46a45241125912e5c3d208f250edac007ca4c7f75024e01ef061a0ab7afc9f7fN

Sharing

Copy URL Twitter E-mail

General

Target

46a45241125912e5c3d208f250edac007ca4c7f75024e01ef061a0ab7afc9f7fN
Size

5.4MB
MD5

1d5315c6324c3e10ff94e87bae7590c0
SHA1

f05adc7eedb95f6a030495855c2e7443bd127a81
SHA256

46a45241125912e5c3d208f250edac007ca4c7f75024e01ef061a0ab7afc9f7f
SHA512

995e42b499968a6be64a7f1ec4f3f03f0643f0f9cd803f7c26f3ac11f129885c9879f3a4c89043a99828013edd6c2379137a7cea72ebbd82dec102147c53a971
SSDEEP

98304:mb/6cdIe6R6hW9JzmsnDq6Om9YZo5tGTzY7HdQljAlyAe:aCaW9JzmQW61zGp8ld

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46a45241125912e5c3d208f250edac007ca4c7f75024e01ef061a0ab7afc9f7fN

Files

46a45241125912e5c3d208f250edac007ca4c7f75024e01ef061a0ab7afc9f7fN
.exe windows:6 windows x86 arch:x86

9595129d615e9c7894fd0b0256aa32a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\shaiya-sources\shaiya_eg_vc2010\_temp\client\Win32\EG_ReleaseGM_2010\GameGM.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

winmm

timeGetTime

ws2_32

WSAAsyncSelect
connect
setsockopt
inet_addr
htons
WSAStartup
closesocket
gethostbyname
send
inet_ntoa
recv
socket
WSAGetLastError

ddraw

DirectDrawCreate

kernel32

GetExitCodeThread
GetSystemInfo
IsDBCSLeadByte
ReadProcessMemory
GlobalMemoryStatusEx
GetModuleHandleW
GetSystemTime
InitializeCriticalSection
GetCurrentDirectoryA
SetCurrentDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
CreateDirectoryA
GlobalUnlock
GetFileSize
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
SetEvent
CreateEventA
GetLocaleInfoA
CompareStringA
GetSystemDirectoryA
WaitForSingleObjectEx
FormatMessageA
LocalFree
FileTimeToLocalFileTime
CreateDirectoryW
FlushFileBuffers
GetOEMCP
GetACP
IsValidCodePage
GetFileSizeEx
SetEndOfFile
SetStdHandle
DeleteFileW
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetTempPathW
RaiseException
FindNextFileW
FindFirstFileExW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEnvironmentVariableW
GetFullPathNameW
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetFileType
GetModuleHandleExW
GetCurrentThreadId
ExitThread
LoadLibraryExW
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
RtlUnwind
VirtualAlloc
VirtualFree
InterlockedCompareExchange
InterlockedExchange
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
OutputDebugStringW
GetCPInfo
CompareStringEx
LCMapStringEx
EncodePointer
HeapReAlloc
GetCurrentThread
HeapSize
InitializeCriticalSectionEx
OutputDebugStringA
HeapFree
VirtualProtect
GetVersionExA
DeviceIoControl
CreateIoCompletionPort
CancelIo
GetModuleHandleA
GetLocalTime
FileTimeToSystemTime
FreeEnvironmentStringsW
QueryPerformanceCounter
WideCharToMultiByte
FreeLibrary
GetProcAddress
lstrcpyA
QueryPerformanceFrequency
LoadLibraryA
CreateFileA
lstrlenA
GetFullPathNameA
GetModuleFileNameA
FreeLibraryAndExitThread
FindClose
GetPrivateProfileStringA
WritePrivateProfileStringA
GetTickCount
Sleep
MultiByteToWideChar
GetModuleFileNameW
lstrlenW
WaitNamedPipeW
GetCurrentProcessId
SetThreadPriority
FindNextFileA
TerminateProcess
GetCurrentProcess
FindFirstFileA
GetVolumeInformationA
CheckRemoteDebuggerPresent
IsDebuggerPresent
GetProcessHeap
ExitProcess
DeleteCriticalSection
GetThreadContext
DecodePointer
HeapAlloc
TlsFree
CreateThread
CloseHandle
GetLastError
CreateFileW
PeekNamedPipe
WriteFile
WriteConsoleW
ReadFile
GetCommandLineW
GetEnvironmentStringsW
GetStdHandle
GetPrivateProfileIntA
lstrcmpiA
GetComputerNameA
GetCommandLineA
IsBadReadPtr
SetUnhandledExceptionFilter
CopyFileA
InitializeCriticalSectionAndSpinCount
ResetEvent
CreateEventW
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
GetStringTypeW

