4110ab1905cf3df5ab8658a51fff12a1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4110ab1905cf3df5ab8658a51fff12a1_JaffaCakes118
Size

2.1MB
MD5

4110ab1905cf3df5ab8658a51fff12a1
SHA1

fee13d188cead658c95ca786132287a1c913a504
SHA256

b320aea40f225bb55ec215fca31e7824230cd4a325e689ed44666775d42e5017
SHA512

3b3be222ac46eda77f811fe44f1dd0d42e2c890c70caceef24023d539ebc6c981a4f186325eeefdc6aa583e36073a47d35e16039172d6ce5232a6015c5acb0d0
SSDEEP

49152:EXCj2hLzZ3a3BXrsc35KZ4gmoz/ZDb5ouUhb5cpw4J9cIt:+CKVVK3R35KZbrhVKhNca4Pl

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dnf_gamelamp/DNF_GameLamp.exe
unpack001/dnf_gamelamp/WinRAR.exe
unpack001/dnf_gamelamp/tools/173Double.dll
unpack001/dnf_gamelamp/tools/173Double32.exe
unpack001/dnf_gamelamp/tools/173Double64.exe
unpack001/dnf_gamelamp/tools/173d2t.exe
unpack001/dnf_gamelamp/update/fupdate.exe

Files

4110ab1905cf3df5ab8658a51fff12a1_JaffaCakes118
.rar
dnf_gamelamp/DNF_GameLamp.exe
.exe windows:4 windows x86 arch:x86

02a389137b0738757f4537de800c3f9e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersInfo

winmm

midiStreamStop
midiStreamOut
midiOutPrepareHeader
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutWrite
waveOutPause
waveOutReset
waveOutClose
waveOutGetNumDevs
waveOutOpen
midiOutUnprepareHeader
midiStreamOpen
midiStreamProperty
midiStreamRestart
midiStreamClose
midiOutReset

ws2_32

ioctlsocket
recvfrom
recv
getpeername
inet_ntoa
WSACleanup
closesocket
WSAAsyncSelect
accept

kernel32

LoadLibraryExA
MultiByteToWideChar
SetLastError
GetTimeZoneInformation
GetVersion
Beep
WideCharToMultiByte
InterlockedExchange
SetStdHandle
IsBadCodePtr
IsBadReadPtr
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
RaiseException
GetSystemTime
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetThreadLocale
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
FormatMessageA
LocalFree
InterlockedDecrement
InterlockedIncrement
CloseHandle
WaitForSingleObject
CreateProcessA
GetTickCount
GetCommandLineA
MulDiv
GetProcAddress
GetModuleHandleA
GetVolumeInformationA
SetVolumeLabelA
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateDirectoryA
CopyFileA
DeleteFileA
MoveFileA
GetFileAttributesA
SetFileAttributesA
FindClose
FindFirstFileA
GetTempPathA
GlobalUnlock
GlobalLock
GlobalAlloc
GetWindowsDirectoryA
ExpandEnvironmentStringsA
Sleep
CreateEventA
CreateThread
GetPrivateProfileStringA
WritePrivateProfileStringA
GetVersionExA
lstrlenW
lstrlenA
LoadLibraryA
FreeLibrary
GetFullPathNameA
GetUserDefaultLCID
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
GlobalReAlloc
GetDriveTypeA
GetLogicalDriveStringsA
FindNextFileA
lstrcpyA
WinExec
lstrcatA
InitializeCriticalSection
DeleteCriticalSection
GlobalFree
GlobalSize
ExitProcess
GetCurrentThreadId
GetModuleFileNameA
LockResource
LoadResource
FindResourceA
SetEvent
CreateFileA
WaitForMultipleObjects
GetLastError
ReadFile
WriteFile
TerminateProcess
GetTempFileNameA
SetFileTime
DosDateTimeToFileTime
GetLocalTime
SystemTimeToFileTime
GetCurrentProcess
DuplicateHandle
GetFileType
GetFileSize
SetFilePointer
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcpynA
lstrcmpiA
lstrcmpA
IsDBCSLeadByte
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA

