881251b89d8e65a3ee45a6650e9cfd85e8ad835c791bd1935f74b3862d907728

Sharing

Copy URL Twitter E-mail

General

Target

881251b89d8e65a3ee45a6650e9cfd85e8ad835c791bd1935f74b3862d907728
Size

13.7MB
MD5

a46b2cafa7165180b9a5e136f3a74412
SHA1

6672bdad4dbea10a3696b6e64bf0cb2bf9ed490c
SHA256

881251b89d8e65a3ee45a6650e9cfd85e8ad835c791bd1935f74b3862d907728
SHA512

4a09f9c8a0056e1eeac4587a040baac50e8450e9aa8961a1b8c457af61771e59209a643fa53646271ac48b8a5ce0cf1989bb5c64dfbcc99a834caa275cef4cad
SSDEEP

196608:mAXZbGjKaNXtd/XXz78cFpossuc1fKne8DvoQGvC2n9SMDSSc0AbRz3Gtbf:JVgXtpUxuWKnoRvCO3SQAbZ3Gtr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
881251b89d8e65a3ee45a6650e9cfd85e8ad835c791bd1935f74b3862d907728

Files

881251b89d8e65a3ee45a6650e9cfd85e8ad835c791bd1935f74b3862d907728
.exe windows:6 windows x86 arch:x86

2d38f61fc11bd23509981cff235d78b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\.jenkins\workspace\MGame\WinOpt\Winopt_inst_uninst\bin\Inst\Release\Install.pdb

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
MoveFileExW
CopyFileW
WritePrivateProfileStringW
GetPrivateProfileStringW
FindNextFileW
FindFirstFileW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetSystemInfo
CreateFileW
GetModuleFileNameW
ExitThread
GetModuleHandleW
FreeLibrary
GetCurrentProcess
InitializeCriticalSectionEx
GetLastError
DecodePointer
DeleteFileW
CreateThread
LoadLibraryW
FindResourceW
SizeofResource
LockResource
LoadResource
GetProcAddress
FindResourceExW
GetLocalTime
WaitForMultipleObjects
Sleep
CreateEventW
WaitForSingleObject
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
GetFileType
GetTimeZoneInformation
GetModuleHandleExW
RtlUnwind
lstrcmpA
DeviceIoControl
GetSystemWindowsDirectoryW
LocalFree
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
GetModuleHandleA
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
FreeLibraryAndExitThread
GetThreadTimes
RaiseException
CloseHandle
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
IsDebuggerPresent
OutputDebugStringW
GetStringTypeW
FormatMessageW
TryEnterCriticalSection
GetCurrentThreadId
EncodePointer
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
GetExitCodeThread
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
GetCurrentProcessId
OpenProcess
MulDiv
GetACP
ExitProcess
FreeResource
GetFileSize
ReadFile
lstrcmpW
SetEndOfFile
SetFilePointer
SetFileTime
WriteFile
GetVersion
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
GetTempFileNameW
GetTempPathW
ResumeThread
ResetEvent
IsBadReadPtr
lstrcpynW
lstrcpyW
lstrlenW
GetFileAttributesExW
IsWow64Process
K32GetModuleFileNameExW
K32GetProcessImageFileNameW
GetLogicalDriveStringsW
QueryDosDeviceW
CreateMutexW
K32EnumProcesses
TerminateProcess
GetLongPathNameW
GetExitCodeProcess
GetFullPathNameW
FindClose
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
GetShortPathNameW
GetDriveTypeW
GetDiskFreeSpaceExW
FlushFileBuffers
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
InitializeSListHead
LoadLibraryExW
CreateDirectoryW
GetStdHandle
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer

