47213d3a04a00fb4f9b3e854b1e97050N

Sharing

Copy URL Twitter E-mail

General

Target

47213d3a04a00fb4f9b3e854b1e97050N
Size

1.4MB
MD5

47213d3a04a00fb4f9b3e854b1e97050
SHA1

fab6ca5546ced7239e6fd3c01a3702ce405b3ce3
SHA256

d06e9ce775bede2bc7c71b02ea389080b874ec408268edf1b5ef6d6fe7de0dde
SHA512

e51298ab113ec0636f3f9de90fb2894a426b37cf4586803941f3b88b7bc68515aef33c266257ba7346cc335bbf28f90bb7134e04017e2ba25b73312bbb037446
SSDEEP

24576:N0CHpcG1szLSvJwLWFxT9xWiXoyOWtgNHYdjKnsYu2iaGj+drEH7T:ncfqvCLyxR/YbJ1ujKnk1atQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
47213d3a04a00fb4f9b3e854b1e97050N
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsis7z.dll
unpack001/MissBong.exe
unpack001/bink2w64.dll

Files

47213d3a04a00fb4f9b3e854b1e97050N
.exe windows:4 windows x86 arch:x86

56a78d55f3f7af51443e58e0ce2fb5f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
CreateFileW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 278KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

4b45b7e00344a87332fbd12653854d1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentDirectoryW
GlobalUnlock
GlobalLock
GetModuleHandleW
CloseHandle
SetEndOfFile
SetCurrentDirectoryW
GetPrivateProfileStringW
GetPrivateProfileIntW
MultiByteToWideChar
ReadFile
GetFileSize
CreateFileW
lstrcmpiW
lstrcatW
lstrcpynW
WritePrivateProfileStringW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc
WriteFile
SetFilePointer

user32

LoadCursorW
SetWindowRgn
GetDlgCtrlID
CloseClipboard
DrawFocusRect
OpenClipboard
DrawTextW
SetCursor
LoadIconW
LoadImageW
SetWindowLongW
CreateWindowExW
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamW
GetClientRect
ShowWindow
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
CallWindowProcW
PostMessageW
MessageBoxW
GetSysColor
CharNextW
wsprintfW
GetWindowTextW
SetWindowTextW
SendMessageW
GetWindowLongW
EnableMenuItem
PtInRect
MapWindowPoints
GetClipboardData

gdi32

SetTextColor
DeleteObject
CombineRgn
CreateRectRgn
GetDIBits
SelectObject
CreateCompatibleDC
GetObjectW

shell32

SHGetDesktopFolder
SHGetPathFromIDListW
ShellExecuteW
SHBrowseForFolderW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
make_unicode
show

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsis7z.dll
.dll windows:6 windows x86 arch:x86

2656ea25cde98f31a490513c2db04ae8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalFree
FormatMessageW
GetFileInformationByHandle
SetLastError
DeviceIoControl
GetModuleHandleW
GetProcAddress
HeapAlloc
HeapFree
GetProcessHeap
GetSystemTimeAsFileTime
GetStdHandle
WaitForMultipleObjects
GetTickCount
GetConsoleMode
AreFileApisANSI
SetFileApisToOEM
SetFileApisToANSI
GlobalAlloc
GlobalFree
lstrcpynW
lstrcpyW
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
GetModuleFileNameW
LoadLibraryExW
GetCurrentDirectoryW
CreateDirectoryW
CreateSemaphoreW
RemoveDirectoryW
SetFileAttributesW
SetFileTime
GetTempPathW
GetCurrentProcessId
GetCurrentThreadId
MoveFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetModuleHandleA
SetEndOfFile
GetCurrentProcess
GetSystemInfo
GlobalMemoryStatus
GetProcessAffinityMask
IsProcessorFeaturePresent
WriteConsoleW
HeapSize
GetStringTypeW
DecodePointer
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
WaitForSingleObject
CreateEventW
ReleaseSemaphore
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetVersionExW
VirtualFree
VirtualAlloc
GetLastError
CloseHandle
WriteFile
SetFilePointer
ReadFile
GetFileSize
CreateFileW
DeleteFileW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
GetFileSizeEx
GetConsoleCP
FlushFileBuffers
GetFileType
HeapReAlloc
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess

user32

SendMessageW
FindWindowExW
SetWindowTextW
GetDlgItem
wsprintfW
CharUpperW

advapi32

SetFileSecurityW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

oleaut32

VariantClear
SysAllocStringLen
SysStringLen
SysFreeString
VariantCopy

Exports

Exports

Extract
ExtractWithCallback
ExtractWithDetails

Sections

.text
Size: 323KB - Virtual size: 323KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GameCfg.cfg
GameKey.sav
IO Input.ini
MissBong.exe
.exe windows:5 windows x64 arch:x64