user32

GetSystemMenu
IsZoomed
PostQuitMessage
CopyAcceleratorTableA
GetKeyState
TranslateAcceleratorA
IsWindowEnabled
ShowWindow
LoadImageA
EnumDisplaySettingsA
ClientToScreen
GetPropA
EnableMenuItem
GetSubMenu
GetDlgCtrlID
CreateAcceleratorTableA
CreateMenu
ModifyMenuA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
RegisterClipboardFormatA
SetRectEmpty
DispatchMessageA
MoveWindow
GetMessageA
WindowFromPoint
DrawFocusRect
DrawEdge
DrawFrameControl
TranslateMessage
LoadIconA
SystemParametersInfoA
CharUpperA
FrameRect
SetWindowsHookExA
CallNextHookEx
UnhookWindowsHookEx
GetWindowDC
EnumChildWindows
WindowFromDC
TabbedTextOutA
GrayStringA
DrawStateA
GetTabbedTextExtentA
GetMenuState
GetMenuStringA
GetMenuItemID
GetMenuItemCount
SetWindowTextA
UnregisterClassA
GetWindowTextA
GetDesktopWindow
GetClassNameA
GetDlgItem
DeleteMenu
GetClassInfoA
DefWindowProcA
GetMenu
LoadStringA
CopyIcon
CreateIconIndirect
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
InflateRect
SetRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
IsRectEmpty
ReleaseDC
IsChild
TrackPopupMenu
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
ValidateRect
InvalidateRect
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBeep
MessageBoxA
GetCursorPos
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
GetWindowTextLengthA
BeginPaint
EndPaint
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetLastActivePopup
GetMessageTime
RemovePropA
GetClassLongA
CreateWindowExA
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
CheckMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
wvsprintfA
CharNextA
SetWindowContextHelpId
MapDialogRect
GetSysColorBrush
GetNextDlgGroupItem
PostThreadMessageA
GetForegroundWindow
GetCursor
DrawTextA
SetPropA
GetIconInfo
CallWindowProcA
wsprintfA
WaitForInputIdle

gdi32

ExtSelectClipRgn
ExcludeClipRect
GetClipBox
SetPolyFillMode
SetROP2
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
GetViewportExtEx
GetMapMode
GetClipRgn
MoveToEx
LineTo
GetTextMetricsA
OffsetRgn
FrameRgn
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreatePenIndirect
RestoreDC
SaveDC
SetWindowOrgEx
SetTextColor
SetBkMode
SetBkColor
CreateRectRgnIndirect
CreateDIBSection
SetPixel
ExtCreateRegion
SetStretchBltMode
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette
GetDIBits
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
CreateBrushIndirect
CreateBitmap
SelectObject
CreatePen
PatBlt
FillRgn
CreateRectRgn
CombineRgn
CreateSolidBrush
CreateFontIndirectA
GetStockObject
GetObjectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
GetPixel
CreateCompatibleDC
SetPixelV
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
ScaleWindowExtEx

msimg32

GradientFill

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegQueryValueA
RegCreateKeyExA

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoGetClassObject
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
OleRun
CoCreateInstance
CLSIDFromString
OleUninitialize
OleInitialize
StgOpenStorageOnILockBytes

oleaut32

SysAllocStringLen
SysFreeString
UnRegisterTypeLi
OleCreateFontIndirect
OleCreatePictureIndirect
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayCreate
SysAllocString
VariantInit
VariantCopyInd
SafeArrayGetElement
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
VariantClear
VariantCopy
VariantTimeToSystemTime
SysStringLen
SysAllocStringByteLen
SafeArrayGetElemsize

odbc32

ord48
ord49
ord20
ord17
ord59
ord8
ord44
ord46
ord68
ord43
ord41
ord2
ord1
ord4
ord50
ord45
ord51
ord15
ord9
ord14
ord11
ord3
ord19
ord72
ord12
ord18
ord13
ord61
ord16
ord5
ord10
ord23

comctl32

ImageList_Draw
ImageList_SetBkColor
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_GetIcon
ImageList_Duplicate
ImageList_DrawIndirect
ImageList_Read
_TrackMouseEvent
ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

oledlg

ord8

comdlg32

ChooseColorA
GetFileTitleA
GetSaveFileNameA
ChooseFontA
GetOpenFileNameA

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 444KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
dnf_gamelamp/WinRAR.exe
.exe windows:5 windows x86 arch:x86

7afeffeb29069dfd84b5edb8c77245fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\WinRAR\build\winrar32\Release\WinRAR.pdb

