9e923010ed356721186b9cc88618fc3a3c5e4b6744e072490fa3d46acea94949

Sharing

Copy URL Twitter E-mail

General

Target

9e923010ed356721186b9cc88618fc3a3c5e4b6744e072490fa3d46acea94949
Size

1.3MB
MD5

6aebcec0baf0a4b5507dcaf262cae562
SHA1

281acebe7fc0d32bef9c44b19a6f6382b017920e
SHA256

9e923010ed356721186b9cc88618fc3a3c5e4b6744e072490fa3d46acea94949
SHA512

c76e1f6d7f33d467bb0468f357fcd602dbaa5c8bf7b268d6cf647ddaa010c8e2dc9f72da8ca9a2906df07cdd4b01e09bcf6601b085d803df5b330c500454826d
SSDEEP

24576:z0qGIeY9eoR/QY9nmObuLsQAbUzhaiTAila60uVtuq2w0lTHBp8:z0XIemXMAbUzMLilaz/q2fThp8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9e923010ed356721186b9cc88618fc3a3c5e4b6744e072490fa3d46acea94949

Files

9e923010ed356721186b9cc88618fc3a3c5e4b6744e072490fa3d46acea94949
.dll windows:6 windows x86 arch:x86

5eaf2fb6ec0b20c198bda84cad7c47e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\sources\work\speedup_game_fyb_pc_host\Output\Release\BinFinal\SpeedupPSpeedup.pdb

Imports

winhttp

WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpOpen

ws2_32

__WSAFDIsSet
ioctlsocket
connect
WSASocketW
WSASendTo
WSARecvFrom
getsockname
bind
htonl
inet_ntoa
WSACloseEvent
WSAGetLastError
send
recv
shutdown
WSAWaitForMultipleEvents
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACleanup
WSAStartup
socket
setsockopt
sendto
recvfrom
ntohs
ntohl
htons
closesocket
inet_pton
select
inet_addr

kernel32

LCMapStringW
CompareStringW
GetConsoleMode
GetConsoleOutputCP
GetFileType
GetStdHandle
ExitProcess
FileTimeToSystemTime
FindNextFileW
FindFirstFileExW
MoveFileExW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateDirectoryW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
DecodePointer
CloseHandle
RaiseException
GetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
WaitForSingleObject
ResumeThread
GetLocalTime
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
ReleaseSemaphore
CreateSemaphoreW
GetCurrentProcessId
GetTickCount
SystemTimeToFileTime
GlobalAlloc
GlobalFree
Sleep
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
WideCharToMultiByte
lstrcmpiA
DeleteFileW
GetFileAttributesExW
GetCurrentProcess
CreateProcessW
GetWindowsDirectoryW
GetVersionExW
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
IsWow64Process
FreeLibrary
GetModuleHandleExA
GetProcAddress
LoadLibraryW
CopyFileW
FindClose
FindFirstFileW
GetTickCount64
CreateIoCompletionPort
GetQueuedCompletionStatus
GetCurrentThreadId
GetSystemInfo
InitializeCriticalSection
GetModuleFileNameA
IsBadReadPtr
CreateFileW
FlushFileBuffers
GetFileSize
SetFilePointer
WriteFile
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
IsValidLocale
CancelIo
MultiByteToWideChar
SetWaitableTimer
CancelWaitableTimer
CreateWaitableTimerW
GetSystemTime
SystemTimeToTzSpecificLocalTime
LocalAlloc
LocalFree
SetEvent
CreateEventW
WaitForMultipleObjects
TerminateThread
ResetEvent
SetThreadExecutionState
DeleteFileA
GetPrivateProfileIntW
GetCurrentThread
SetThreadPriority
HeapCreate
CreateThread
IsDebuggerPresent
SetUnhandledExceptionFilter
EncodePointer
DisableThreadLibraryCalls
GetModuleHandleW
LoadLibraryExW
lstrcmpiW
GetThreadLocale
SetThreadLocale
lstrlenW
GetPrivateProfileStringA
SetEndOfFile
OutputDebugStringW
InterlockedFlushSList
RtlUnwind
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
InitializeCriticalSectionAndSpinCount
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
GetCPInfo
GetUserDefaultLCID
EnumSystemLocalesW
GetFileSizeEx
SetFilePointerEx
WaitForSingleObjectEx
ReadConsoleW
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetSystemTimeAsFileTime
LCMapStringEx
GetStringTypeW
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetLocaleInfoW
SetStdHandle
WriteConsoleW
InitOnceBeginInitialize
InitOnceComplete
DeviceIoControl

user32

MessageBoxW
SendMessageTimeoutW
PostMessageW
IsWindow
FindWindowW
wsprintfW
CharNextW
SetWindowLongW
GetPropW
SetPropW
CallWindowProcW
DefWindowProcW

advapi32

QueryServiceConfigW
CloseServiceHandle
OpenSCManagerW
OpenServiceA
QueryServiceStatusEx
StartServiceW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
ChangeServiceConfigA

ole32

StringFromGUID2
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoTaskMemRealloc

shell32

ord680

oleaut32

UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysFreeString
SysAllocString
SysStringLen

shlwapi

PathCombineW
PathAppendW
PathRemoveFileSpecW
PathFileExistsW
StrStrA
StrStrW
SHSetValueW
PathIsDirectoryW
StrStrIA
PathAppendA
StrStrIW
SHGetValueA
PathAddBackslashW
SHGetValueW
PathFileExistsA

rpcrt4

NdrDllGetClassObject
NdrCStdStubBuffer_Release
NdrOleFree
NdrOleAllocate
NdrDllCanUnloadNow
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrCStdStubBuffer2_Release

iphlpapi

GetIfTable
GetNetworkParams
GetIpForwardTable
GetAdaptersInfo
GetIpNetTable

setupapi

SetupCloseInfFile
SetupFindFirstLineW
SetupGetStringFieldW
SetupOpenInfFileW

Exports

Exports

Speedup_Get_Apis
call_acc
start_acc
stop_acc

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 4.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5eaf2fb6ec0b20c198bda84cad7c47e2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winhttp

ws2_32

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

rpcrt4

iphlpapi

setupapi

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 256KB - Virtual size: 256KB

.data Size: 6KB - Virtual size: 4.9MB

.rsrc Size: 1024B - Virtual size: 784B

.reloc Size: 32KB - Virtual size: 32KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 256KB - Virtual size: 256KB

.data
Size: 6KB - Virtual size: 4.9MB

.rsrc
Size: 1024B - Virtual size: 784B

.reloc
Size: 32KB - Virtual size: 32KB