/volcanic_4.bmp
rpg/Skins/volcanic_5.bmp
rpg/Skins/volcanic_flame.bmp
rpg/Skins/volcanic_m1.bmp
rpg/Skins/volcanic_m10.bmp
rpg/Skins/volcanic_m11.bmp
rpg/Skins/volcanic_m12.bmp
rpg/Skins/volcanic_m2.bmp
rpg/Skins/volcanic_m3.bmp
rpg/Skins/volcanic_m4.bmp
rpg/Skins/volcanic_m5.bmp
rpg/Skins/volcanic_m6.bmp
rpg/Skins/volcanic_m7.bmp
rpg/Skins/volcanic_m8.bmp
rpg/Skins/volcanic_m9.bmp
rpg/Skins/walkdino.bmp
rpg/Skins/walkturt.bmp
rpg/Skins/warp1.bmp
rpg/Skins/warp2.bmp
rpg/Skins/warp3.bmp
rpg/Skins/water1.bmp
rpg/Skins/whiterock1.bmp
rpg/Skins/whitesiding.bmp
rpg/Skins/window1.bmp
rpg/Skins/wrackskin.bmp
rpg/crushapes1.vol
rpg/crushapes2.vol
rpg/scripts.vol

Sharing

General

Malware Config

Signatures

Files

b1a57b635b23ffd553b3fd1e0960b2bd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 108KB

.ndata Size: - Virtual size: 60KB

.rsrc Size: 17KB - Virtual size: 16KB

03799829bd5ab756afb8c8546c5d0f66

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 514KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1024B - Virtual size: 936B

01b9db3a2b124c554e916ade314ca0f0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 1.8MB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 76B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 2KB

fd7186d567ef689d750aae6d81d211d8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 108KB

.ndata
Size: - Virtual size: 60KB

.rsrc
Size: 17KB - Virtual size: 16KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 514KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 936B

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 1.8MB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 76B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 117KB - Virtual size: 117KB

.rdata
Size: 80KB - Virtual size: 80KB

.data
Size: 7KB - Virtual size: 106KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 1024B - Virtual size: 1.5MB

.gfids
Size: 512B - Virtual size: 72B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 2.0MB - Virtual size: 2.1MB

.data
Size: 318KB - Virtual size: 1.7MB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 7KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 18KB - Virtual size: 20KB

.reloc
Size: 126KB - Virtual size: 128KB