Imports

comctl32

InitCommonControlsEx
ImageList_ReplaceIcon
ord8
CreateStatusWindowW
ImageList_Destroy
ImageList_Create
ImageList_Remove
ImageList_AddMasked
ImageList_Add
PropertySheetW

shlwapi

SHAutoComplete

kernel32

WriteFile
GetDriveTypeA
GetDiskFreeSpaceA
GetVolumeInformationA
GetFileAttributesA
SetFileAttributesA
SetFileAttributesW
MoveFileA
DeleteFileW
DeleteFileA
RemoveDirectoryA
RemoveDirectoryW
DeviceIoControl
CreateDirectoryA
CreateDirectoryW
GetCurrentDirectoryA
ExpandEnvironmentStringsW
FindNextFileA
FindFirstFileA
GetDiskFreeSpaceW
Sleep
GetVersionExW
CompareFileTime
FindCloseChangeNotification
FindFirstChangeNotificationW
GetLocaleInfoW
GetNumberFormatW
CreateThread
ExitThread
GetProcessAffinityMask
SetEvent
ResetEvent
WaitForMultipleObjects
CreateEventW
GetFullPathNameA
GetFullPathNameW
GetModuleFileNameA
GetCompressedFileSizeW
FindResourceW
SizeofResource
LoadResource
LoadLibraryExW
UpdateResourceW
EnumResourceLanguagesW
EndUpdateResourceW
EnumResourceNamesW
BeginUpdateResourceW
CompareStringA
SetThreadPriority
GetCurrentThread
SetPriorityClass
SetCurrentDirectoryA
WideCharToMultiByte
CompareStringW
IsDBCSLeadByte
GetCPInfo
GlobalMemoryStatus
GetVolumeInformationW
GetLogicalDrives
SetCurrentDirectoryW
GetStdHandle
SuspendThread
GetSystemTimeAsFileTime
GetDateFormatA
GetTimeFormatA
GetLocalTime
GetThreadPriority
GetPriorityClass
SetErrorMode
GetCommandLineW
GetCurrentProcessId
MulDiv
FindNextChangeNotification
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
GetVersion
HeapSize
GetConsoleMode
GetConsoleCP
SetHandleCount
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetModuleHandleA
HeapCreate
VirtualAlloc
VirtualFree
DeleteCriticalSection
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
GetCommandLineA
LeaveCriticalSection
EnterCriticalSection
SetStdHandle
RaiseException
RtlUnwind
HeapReAlloc
HeapFree
HeapAlloc
ReadFile
CreateFileA
GetFileType
GetFileTime
SetFilePointer
FlushFileBuffers
SetEndOfFile
SetFileTime
BackupSeek
BackupRead
CreateFileW
GetCurrentProcess
FormatMessageW
LocalFree
GetCurrentDirectoryW
CreateMutexW
ReleaseMutex
GetLastError
GlobalSize
GetProcessHeap
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MultiByteToWideChar
GetVersionExA
GetTickCount
GetSystemTime
SystemTimeToFileTime
CreateFileMappingW
WaitForSingleObject
OpenFileMappingW
MapViewOfFile
CloseHandle
UnmapViewOfFile
GetTempPathW
MoveFileW
GetModuleFileNameW
FindNextFileW
LoadLibraryW
CopyFileW
GetCurrentThreadId
FreeLibrary
LocalFileTimeToFileTime
GetTempPathA
ExpandEnvironmentStringsA
GetDriveTypeW
FileTimeToDosDateTime
FindFirstFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetTimeFormatW
GetDateFormatW
FindClose
DosDateTimeToFileTime
GetFileAttributesW
GetModuleHandleW
GetProcAddress
SetLastError
SetEnvironmentVariableA
ResumeThread