user32

TranslateMessage
DispatchMessageW
SendMessageW
CreateWindowExW
IsChild
DestroyWindow
UpdateLayeredWindow
IsZoomed
CharNextW
SetFocus
GetFocus
GetKeyState
SetCapture
ReleaseCapture
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
GetCursorPos
CreateCaret
GetCaretBlinkTime
SetCaretPos
ScreenToClient
MapWindowPoints
IntersectRect
UnionRect
IsRectEmpty
PtInRect
GetWindowLongW
SetWindowLongW
GetParent
GetClassNameW
GetWindow
MonitorFromWindow
wsprintfW
GetMessageW
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
EnableWindow
GetSystemMetrics
SetPropW
GetPropW
LoadCursorW
LoadImageW
wvsprintfW
SetCursor
InflateRect
OffsetRect
IsIconic
SetWindowRgn
MessageBoxW
GetMonitorInfoW
CharPrevW
DrawTextW
SetRect
DestroyIcon
DrawIconEx
GetIconInfo
GetMessagePos
ShowWindow
GetDlgCtrlID
DrawFocusRect
FillRect
HideCaret
ShowCaret
ClientToScreen
GetSysColor
GetWindowDC
GetWindowTextW
GetWindowTextLengthW
MoveWindow
InvalidateRgn
RemovePropW
FindWindowExW
IsWindowEnabled
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
BringWindowToTop
IsWindowVisible
SetForegroundWindow
SetWindowTextW
MonitorFromPoint
ReleaseDC
GetDC
SystemParametersInfoW
GetWindowRect
KillTimer
SetTimer
SetWindowPos
IsWindow
PostQuitMessage
PostMessageW
DefWindowProcW
CreateAcceleratorTableW

advapi32

RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegCreateKeyW
RegQueryValueExW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
RegEnumKeyExW

shell32

SHFileOperationW
SHChangeNotify
ord75
ord165
SHGetSpecialFolderPathW
SHGetKnownFolderPath
ShellExecuteExW
ShellExecuteW
SHCreateDirectoryExW

ole32

CLSIDFromProgID
CoTaskMemFree
OleLockRunning
CLSIDFromString
CoCreateInstance
CoCreateGuid
CreateStreamOnHGlobal
CoUninitialize
CoInitialize

oleaut32

SysFreeString
SysAllocStringLen
VariantClear
VariantInit
SafeArrayPutElement
SafeArrayCreate
SysStringLen
SysAllocString

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
StrStrIW
SHAutoComplete
wnsprintfW
PathIsPrefixW
PathIsDirectoryW
SHSetValueW
PathAppendW
PathCombineW
SHGetValueW
PathFileExistsW
StrCmpNIW
StrTrimA
StrStrIA
StrCmpIW
PathIsRelativeW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

gdiplus

GdipAlloc
GdipFree
GdipAddPathArcI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipSetPenDashStyle
GdipDrawImageRectI
GdipLoadImageFromStreamICM
GdipImageGetFrameDimensionsCount
GdipLoadImageFromFile
GdipDrawEllipseI
GdipAddPathArc
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipDrawLineI
GdipDrawRectangleI
GdipDrawPath
GdipCreatePath
GdipDeletePath
GdipClosePathFigure
GdipCreateTexture
GdipGetImagePixelFormat
GdipCloneImage
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipImageGetFrameDimensionsList
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipCloneBitmapAreaI
GdipDrawImageRectRectI
GdipDrawImagePointsI
GdipFillPath
GdipGraphicsClear
GdipSetInterpolationMode
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdiplusStartup
GdiplusShutdown
GdipFillEllipseI
GdipAddPathLineI

msimg32

GradientFill
AlphaBlend

comctl32

ImageList_DrawEx
ImageList_GetIconSize
_TrackMouseEvent
InitCommonControlsEx
ord17

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

setupapi

SetupIterateCabinetW

gdi32

SetTextColor
CreateDIBSection
GetDIBits
TextOutW
ExtTextOutW
CreateSolidBrush
GetObjectW
GetTextMetricsW
SelectObject
SetStretchBltMode
RestoreDC
Rectangle
GetStockObject
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetDeviceCaps
StretchBlt
SetWindowOrgEx
SetBkColor
ExtSelectClipRgn
SelectClipRgn
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreateRectRgnIndirect
CombineRgn
SaveDC
CreateRoundRectRgn
CreateDCW
SetBkMode
SetDIBColorTable
SetDIBitsToDevice
GetTextColor

Exports

Exports

BasicEntry
_BasicEntry@12

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d38f61fc11bd23509981cff235d78b7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

version

gdiplus

msimg32

comctl32

wininet

iphlpapi

urlmon

setupapi

gdi32

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 236KB - Virtual size: 236KB

.data Size: 23KB - Virtual size: 68KB

.rsrc Size: 3.6MB - Virtual size: 3.6MB

.reloc Size: 67KB - Virtual size: 67KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 236KB - Virtual size: 236KB

.data
Size: 23KB - Virtual size: 68KB

.rsrc
Size: 3.6MB - Virtual size: 3.6MB

.reloc
Size: 67KB - Virtual size: 67KB