42f05bb6157e0109d46dbf9100892633

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Cloud\Game\미쓰봉\source\240809Ver2.46\x64\Release_End\MissBong.pdb

Imports

kernel32

HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
WideCharToMultiByte
GetLocalTime
DeleteFileA
DeviceIoControl
QueryPerformanceCounter
QueryPerformanceFrequency
SetLocalTime
SetCommMask
SetupComm
PurgeComm
SetCommTimeouts
GetCommState
SetCommState
CreateEventA
ClearCommError
CreateThread
WaitCommEvent
GetOverlappedResult
HeapReAlloc
GetTickCount
RaiseException
DeleteCriticalSection
IsDebuggerPresent
OutputDebugStringW
GetCurrentThreadId
GetTickCount64
GetVersionExA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
GetStartupInfoW
GetCurrentProcessId
HeapFree
HeapSize
GetCurrentProcess
InitializeCriticalSection
lstrlenA
GetSystemTimeAsFileTime
InitializeSListHead
MultiByteToWideChar
LocalFree
IsBadWritePtr
GetLastError
CreateDirectoryA
WriteFile
SetFilePointer
HeapDestroy
ReadFile
CreateFileA
CloseHandle
Sleep
WritePrivateProfileStringA
GetPrivateProfileStringA
ExitProcess
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection

user32

EndDialog
CallWindowProcA
SendMessageA
GetWindowTextA
SetWindowTextA
SetFocus
ShowCursor
MessageBoxA
GetKeyState
SetRect
PostMessageA
wsprintfA
SetWindowPos
GetWindowRect
PostQuitMessage
EndPaint
LoadStringA
LoadAcceleratorsA
PeekMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
LoadIconA
BeginPaint
DefWindowProcA
DestroyWindow
DialogBoxParamA
UpdateWindow
ShowWindow
SetWindowLongPtrA
CreateWindowExA
AdjustWindowRect
RegisterClassExA
LoadCursorA

advapi32

OpenProcessToken
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
RegSetValueExA

ole32

CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoCreateInstance

oleaut32

VariantClear
SysFreeString
SysStringLen
SysAllocString

msvcp140

?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_join
_Thrd_id
_Cnd_wait
?_Throw_C_error@std@@YAXH@Z
_Thrd_start
_Mtx_unlock
_Cnd_destroy
_Cnd_signal
_Mtx_lock
_Cnd_do_broadcast_at_thread_exit
_Mtx_init
_Cnd_init
?_Random_device@std@@YAIXZ
_Mtx_destroy
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Xlength_error@std@@YAXPEBD@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ

d3d9

Direct3DCreate9

d3dx9_43

D3DXMatrixScaling
D3DXMatrixTranslation
D3DXMatrixMultiply
D3DXCreateLine
D3DXCreateFontIndirectA
D3DXCreateSprite
D3DXCompileShader
D3DXMatrixRotationZ
D3DXVec3Normalize
D3DXVec3TransformNormal

winmm

timeGetTime

dsound

ord1

iphlpapi

GetAdaptersAddresses

bink2w64

BinkSetSoundSystem
BinkGetRects
BinkPause
BinkGoto
BinkNextFrame
BinkShouldSkip
BinkDoFrame
BinkRegisterFrameBuffers
BinkWait
BinkGetFrameBuffersInfo
BinkOpen
BinkClose
BinkSetVolume
BinkOpenDirectSound

rpcrt4

UuidCreateSequential

vcruntime140

__std_exception_copy
__std_exception_destroy
_CxxThrowException
__C_specific_handler
memset
memcmp
memcpy
memmove
__CxxFrameHandler3
__std_terminate
strchr
_purecall
strrchr
strstr

