acf2a217674bb325b85ff9f16b5b7db2a6ad1396f4dbeb1614022d25439824e7

Sharing

Copy URL

Twitter E-mail

General

Target

acf2a217674bb325b85ff9f16b5b7db2a6ad1396f4dbeb1614022d25439824e7
Size

3.1MB
MD5

46246ef5529b0b95a287cbd43a2b6123
SHA1

295df73be526720b27f3955ea54deab94388b441
SHA256

acf2a217674bb325b85ff9f16b5b7db2a6ad1396f4dbeb1614022d25439824e7
SHA512

2523767b0706b12af6dfe232b215281346291b61446b539164e4c7ad27f495c4fd05fc275ae543b0b44072529a60df17319ea18c8d91f33c226a4dd58d11e319
SSDEEP

49152:xRjGTtCtHLcQ0ywF3mje3ZgjwGZpCsy8wSQHo5MSlYo4axkjiHPLRcP1cA6UR+R/:PctCiQNwlmjyZgxkjiHjRQcA+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
acf2a217674bb325b85ff9f16b5b7db2a6ad1396f4dbeb1614022d25439824e7

Files

acf2a217674bb325b85ff9f16b5b7db2a6ad1396f4dbeb1614022d25439824e7
.exe windows:5 windows x86 arch:x86

370f92f843c0b2c837cd36540e0a1b85

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\pcagamecenter\src\gamecenter\Release\minigameclient.pdb

Imports

ws2_32

ntohs
WSAGetLastError
shutdown
WSAStartup
WSASetLastError
getnameinfo
getservbyname
inet_ntoa
gethostbyname
gethostname
ioctlsocket
sendto
recvfrom
listen
accept
freeaddrinfo
getaddrinfo
WSAIoctl
setsockopt
WSACleanup
htons
getsockopt
getsockname
getpeername
connect
bind
select
__WSAFDIsSet
socket
send
recv
closesocket

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

kernel32

GetVersionExW
CreateEventW
LockResource
FindResourceExW
WideCharToMultiByte
GetTickCount
GetDriveTypeW
lstrcpynW
lstrcpyW
GetFullPathNameW
FreeLibraryAndExitThread
ExitThread
SystemTimeToTzSpecificLocalTime
GetEnvironmentVariableW
FindNextFileW
FindFirstFileW
GetModuleFileNameA
QueryPerformanceCounter
GetCommandLineW
GlobalAddAtomW
LoadLibraryW
GetSystemTime
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
SetConsoleMode
ReadConsoleA
VerifyVersionInfoA
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
VerSetConditionMask
FormatMessageA
ExpandEnvironmentStringsA
PeekNamedPipe
WaitForMultipleObjects
SleepEx
InitializeCriticalSection
SetEndOfFile
WriteConsoleW
DebugBreak
CreateThread
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
FindClose
SetConsoleCtrlHandler
FlushFileBuffers
ReadConsoleW
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleCP
GetTimeZoneInformation
GetFileType
GetACP
GetStdHandle
GetModuleHandleExW
ExitProcess
GetCommandLineA
RtlUnwind
GetCurrentProcessId
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
GetFileSize
CloseHandle
CreateFileW
ReadFile
LoadLibraryExW
lstrcmpiW
FreeLibrary
GetModuleHandleW
GetProcAddress
FindResourceW
LoadResource
SizeofResource
MulDiv
lstrcmpW
GlobalUnlock
InterlockedIncrement
GlobalLock
GlobalAlloc
GetCurrentThreadId
LeaveCriticalSection
GetModuleFileNameW
InterlockedDecrement
EnterCriticalSection
SetLastError
CreateProcessA
CreateProcessW
GetCurrentThread
MultiByteToWideChar
GetProcessHeap
SetEvent
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
IsDebuggerPresent
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
EncodePointer
FormatMessageW
GetStringTypeW
GetCurrentDirectoryW
SystemTimeToFileTime
FileTimeToSystemTime
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetCurrentProcess
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualFree
GetConsoleMode
WaitForSingleObject
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
WriteFile
LoadLibraryExA
VirtualQuery
VirtualProtect
GetFileAttributesExW
SetStdHandle

