ffc87bc2f64de4a287b46f877cf4fd90481dfb31d482ed63c9c8f2403b67beae

Sharing

Copy URL

Twitter E-mail

General

Target

ffc87bc2f64de4a287b46f877cf4fd90481dfb31d482ed63c9c8f2403b67beae
Size

4.8MB
MD5

a440bbe3a27469c71b4bec7f31385652
SHA1

38ffb23964784162ba6a1be9b8e1c592722ac6bd
SHA256

ffc87bc2f64de4a287b46f877cf4fd90481dfb31d482ed63c9c8f2403b67beae
SHA512

2cad260cc5690797aaedc83f1d611a0f54393c0701da8e9e214be43a6096467c01b68a924d0fe75be65340c240238050756d3ca144d8155371fa887a34557e1f
SSDEEP

98304:M1nW5UuUxP8FH3VthPiG4c/wKhSCafTzsrM:v5sPYkG4IwcS6M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ffc87bc2f64de4a287b46f877cf4fd90481dfb31d482ed63c9c8f2403b67beae

Files

ffc87bc2f64de4a287b46f877cf4fd90481dfb31d482ed63c9c8f2403b67beae
.exe windows:5 windows x86 arch:x86

571c56be5e018260b2267f3b21bababe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Develop\2022\GameHole2\Release\GameHole.pdb

Imports

winmm

PlaySoundW

kernel32

GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
ResetEvent
SetEvent
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
EncodePointer
QueryPerformanceFrequency
QueryPerformanceCounter
GetStringTypeW
GetExitCodeThread
GetCurrentThread
SwitchToThread
WaitForSingleObjectEx
DuplicateHandle
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
VirtualAlloc
VirtualFree
GlobalFree
SetLastError
GetProcessHeap
HeapFree
CreateFileA
UnregisterWaitEx
WaitForSingleObject
RtlUnwind
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitThread
GetModuleHandleExW
GetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapAlloc
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadConsoleW
SetFilePointerEx
GetFileAttributesExW
GetFullPathNameW
SetStdHandle
GetTimeZoneInformation
SetConsoleCtrlHandler
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
HeapSize
WriteConsoleW
SetEndOfFile
InitializeCriticalSection
SleepEx
DeviceIoControl
GetVolumeInformationA
FindFirstVolumeA
IsBadWritePtr
InterlockedDecrement
InterlockedIncrement
VerifyVersionInfoW
VerSetConditionMask
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
FormatMessageW
GetFileAttributesW
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
SetFilePointer
ReleaseSemaphore
WriteFile
lstrcpyW
MulDiv
FindResourceW
SizeofResource
LoadResource
LockResource
FreeResource
GetACP
GetCurrentDirectoryW
GetModuleHandleW
GetFileSize
CopyFileW
DeleteFileW
GetEnvironmentVariableA
lstrcmpiA
GetEnvironmentVariableW
ReadFile
GlobalUnlock
lstrcpynA
GlobalLock
GlobalAlloc
lstrcpynW
CreateDirectoryW
GetDriveTypeW
GetLogicalDriveStringsW
lstrcmpiW
GetCommandLineW
GetModuleFileNameA
GetDateFormatW
ExitProcess
GetLocalTime
GetDiskFreeSpaceExW
OutputDebugStringW
FreeLibrary
LocalFree
GetSystemDirectoryA
CompareFileTime
MoveFileExA
WaitForMultipleObjects
LoadLibraryA
GetLastError
GetModuleHandleA
FindClose
lstrlenA
lstrlenW
GetTickCount
WideCharToMultiByte
Sleep
MultiByteToWideChar
SetUnhandledExceptionFilter
GetCurrentProcessId
GetProcAddress
LoadLibraryW
CloseHandle
GetCurrentThreadId
CreateFileW
GetModuleFileNameW
GetCurrentProcess
GetSystemTime
SetConsoleMode
ReadConsoleA
SwitchToFiber
DeleteFiber
CreateFiber
FindFirstFileW
ConvertFiberToThread
ConvertThreadToFiber
VirtualProtect
HeapReAlloc