user32

IsChild
GetLastActivePopup
GetClipboardData
GetMenuItemID
PostQuitMessage
SetMenu
InsertMenuW
LoadMenuW
RegisterClassW
LoadAcceleratorsW
GetMenuState
IsDialogMessageW
SetPropW
FindWindowW
GetForegroundWindow
RegisterWindowMessageW
FindWindowExW
EnumWindows
CreateIcon
GetDlgItemTextA
SetDlgItemTextA
FlashWindow
ValidateRect
GetSysColor
CopyImage
FillRect
ExitWindowsEx
CharUpperA
CharLowerA
DrawIconEx
LoadStringW
GetWindow
SetMenuItemInfoW
RedrawWindow
GetComboBoxInfo
PostThreadMessageW
IsCharAlphaW
CharLowerW
OpenClipboard
EmptyClipboard
SetClipboardData
CharToOemA
CloseClipboard
MessageBeep
PeekMessageW
CharUpperW
GetFocus
SetForegroundWindow
EnableMenuItem
MoveWindow
CheckMenuItem
LoadBitmapW
InsertMenuItemW
BeginPaint
GetClientRect
EndPaint
SetTimer
KillTimer
UpdateWindow
IsWindow
SetWindowTextW
GetWindowTextLengthW
AppendMenuW
DrawMenuBar
GetMenu
GetSubMenu
DeleteMenu
GetMenuItemCount
GetMenuItemInfoW
CharToOemBuffW
ScreenToClient
ClientToScreen
CreateDialogParamW
SetScrollPos
ScrollWindowEx
PtInRect
LoadIconW
SetScrollRange
GetDialogBaseUnits
CreateDialogIndirectParamW
GetPropW
RemovePropW
GetSystemMenu
BringWindowToTop
SetWindowPlacement
GetMessageW
TranslateMessage
DispatchMessageW
GetIconInfo
CreateIconIndirect
IsCharUpperW
TranslateAcceleratorW
SendMessageW
SetFocus
CreateWindowExW
DestroyWindow
GetWindowTextW
DefWindowProcW
SetDlgItemTextW
CreatePopupMenu
SetWindowLongW
TrackPopupMenu
DestroyMenu
CallWindowProcW
RegisterClipboardFormatW
GetKeyState
LoadCursorW
SetCursor
WindowFromPoint
GetWindowThreadProcessId
GetDC
ReleaseDC
GetDesktopWindow
GetCursorPos
GetMonitorInfoW
GetWindowLongW
ShowWindow
EnableWindow
IntersectRect
IsIconic
GetWindowPlacement
GetSystemMetrics
IsWindowEnabled
SetDlgItemInt
GetDlgItemInt
IsDlgButtonChecked
EnumChildWindows
GetClassNameW
GetWindowRect
MapWindowPoints
SetWindowPos
InvalidateRect
GetParent
CheckDlgButton
PostMessageW
MessageBoxW
IsWindowVisible
OemToCharBuffA
CharToOemBuffA
DialogBoxParamW
SendDlgItemMessageW
DestroyIcon
GetDlgItem
OemToCharA
EndDialog
GetDlgItemTextW
LoadImageW

gdi32

GetDeviceCaps
LineTo
MoveToEx
DPtoLP
SetPixel
CreatePatternBrush
TextOutA
StretchBlt
GetMapMode
SetMapMode
Rectangle
CreateCompatibleBitmap
GetTextExtentPoint32W
SetBkColor
ExtTextOutW
BitBlt
GetObjectW
CreateCompatibleDC
GetPixel
DeleteDC
CreatePen
CreateSolidBrush
SetTextColor
TextOutW
Polygon
Polyline
SelectObject
GetTextFaceW
GetTextMetricsW
CreateFontW
CreateBitmap
DeleteObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError
ChooseFontW

advapi32

LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityA
SetFileSecurityW
GetSecurityDescriptorLength
GetFileSecurityA
GetFileSecurityW
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
IsTextUnicode
RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
AdjustTokenPrivileges

shell32

SHAddToRecentDocs
FindExecutableW
DragFinish
DragQueryFileW
DragAcceptFiles
Shell_NotifyIconW
ShellExecuteW
SHGetPathFromIDListA
SHGetFileInfoW
SHFileOperationW
ShellExecuteExW
SHGetMalloc
SHBrowseForFolderW
SHChangeNotify
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

OleUninitialize
OleInitialize
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
OleSetClipboard
DoDragDrop
CoInitializeEx

Sections

.text
Size: 737KB - Virtual size: 737KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 338KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dnf_gamelamp/changelog.txt
dnf_gamelamp/tools/173Double.dll
.dll windows:5 windows x86 arch:x86

5cf326632bc61598e630deb566dfe0a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibraryAndExitThread
GetCurrentProcess
WaitForSingleObject
GetModuleHandleW
GetCurrentThread
CreateRemoteThread
OpenProcess
VirtualFreeEx
GetProcAddress
VirtualAllocEx
Process32FirstW
GetExitCodeThread
Process32NextW
CreateToolhelp32Snapshot
CloseHandle
WriteProcessMemory
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess

msvcrt

free
_initterm
malloc
_adjust_fdiv
_wcsrev
wcsncmp
??3@YAXPAX@Z
wcsncpy
??2@YAPAXI@Z
memset

ntdll

ZwDuplicateObject
ZwProtectVirtualMemory
ZwQueryInformationProcess
NtOpenProcess
ZwAllocateVirtualMemory
ZwWriteVirtualMemory
_wcsicmp
ZwQuerySystemInformation
ZwQueryObject
ZwGetContextThread
ZwCreateThread
ZwResumeThread
ZwClose