user32

GetDlgItem
GetClientRect
SetWindowLongW
SetCapture
GetClassNameW
LoadCursorW
CharNextW
SetFocus
CreateAcceleratorTableW
MoveWindow
GetSysColor
GetUserObjectInformationW
GetProcessWindowStation
IsChild
DestroyAcceleratorTable
ClientToScreen
RedrawWindow
InvalidateRgn
IsWindow
RegisterClassExW
SetWindowTextW
SendMessageW
ScreenToClient
CreateWindowExW
GetDesktopWindow
SetWindowPos
GetDC
DestroyWindow
GetFocus
GetWindow
CallWindowProcW
DefWindowProcW
SubtractRect
ReleaseDC
wsprintfW
CopyRect
GetClassInfoExW
GetParent
RegisterWindowMessageW
ReleaseCapture
FillRect
InvalidateRect
GetWindowTextLengthW
GetWindowLongW
SetForegroundWindow
FindWindowW
TranslateMessage
BringWindowToTop
PeekMessageW
DispatchMessageW
ShowWindow
SetActiveWindow
GetMessageW
PostMessageW
PostQuitMessage
MessageBoxW
MessageBoxA
SetMenu
RegisterHotKey
MapWindowPoints
BeginPaint
EndPaint
GetWindowTextW
UnregisterClassW
UnregisterHotKey
GetWindowRect
MonitorFromWindow
GetSystemMetrics
GetWindowPlacement
GetMonitorInfoW

gdi32

CreateSolidBrush
DeleteObject
DeleteDC
GetDeviceCaps
GetStockObject
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
BitBlt
SetViewportOrgEx
GetObjectW

advapi32

CryptEnumProvidersW
CryptSignHashW
RegisterEventSourceW
ReportEventW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
CryptGetUserKey
DeregisterEventSource

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoUninitialize
CoInitialize
CoTaskMemRealloc
OleLockRunning
CLSIDFromString
OleInitialize
CreateStreamOnHGlobal
CoTaskMemFree
CLSIDFromProgID
StringFromGUID2
CoTaskMemAlloc
OleUninitialize
CoGetClassObject
CoInitializeEx
CoCreateInstance
PropVariantClear

oleaut32

SafeArrayUnaccessData
VariantChangeType
VarUI4FromStr
SafeArrayAccessData
SafeArrayCreate
LoadRegTypeLi
VariantInit
LoadTypeLi
SysFreeString
OleCreateFontIndirect
SysAllocString
DispCallFunc
SysStringLen
SysAllocStringLen
VariantClear

dsound

ord11

shlwapi

PathRemoveFileSpecW
PathAppendW
PathRemoveFileSpecA
PathFileExistsW

winmm

waveOutWrite

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

netapi32

Netbios

wldap32

ord143
ord217
ord46
ord211
ord60
ord50
ord41
ord22
ord26
ord27
ord32
ord301
ord200
ord30
ord79
ord35
ord33

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 638KB - Virtual size: 637KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

370f92f843c0b2c837cd36540e0a1b85

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

crypt32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

dsound

shlwapi

winmm

version

netapi32

wldap32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 638KB - Virtual size: 637KB

.data Size: 27KB - Virtual size: 44KB

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.gfids Size: 1024B - Virtual size: 756B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 121KB - Virtual size: 120KB

.reloc Size: 92KB - Virtual size: 91KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 638KB - Virtual size: 637KB

.data
Size: 27KB - Virtual size: 44KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.gfids
Size: 1024B - Virtual size: 756B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 121KB - Virtual size: 120KB

.reloc
Size: 92KB - Virtual size: 91KB