user32

LoadStringA
SetRect
GetDC
SetWindowTextA
GetDesktopWindow
wvsprintfW
GetKeyboardLayout
ClientToScreen
ShowCursor
SetCursorPos
OffsetRect
CopyRect
GetWindowRect
SetWindowPos
ScreenToClient
SetWindowLongA
MoveWindow
GetCursorPos
PtInRect
GetAsyncKeyState
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
FlashWindowEx
ReleaseDC
wsprintfA
PostMessageA
DefWindowProcW
GetMessageA
DispatchMessageA
GetFocus
LoadCursorA
DestroyWindow
FillRect
GetSystemMetrics
ShowWindow
AdjustWindowRect
DefWindowProcA
CreateWindowExA
SetFocus
TranslateMessage
SendMessageA
SetCursor
LoadIconA
SystemParametersInfoA
GetClientRect
PeekMessageA
PostQuitMessage
RegisterClassExA
UpdateWindow
GetClassNameA
GetWindowTextA
EnumWindows
UnregisterClassA
GetWindowTextLengthA
MessageBoxA

gdi32

CreateFontIndirectW
SetTextAlign
ExtTextOutA
MoveToEx
ExtTextOutW
CreateFontIndirectA
GetFontLanguageInfo
GetTextMetricsW
SetBkMode
GetCharacterPlacementA
GetGlyphOutlineA
GetTextMetricsA
GetObjectW
GetObjectA
GetCharacterPlacementW
SetTextColor
SetBkColor
SetMapMode
CreateFontA
SetDeviceGammaRamp
GetTextExtentPoint32A
GetDeviceGammaRamp
GetTextExtentPoint32W
CreateDCA
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
DeleteDC
DeleteObject
CreateSolidBrush
CreateDIBSection

advapi32

RegCreateKeyExW
RegSetValueExW
RegOpenKeyA
GetUserNameA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHGetMalloc

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SystemTimeToVariantTime
VariantInit
SysStringLen
VariantClear

iphlpapi

GetAdaptersInfo

gdiplus

GdipFree
GdipCloneImage
GdiplusShutdown
GdipDisposeImage
GdipAlloc
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdiplusStartup

imm32

ImmGetContext
ImmReleaseContext
ImmGetConversionStatus
ImmGetProperty
ImmGetCompositionStringW
ImmGetIMEFileNameA
ImmAssociateContext
ImmGetOpenStatus
ImmSetConversionStatus
ImmNotifyIME
ImmGetCandidateListW
ImmIsIME

d3d9

Direct3DCreate9

dinput8

DirectInput8Create

dsound

ord11

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 480KB - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 27.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 387KB - Virtual size: 386KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9595129d615e9c7894fd0b0256aa32a2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

winmm

ws2_32

ddraw

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

iphlpapi

gdiplus

imm32

d3d9

dinput8

dsound

Sections

.text Size: 4.2MB - Virtual size: 4.2MB

.rdata Size: 480KB - Virtual size: 480KB

.data Size: 80KB - Virtual size: 27.6MB

.rsrc Size: 387KB - Virtual size: 386KB

.reloc Size: 214KB - Virtual size: 213KB

.text
Size: 4.2MB - Virtual size: 4.2MB

.rdata
Size: 480KB - Virtual size: 480KB

.data
Size: 80KB - Virtual size: 27.6MB

.rsrc
Size: 387KB - Virtual size: 386KB

.reloc
Size: 214KB - Virtual size: 213KB