user32

GetActiveWindow
GetUserObjectInformationW
MapVirtualKeyExW
GetKeyNameTextW
GetKeyboardLayout
GetGUIThreadInfo
InvalidateRgn
CreateAcceleratorTableW
DrawTextA
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
EqualRect
SetRect
FillRect
DrawTextW
CharPrevW
GetWindowRgn
IsWindowEnabled
UpdateLayeredWindow
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
GetCaretBlinkTime
CreateCaret
TrackPopupMenu
AppendMenuW
EnableMenuItem
DestroyMenu
CreatePopupMenu
MoveWindow
SetWindowRgn
UpdateWindow
InflateRect
SetCursor
PtInRect
IsRectEmpty
OffsetRect
GetProcessWindowStation
IntersectRect
GetSysColor
MapWindowPoints
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
ReleaseCapture
SetCapture
GetKeyState
GetFocus
UnionRect
CharNextW
IsZoomed
IsWindowVisible
GetMonitorInfoW
MonitorFromWindow
LoadImageW
LoadCursorW
GetWindow
GetParent
GetPropW
SetPropW
GetSystemMetrics
EnableWindow
SetFocus
ShowWindow
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
RegisterClassW
CallWindowProcW
DefWindowProcW
PostMessageW
SendMessageW
DispatchMessageW
TranslateMessage
GetMessageW
wsprintfW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
MessageBoxA
SetForegroundWindow
GetCursorPos
DestroyWindow
PostQuitMessage
FlashWindow
PostMessageA
GetWindowLongW
SetWindowLongW
IsIconic
ScreenToClient
GetClientRect
KillTimer
SetTimer
SetWindowPos
ClientToScreen
GetWindowRect
wsprintfA
MessageBoxW

gdi32

GdiFlush
TextOutW
MoveToEx
GetObjectA
SetTextColor
GetTextExtentPointA
StretchBlt
SetBkMode
SetBkColor
ExtSelectClipRgn
SelectClipRgn
LineTo
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
GetBitmapBits
CreateDIBSection
PtInRegion
CreateRectRgn
CreateRoundRectRgn
SetWindowOrgEx
GetTextMetricsW
PlayEnhMetaFile
CreateEnhMetaFileW
CloseEnhMetaFile
SelectObject
SaveDC
RestoreDC
Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateDIBitmap
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetObjectW
SetBitmapBits
CreatePatternBrush
CombineRgn
SetStretchBltMode
GetEnhMetaFileHeader

advapi32

ReportEventW
RegQueryValueExA
RegisterEventSourceW
DeregisterEventSource
RegOpenKeyExA
RegQueryValueExW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey

shell32

ShellExecuteW
CommandLineToArgvW
ShellExecuteExW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExA
SHGetSpecialFolderPathW
DragQueryFileW

ole32

OleLockRunning
CLSIDFromProgID
CLSIDFromString
ReleaseStgMedium
OleDuplicateData
DoDragDrop
CoSetProxyBlanket
CoCreateInstance
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoInitializeEx

oleaut32

VariantClear
SysFreeString
VariantInit
SysAllocString

shlwapi

PathFileExistsW
StrCpyW
StrCpyNW
PathStripPathA
PathRemoveExtensionA
PathAppendW
PathCombineW
PathAddExtensionW
PathRemoveFileSpecW

gdiplus

GdipSetPenEndCap
GdipSetPenStartCap
GdipDeletePen
GdipDeleteGraphics
GdipSetSmoothingMode
GdipDrawLine
GdipDrawImageI
GdipCreatePath
GdipDeletePath
GdipAddPathLine
ord1
GdipCreateMatrix
GdipDeleteMatrix
GdipTranslateMatrix
GdipRotateMatrix
GdipCreatePen1
GdipSetPenMode
GdipSetPenDashStyle
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipReleaseDC
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipSetWorldTransform
GdipResetWorldTransform
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdipFillPath
GdipDrawImageRectRect
GdipCreateBitmapFromScan0
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipDrawImageRectI
GdipTranslateWorldTransform
GdipCreatePen2
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipCreateBitmapFromStream
GdipGetImageGraphicsContext
GdipCreateFontFromDC
GdipRotateWorldTransform
GdipCreateFromHDC

comctl32

_TrackMouseEvent
InitCommonControlsEx
ord17

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

ws2_32

gethostbyname
gethostname
WSAStartup
bind
shutdown
ioctlsocket
htonl
select
__WSAFDIsSet
freeaddrinfo
getaddrinfo
sendto
recvfrom
listen
accept
WSACleanup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
getnameinfo
recv
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertDuplicateCertificateContext
CertFindCertificateInStore
CertOpenSystemStoreA
CertGetCertificateContextProperty
CertOpenStore

wldap32

ord46
ord211
ord60
ord217
ord33
ord45
ord301
ord200
ord30
ord79
ord35
ord143
ord32
ord27
ord26
ord22
ord41
ord50

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 678KB - Virtual size: 677KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

571c56be5e018260b2267f3b21bababe

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

comctl32

imm32

ws2_32

crypt32

wldap32

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 678KB - Virtual size: 677KB

.data Size: 34KB - Virtual size: 62KB

.rsrc Size: 72KB - Virtual size: 72KB

.reloc Size: 121KB - Virtual size: 121KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 678KB - Virtual size: 677KB

.data
Size: 34KB - Virtual size: 62KB

.rsrc
Size: 72KB - Virtual size: 72KB

.reloc
Size: 121KB - Virtual size: 121KB