03e1c27da76400738605fa3cc077acd62215c59d6f6c02f4d793c868217bbbc4N

Sharing

Copy URL Twitter E-mail

General

Target

03e1c27da76400738605fa3cc077acd62215c59d6f6c02f4d793c868217bbbc4N
Size

8.0MB
MD5

a2b38b2d12de327788de4eabc6aa7fc0
SHA1

1ad999a4cdcd43a42eff6f3a3e7497eeaa1bdab2
SHA256

03e1c27da76400738605fa3cc077acd62215c59d6f6c02f4d793c868217bbbc4
SHA512

f30bf947260eaacc65f68b66e5cfce64fd96cb91783f239655bd8b5fa0abd562ea4d0c17703cbdf7cd22ad21c3f9e0f2c9aa0c0ea6a771af758a76a17e1a72ec
SSDEEP

49152:zcHx+fotfLa9wqlTQOo8lV5/Wq5+Zwln3kMohR5mqryiOUy8yxSp39cykVvbznr1:zI+fguV3FWo3BMR5mqxGQC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03e1c27da76400738605fa3cc077acd62215c59d6f6c02f4d793c868217bbbc4N

Files

03e1c27da76400738605fa3cc077acd62215c59d6f6c02f4d793c868217bbbc4N
.exe windows:4 windows x86 arch:x86

67f1fa54b263048b92a3947ce283be17

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\WORK2005\BinOut\SR_GameServer.pdb

Imports

kernel32

FormatMessageA
CreateProcessA
DuplicateHandle
MoveFileA
DeleteFileA
CreatePipe
ReadFile
GetFileSize
CreateFileA
MulDiv
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FindClose
FindNextFileA
FindFirstFileA
GetCurrentDirectoryA
lstrlenW
DebugBreak
CompareStringA
SetLocalTime
GetLocalTime
InterlockedIncrement
lstrlenA
GetVersionExA
GetACP
GetLocaleInfoA
CloseHandle
SetThreadPriority
CreateThread
Sleep
IsDebuggerPresent
Process32Next
Process32First
CreateToolhelp32Snapshot
InterlockedExchange
GetTickCount
SetEnvironmentVariableA
CompareStringW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoW
HeapReAlloc
VirtualAlloc
LCMapStringW
LCMapStringA
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetFileType
OutputDebugStringA
GetSystemInfo
GetCurrentThreadId
GetModuleFileNameA
LoadLibraryA
FreeLibrary
PostQueuedCompletionStatus
GlobalMemoryStatus
CreateIoCompletionPort
GetQueuedCompletionStatus
GetLastError
GetUserDefaultLangID
TerminateThread
GetCurrentProcessId
CreateTimerQueueTimer
DeleteTimerQueueTimer
CreateEventA
SetEvent
WaitForSingleObject
GetTimeFormatA
GetDateFormatA
WideCharToMultiByte
WriteConsoleA
GetStdHandle
SetConsoleCtrlHandler
CreateSemaphoreA
GetProcAddress
GetCurrentProcess
SetUnhandledExceptionFilter
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcmpiA
GetWindowsDirectoryA
GetCurrentThread
ExitProcess
InterlockedDecrement
ResetEvent
MultiByteToWideChar
InitializeCriticalSection
FlushFileBuffers
SetFilePointer
SetEndOfFile
WriteFile
UnmapViewOfFile
FlushViewOfFile
CreateFileMappingA
MapViewOfFile
CreateDirectoryA
SleepEx
ResumeThread
SuspendThread
FlushInstructionCache
SetCurrentDirectoryA
GetFileAttributesA
SetFileAttributesA
CopyFileA
GetSystemTimeAsFileTime
GetModuleHandleA
GetDriveTypeA
GetFullPathNameA
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
GetTimeZoneInformation
ExitThread
RaiseException
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
GetCPInfo
GetOEMCP
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetExitCodeProcess

user32

IsWindow
TranslateMessage
DispatchMessageA
SendMessageA
LoadMenuA
SetTimer
GetSubMenu
GetMenu
ShowWindow
DefWindowProcA
RegisterClassA
CreateWindowExA
DestroyWindow
PostQuitMessage
UpdateWindow
GetClientRect
RedrawWindow
SetWindowTextA
PeekMessageA
DrawTextA
LoadCursorA
SetCursor
GetSysColor
LoadIconA
IntersectRect
DrawIcon
InflateRect
CopyRect
PtInRect
OffsetRect
ScreenToClient
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
PostMessageA
MessageBoxA
EndPaint
BeginPaint
ReleaseDC
GetSystemMetrics
GetDC
MoveWindow
IsWindowVisible
SetCapture
ReleaseCapture
GetForegroundWindow
GetParent
UnionRect
SetRect
GetWindowTextA
CharNextA
DestroyMenu
TrackPopupMenu
GetCursorPos
CheckMenuItem
AppendMenuA
CreatePopupMenu

gdi32

SetBkMode
SetTextColor
SelectObject
SetBkColor
DeleteObject
DeleteDC
CreateFontA
GetDeviceCaps
CreateCompatibleBitmap
CreateCompatibleDC
GetNearestColor
SetPixel
GetStockObject
Ellipse
LineTo
MoveToEx
Rectangle
GetTextExtentPoint32A
TextOutA
SetTextAlign
CreateSolidBrush
CreatePen
BitBlt

shell32

ShellExecuteA

iphlpapi

GetAdaptersInfo
GetIpAddrTable

ws2_32

connect
WSASetEvent
WSAGetOverlappedResult
WSASocketA
WSAGetLastError
setsockopt
htons
WSAWaitForMultipleEvents
WSACleanup
bind
closesocket
WSACreateEvent
WSASendTo
WSARecvFrom
shutdown
WSAIoctl
WSARecv
getsockname
accept
getpeername
getsockopt
WSASend
listen
inet_ntoa
ntohs
WSACloseEvent
WSAResetEvent
gethostbyname
inet_addr
socket
WSAStartup

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey

ole32

CoCreateGuid

odbc32

ord18
ord24
ord76
ord11
ord13
ord61
ord36
ord40
ord72
ord26
ord30
ord4
ord75
ord41
ord31
ord16
ord43
ord8

Sections

.text
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67f1fa54b263048b92a3947ce283be17

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

iphlpapi

ws2_32

advapi32

ole32

odbc32

Sections

.text Size: 6.3MB - Virtual size: 6.3MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 120KB - Virtual size: 1.3MB

.rsrc Size: 4KB - Virtual size: 176B

.text
Size: 6.3MB - Virtual size: 6.3MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 120KB - Virtual size: 1.3MB

.rsrc
Size: 4KB - Virtual size: 176B