Exports

Exports

DoubleExit
DoubleS

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dnf_gamelamp/tools/173Double32.exe
.exe windows:5 windows x86 arch:x86

d41ef38b3d5bd7dc74cf2637dc375b2c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryW
TerminateProcess
GetModuleFileNameW
GetProcAddress
VirtualAllocEx
Process32FirstW
GetExitCodeThread
Process32NextW
CreateRemoteThread
VirtualFreeEx
GetVersion
WriteProcessMemory
GetCurrentThread
GetModuleHandleW
WaitForSingleObject
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
CloseHandle
OpenProcess
GetCurrentProcess
CreateToolhelp32Snapshot
FreeLibrary

user32

PostQuitMessage
IsWindowVisible
MessageBoxW
FlashWindow
FindWindowExW
ShowWindow
EndDialog
SetParent
DialogBoxParamW

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

msvcrt

_wcsrev
_wcsicmp
wcsncpy
??3@YAXPAX@Z
wcsncmp
??2@YAPAXI@Z
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
memset

ntdll

NtOpenProcess
ZwQueryInformationProcess
ZwWriteVirtualMemory
ZwProtectVirtualMemory
ZwDuplicateObject
ZwClose
ZwQuerySystemInformation
ZwQueryObject
ZwGetContextThread
ZwCreateThread
ZwResumeThread
ZwAllocateVirtualMemory

comctl32

ord17

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dnf_gamelamp/tools/173Double64.exe
.exe windows:5 windows x64 arch:x64

e799580652611edc3abf8c08e9afcfe6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryW
TerminateProcess
GetModuleFileNameW
GetProcAddress
VirtualAllocEx
Process32FirstW
GetExitCodeThread
Process32NextW
CreateToolhelp32Snapshot
CloseHandle
GetVersion
WriteProcessMemory
GetCurrentThread
GetStringTypeW
MultiByteToWideChar
VirtualFreeEx
WideCharToMultiByte
HeapReAlloc
IsValidCodePage
GetOEMCP
GetACP
OpenProcess
CreateRemoteThread
GetModuleHandleW
WaitForSingleObject
GetCurrentProcess
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
HeapSize
Sleep
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
HeapSetInformation
LCMapStringW
GetCommandLineW
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetLastError
HeapFree
EncodePointer
DecodePointer
HeapAlloc
RaiseException
RtlPcToFileHeader
ExitProcess
WriteFile
GetStdHandle
RtlUnwindEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc

user32

SetWindowTextW
MessageBoxW
FlashWindow
FindWindowExW
ShowWindow
EndDialog
GetWindowTextW
SetParent
DialogBoxParamW
PostQuitMessage
IsWindowVisible

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

ntdll

ZwResumeThread
ZwCreateThread
wcsncpy
ZwGetContextThread
ZwQueryObject
ZwQuerySystemInformation
ZwClose
ZwDuplicateObject
ZwProtectVirtualMemory
ZwQueryInformationProcess
NtOpenProcess
ZwAllocateVirtualMemory
ZwWriteVirtualMemory
wcsncmp
_wcsicmp

comctl32

ord17

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dnf_gamelamp/tools/173d2t.exe
.exe windows:4 windows x86 arch:x86

1b437617359fd960c3114a42246bb9ff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
DuplicateHandle
lstrcpynA
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
GetCurrentProcess
GetFileSize
SetStdHandle
IsBadCodePtr
IsBadReadPtr
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
TerminateProcess
GetLocalTime
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
ReadFile
GetLastError
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetUserDefaultLCID
GetFullPathNameA
FreeLibrary
LoadLibraryA
lstrlenA
lstrlenW
GetVersionExA
WritePrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileA
FindClose
GetFileAttributesA
GetSystemTime
GetTimeZoneInformation
RaiseException
HeapSize
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
CreateProcessA
WaitForSingleObject
CloseHandle
lstrcmpiA
GlobalDeleteAtom
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
InterlockedIncrement