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo
_register_thread_local_exe_atexit_callback
_c_exit
_errno
_invalid_parameter_noinfo_noreturn
_initterm_e
terminate
_initterm
exit
_get_narrow_winmain_command_line
system
_exit
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vsprintf_s
fwrite
ftell
_set_fmode
fseek
fflush
__stdio_common_vfprintf
__stdio_common_vsprintf
fopen_s
__p__commode
fclose
fread
fopen

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-convert-l1-1-0

atol
atoi

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc
_set_new_mode

api-ms-win-crt-string-l1-1-0

strcpy_s
strncpy
strcmp
strncmp

api-ms-win-crt-math-l1-1-0

__setusermatherr
sinf
_fdtest
atan2f
sqrtf
acosf
cosf

api-ms-win-crt-multibyte-l1-1-0

_mbsupr
_mbscmp

api-ms-win-crt-time-l1-1-0

_time64
clock

api-ms-win-crt-filesystem-l1-1-0

rename

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 529KB - Virtual size: 529KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 530KB - Virtual size: 529KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OiddInfo.ini
bink2w64.dll
.dll windows:5 windows x64 arch:x64

6b35d3999e2a065212609a92b090406a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\devel\projects\bink\build\bink2w64.pdb

Imports

user32

GetWindow
ChangeDisplaySettingsA
IsWindowVisible
GetSystemMetrics
GetCursorPos
DefWindowProcA
ReleaseDC
PeekMessageA
CreateWindowExA
UnregisterClassA
ShowCursor
GetDC
BeginPaint
GetClassLongPtrA
GetClientRect
IsIconic
GetWindowLongPtrA
GetTopWindow
GetWindowLongA
GetActiveWindow
GetWindowThreadProcessId
RegisterClassA
EndPaint
ClientToScreen
DestroyWindow
SetCursor
ScreenToClient
GetWindowRect

gdi32

CreateDIBSection
GetDeviceCaps
StretchBlt
GetDIBits
SetPixel
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
SetStretchBltMode
GetPixel
DeleteDC

kernel32

GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
WriteFile
HeapReAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize
LocalAlloc
ReleaseMutex
SetErrorMode
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
Sleep
GetSystemInfo
GetCurrentProcessId
OutputDebugStringA
QueryPerformanceCounter
GetTickCount
GetEnvironmentVariableA
QueryPerformanceFrequency
CreateFileA
SetFilePointer
ReadFile
GetLastError
CloseHandle
HeapAlloc
HeapFree
HeapCreate
SetUnhandledExceptionFilter
WaitForSingleObject
GetCurrentThread
InitializeCriticalSection
LeaveCriticalSection
CreateSemaphoreA
SetThreadPriority
ReleaseSemaphore
RaiseException
EnterCriticalSection
OpenThread
GetThreadPriority
CreateMutexA
DeleteCriticalSection
GetCurrentThreadId
SetThreadAffinityMask
ResumeThread
CreateThread
RtlUnwindEx
HeapDestroy
HeapSetInformation
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
GetModuleHandleW
FlsAlloc
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError

winmm

waveOutPrepareHeader
waveOutOpen
waveOutUnprepareHeader
waveOutSetVolume
waveOutReset
waveOutRestart
waveOutPause
waveOutWrite
waveOutClose
timeGetTime
timeEndPeriod
timeBeginPeriod