user32

WaitForInputIdle
wsprintfA
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
GetCursorPos
MessageBoxA
SetWindowPos
SendMessageA
DestroyCursor
SetParent
IsWindow
PostMessageA
GetTopWindow
GetParent
GetFocus
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
EqualRect
GetWindowRect
SetForegroundWindow
DestroyMenu
IsChild
ReleaseDC
IsRectEmpty
FillRect
GetDC
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon
IntersectRect
SetRect
InflateRect
SetScrollPos
SetScrollRange
GetScrollRange
SetCapture
GetCapture
ReleaseCapture
GetForegroundWindow
GetDesktopWindow
SystemParametersInfoA
TranslateMessage
LoadIconA
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetWindowTextA
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
UnregisterClassA
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
GetClassNameA
LoadStringA
GetSysColorBrush
GetSystemMenu
DeleteMenu
GetClassInfoA
DefWindowProcA
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer

gdi32

GetClipRgn
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette
GetDIBits
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
CreateBitmap
SelectObject
CreatePen
PatBlt
FillRgn
CreateRectRgn
CombineRgn
CreateSolidBrush
CreateFontIndirectA
SetStretchBltMode
GetObjectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ExcludeClipRect
MoveToEx
LineTo
ExtSelectClipRgn
CreateRectRgnIndirect
SetBkColor
GetStockObject
GetTextMetricsA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetViewportExtEx

winmm

midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueA
RegCreateKeyExA

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleInitialize
OleRun
OleUninitialize

oleaut32

VariantClear
VariantChangeType
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElement
VariantCopyInd
VariantInit
SysAllocString
SafeArrayDestroy
SafeArrayCreate
SafeArrayPutElement
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
UnRegisterTypeLi

comctl32

ImageList_Destroy
ord17

ws2_32

recvfrom
ioctlsocket
recv
getpeername
accept
WSAAsyncSelect
closesocket
WSACleanup
inet_ntoa

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA
ChooseColorA

Sections

.text
Size: 484KB - Virtual size: 482KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
dnf_gamelamp/tools/temp/Double.exe
.exe windows:4 windows x86 arch:x86

d2e3a21d809cfa9dfa6801f05816eb6e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:9e:74:6c:15:a8:5e:54:7a:fa:f6:a4:c3:27:7c:81
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

12/04/2011, 00:00

Not After

11/04/2013, 23:59

Subject

CN=fuzhou tian xia chuang shi digital Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=fuzhou tian xia chuang shi digital Co.\,Ltd,L=fuzhou,ST=fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a1:e0:b1:ca:30:c2:39:81:89:0a:97:98:bd:5d:0d:87:a6:b9:04:0c
Signer

Actual PE Digest

a1:e0:b1:ca:30:c2:39:81:89:0a:97:98:bd:5d:0d:87:a6:b9:04:0c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord641
ord4234
ord2575
ord4396
ord3574
ord6055
ord1776
ord5290
ord3402
ord3631
ord683
ord609
ord6052
ord1168
ord567
ord2135
ord818
ord2302
ord1200
ord2818
ord924
ord1768
ord3092
ord4299
ord4160
ord2863
ord2379
ord755
ord470
ord6199
ord5981
ord6453
ord535
ord4224
ord3226
ord939
ord858
ord4129
ord5683
ord2614
ord2642
ord2864
ord5875
ord3089
ord4476
ord861
ord1949
ord4034
ord4710
ord4998
ord4853
ord4376
ord5265
ord1134
ord2621
ord860
ord941
ord537
ord2514
ord800
ord540
ord815
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord823
ord825
ord1146
ord1576

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_mbscmp
wcscat
wcscmp
wcsstr
wcsncpy
_except_handler3
_splitpath
srand
rand
__CxxFrameHandler
wcsrchr
sprintf
_vsnprintf
_setmbcp
_controlfp

kernel32

OutputDebugStringA
OpenProcess
ReadFile
WriteFile
CreateFileA
WaitNamedPipeA
OpenMutexA
GetProcAddress
GetModuleHandleA
GetTickCount
DeviceIoControl
GetCurrentThreadId
GetCurrentProcessId
GetLastError
CloseHandle
TerminateThread
WaitForSingleObjectEx
CreateThread
FreeLibrary
GetPrivateProfileIntA
GetFileAttributesA
GetModuleFileNameA
WritePrivateProfileStringA
GetModuleFileNameW
GetStartupInfoA
GetCurrentProcess
LoadLibraryA
Sleep

user32

SetParent
ShowWindow
GetWindowThreadProcessId
IsWindow
RegisterHotKey
UnregisterHotKey
GetForegroundWindow
SetForegroundWindow
EnableWindow
GetWindowTextA
GetClassNameA
GetSystemMetrics
DrawIcon
GetSystemMenu
AppendMenuA
SendMessageA
GetClientRect
GetWindowRect
LoadIconA
FindWindowA
GetWindow
IsIconic

advapi32

AdjustTokenPrivileges
OpenProcessToken
CreateServiceA
CloseServiceHandle
DeleteService
OpenServiceA
OpenSCManagerA
QueryServiceStatusEx
StartServiceA
LookupPrivilegeValueA

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
dnf_gamelamp/tools/temp/Sync.ini
dnf_gamelamp/update/fupdate.exe
.exe windows:4 windows x86 arch:x86

e2618a8bf518ef2f0f31c317de86efe6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord1775
ord5280
ord4425
ord3597
ord4407
ord3402
ord3721
ord795
ord641
ord324
ord2301
ord2302
ord4234
ord6334
ord4710
ord3092
ord4476
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord2528
ord2621
ord1134
ord6592
ord5288
ord4439
ord2054
ord4431
ord3571
ord6568
ord6611
ord3873
ord6215
ord2642
ord5850
ord2575
ord2078
ord6880
ord5161
ord5160
ord4905
ord4742
ord6052
ord4948
ord4358
ord4377
ord4854
ord5287
ord4835
ord384
ord686
ord3996
ord2862
ord1168
ord2096
ord2818
ord2124
ord800
ord2582
ord4402
ord3370
ord3640
ord693
ord4243
ord3797
ord6696
ord858
ord6762
ord535
ord6654
ord2754
ord2714
ord4023
ord6877
ord5148
ord4694
ord3293
ord3021
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord2514
ord4998
ord4853
ord4376
ord5265
ord356
ord2770
ord6662
ord4129
ord668
ord1200
ord2243
ord1641
ord5981
ord2379
ord3870
ord2452
ord1640
ord2405
ord289
ord613
ord3920
ord5785
ord2112
ord6377
ord323
ord783
ord2864
ord1146
ord6197
ord2859
ord5875
ord3874
ord2421
ord4284
ord2860
ord5277
ord4275
ord2414
ord3663
ord3626
ord567
ord609
ord3574
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord4976
ord2982
ord640
ord3711
ord1576
ord1908
ord2915
ord924
ord4478
ord6320
ord1651
ord4258
ord6485
ord768
ord6487
ord6601
ord3706
ord3522
ord6403
ord6394
ord6383
ord5440
ord5450
ord2107
ord3475
ord2863
ord3138
ord4299
ord2882
ord6453
ord2867
ord2463
ord6242
ord1907
ord1133
ord4715
ord4804
ord4259
ord6374
ord5163
ord2385
ord5241
ord4396
ord1776
ord4078
ord6055
ord3619
ord540
ord860
ord5162
ord4202
ord2841
ord6490
ord6199
ord1175
ord537
ord823
ord2614
ord825
ord6529
ord6602

msvcrt

_onexit
atoi
strncpy
strncmp
__CxxFrameHandler
strstr
strrchr
_stat
_mbscmp
fclose
fwrite
fopen
localtime
time
_mkdir
fread
fprintf
_iob
strtok
mktime
fseek
_ftol
_mbsnbicmp
mbstowcs
_except_handler3
?terminate@@YAXXZ
__dllonexit
_setmbcp
_strnicmp
_stricmp
_fileno
_read
_close
_open
_strdup
_itoa
_stati64
_beginthreadex
_sys_nerr
strerror
getenv
fflush
_fstati64
gmtime
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_purecall
fgets
ftell
sscanf
fputs
isalpha
isalnum
isspace
strchr
tolower
calloc
realloc
free
malloc
strtoul
memmove
_pctype
__mb_cur_max
_isctype
qsort
strtol
fputc
_errno
memchr
_lseeki64
sprintf

kernel32

GetModuleHandleA
WaitForMultipleObjects
SetThreadPriority
lstrcpynA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
InitializeCriticalSection
GetCommandLineA
GetWindowsDirectoryA
CreateProcessA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetModuleFileNameA
CreateFileA
EnterCriticalSection
LeaveCriticalSection
SetEvent
GetLastError
GetTickCount
OpenProcess
TerminateProcess
CloseHandle
Sleep
CopyFileA
DeleteFileA
CreateThread
WaitForSingleObject
CreateEventA
SleepEx
SetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
DeleteCriticalSection
ReadFile
PeekNamedPipe
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
FormatMessageA
lstrcmpA
GetVersionExA
GetStartupInfoA