ole32

CoInitializeEx
CoCreateInstance

Exports

Exports

BinkBufferBlit
BinkBufferCheckWinPos
BinkBufferClear
BinkBufferClose
BinkBufferGetDescription
BinkBufferGetError
BinkBufferLock
BinkBufferOpen
BinkBufferSetDirectDraw
BinkBufferSetHWND
BinkBufferSetOffset
BinkBufferSetResolution
BinkBufferSetScale
BinkBufferUnlock
BinkCheckCursor
BinkClose
BinkCloseTrack
BinkControlBackgroundIO
BinkControlPlatformFeatures
BinkCopyToBuffer
BinkCopyToBufferRect
BinkDDSurfaceType
BinkDX8SurfaceType
BinkDX9SurfaceType
BinkDoFrame
BinkDoFrameAsync
BinkDoFrameAsyncWait
BinkDoFramePlane
BinkFreeGlobals
BinkGetError
BinkGetFrameBuffersInfo
BinkGetKeyFrame
BinkGetPalette
BinkGetPlatformInfo
BinkGetRealtime
BinkGetRects
BinkGetSummary
BinkGetTrackData
BinkGetTrackID
BinkGetTrackMaxSize
BinkGetTrackType
BinkGoto
BinkIsSoftwareCursor
BinkLogoAddress
BinkNextFrame
BinkOpen
BinkOpenDirectSound
BinkOpenMiles
BinkOpenTrack
BinkOpenWaveOut
BinkOpenWithOptions
BinkOpenXAudio2
BinkPause
BinkRegisterFrameBuffers
BinkRequestStopAsyncThread
BinkRestoreCursor
BinkService
BinkSetError
BinkSetFileOffset
BinkSetFrameRate
BinkSetIO
BinkSetIOSize
BinkSetMemory
BinkSetPan
BinkSetSimulate
BinkSetSoundOnOff
BinkSetSoundSystem
BinkSetSoundSystem2
BinkSetSoundTrack
BinkSetSpeakerVolumes
BinkSetVideoOnOff
BinkSetVolume
BinkSetWillLoop
BinkShouldSkip
BinkStartAsyncThread
BinkUseTelemetry
BinkUseTmLite
BinkWait
BinkWaitStopAsyncThread
RADTimerRead

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK16
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK32
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINKP8
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RADCODE
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINKBSS
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

BINKDATA
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BINKCONS
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RADDATA
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RADCONST
Size: 512B - Virtual size: 150B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
oidd.id
pass.pwd

Sharing

General

Malware Config

Signatures

Files

56a78d55f3f7af51443e58e0ce2fb5f6

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1KB - Virtual size: 172KB

.ndata Size: - Virtual size: 72KB

.rsrc Size: 278KB - Virtual size: 277KB

4b45b7e00344a87332fbd12653854d1a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 19KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 120B

.reloc Size: 1024B - Virtual size: 662B

2656ea25cde98f31a490513c2db04ae8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

Exports

Exports

Sections

.text Size: 323KB - Virtual size: 323KB

.rdata Size: 73KB - Virtual size: 72KB

.data Size: 8KB - Virtual size: 35KB

.rsrc Size: 1024B - Virtual size: 912B

.reloc Size: 17KB - Virtual size: 17KB

42f05bb6157e0109d46dbf9100892633

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 172KB

.ndata
Size: - Virtual size: 72KB

.rsrc
Size: 278KB - Virtual size: 277KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 662B

.text
Size: 323KB - Virtual size: 323KB

.rdata
Size: 73KB - Virtual size: 72KB

.data
Size: 8KB - Virtual size: 35KB

.rsrc
Size: 1024B - Virtual size: 912B

.reloc
Size: 17KB - Virtual size: 17KB

.text
Size: 529KB - Virtual size: 529KB

.rdata
Size: 124KB - Virtual size: 124KB

.data
Size: 8KB - Virtual size: 22KB

.pdata
Size: 17KB - Virtual size: 16KB

.rsrc
Size: 530KB - Virtual size: 529KB

.reloc
Size: 1024B - Virtual size: 564B

.text
Size: 56KB - Virtual size: 55KB

BINK16
Size: 2KB - Virtual size: 2KB

BINK32
Size: 3KB - Virtual size: 2KB

BINKP8
Size: 3KB - Virtual size: 2KB

BINK
Size: 226KB - Virtual size: 226KB

RADCODE
Size: 2KB - Virtual size: 1KB

BINKBSS
Size: - Virtual size: 104KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 21KB - Virtual size: 25KB

.pdata
Size: 9KB - Virtual size: 9KB

BINKDATA
Size: 12KB - Virtual size: 11KB

BINKCONS
Size: 30KB - Virtual size: 29KB

RADDATA
Size: 512B - Virtual size: 44B

RADCONST
Size: 512B - Virtual size: 150B

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 2KB - Virtual size: 1KB