user32

MsgWaitForMultipleObjects
PeekMessageA
GetParent
DestroyCursor
GetWindowLongA
DrawFocusRect
InflateRect
CopyRect
DrawStateA
FillRect
OffsetRect
GetSysColor
TranslateMessage
LoadImageA
InvalidateRect
WindowFromPoint
ClientToScreen
SetCursor
EnableWindow
SetTimer
KillTimer
LoadBitmapA
GetWindowRect
GetDlgItem
GetFocus
ReleaseDC
GetDC
DispatchMessageA
LockWindowUpdate
MapWindowPoints
IsWindow
AdjustWindowRectEx
IsMenu
GetMenu
SetRectEmpty
GetSystemMetrics
GetClassNameA
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetWindowRgn
WindowFromDC
GetScrollInfo
SetWindowRgn
IntersectRect
RegisterWindowMessageA
EndPaint
BeginPaint
DrawFrameControl
DrawEdge
PtInRect
UnionRect
UpdateWindow
GetClientRect
ScreenToClient
GetMessagePos
PostMessageA
IsWindowVisible
SendMessageA

gdi32

GetCurrentObject
CreateFontIndirectA
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
SetBkColor
BitBlt
DeleteDC
GetObjectA
GetStockObject
DeleteObject
CreateRectRgn
CombineRgn
SetRectRgn
OffsetRgn
CreateRectRgnIndirect
ExtSelectClipRgn
GetClipRgn
SetBrushOrgEx
UnrealizeObject
LPtoDP
GetPixel
CreateBitmap
CreatePolygonRgn
RoundRect

shell32

SHGetFileInfoA

comctl32

ImageList_SetBkColor
ImageList_GetImageInfo
ImageList_AddMasked
_TrackMouseEvent
ImageList_GetBkColor

winmm

PlaySoundA

wldap32

ord41
ord27
ord301
ord33
ord200
ord79
ord35
ord32
ord30
ord26
ord50
ord60
ord145
ord213
ord22
ord46

ws2_32

closesocket
WSAGetLastError
send
recv
getsockname
WSAStartup
WSACleanup
ntohs
getsockopt
setsockopt
connect
socket
bind
htons
WSASetLastError
inet_ntoa
htonl
gethostbyname
inet_addr
getservbyname
gethostbyaddr
getservbyport
sendto
recvfrom
listen
accept
__WSAFDIsSet
select
ioctlsocket
gethostname
getpeername

Sections

.text
Size: 256KB - Virtual size: 253KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
dnf_gamelamp/update/fupdate.ini
dnf_gamelamp/version.ini

Sharing

General

Malware Config

Signatures

Files

02a389137b0738757f4537de800c3f9e

Headers

File Characteristics

Imports

iphlpapi

winmm

ws2_32

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

ole32

oleaut32

odbc32

comctl32

oledlg

comdlg32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 84KB - Virtual size: 444KB

.rsrc Size: 40KB - Virtual size: 39KB

7afeffeb29069dfd84b5edb8c77245fa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

shlwapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 737KB - Virtual size: 737KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 13KB - Virtual size: 338KB

.rsrc Size: 177KB - Virtual size: 176KB

.reloc Size: 47KB - Virtual size: 47KB

5cf326632bc61598e630deb566dfe0a1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

ntdll

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 968B

.rsrc Size: 1024B - Virtual size: 696B

.reloc Size: 512B - Virtual size: 448B

d41ef38b3d5bd7dc74cf2637dc375b2c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

ntdll

comctl32

Sections

.text Size: 6KB - Virtual size: 6KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 84KB - Virtual size: 444KB

.rsrc
Size: 40KB - Virtual size: 39KB

.text
Size: 737KB - Virtual size: 737KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 13KB - Virtual size: 338KB

.rsrc
Size: 177KB - Virtual size: 176KB

.reloc
Size: 47KB - Virtual size: 47KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 968B

.rsrc
Size: 1024B - Virtual size: 696B

.reloc
Size: 512B - Virtual size: 448B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 996B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 892B

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 8KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 964B

.text
Size: 484KB - Virtual size: 482KB

.rdata
Size: 84KB - Virtual size: 80KB

.data
Size: 64KB - Virtual size: 213KB

.rsrc
Size: 20KB - Virtual size: 19KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

20:9e:74:6c:15:a8:5e:54:7a:fa:f6:a4:c3:27:7c:81
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

a1:e0:b1:ca:30:c2:39:81:89:0a:97:98:bd:5d:0d:87:a6:b9:04:0c
Signer

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 8KB - Virtual size: 5KB