Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc
Overview
overview
10Static
static
39eb87c0b29...24.exe
windows7-x64
109eb87c0b29...24.exe
windows10-2004-x64
10$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3Areas/page111.ps1
windows7-x64
3Areas/page111.ps1
windows10-2004-x64
3NACAH.exe
windows7-x64
1NACAH.exe
windows10-2004-x64
3Nacah_Manu...EN.pdf
windows7-x64
3Nacah_Manu...EN.pdf
windows10-2004-x64
3WAVMIX32.dll
windows7-x64
3WAVMIX32.dll
windows10-2004-x64
3a.dll
windows7-x64
10a.dll
windows10-2004-x64
10setupwin2kXP.bat
windows7-x64
5setupwin2kXP.bat
windows10-2004-x64
5setupwin9x.bat
windows7-x64
4setupwin9x.bat
windows10-2004-x64
4Behavioral task
behavioral1
Sample
9eb87c0b29794234739b1fb08248b355eff2d7f73896186052c14894a49ab424.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
9eb87c0b29794234739b1fb08248b355eff2d7f73896186052c14894a49ab424.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Areas/page111.ps1
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
Areas/page111.ps1
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
NACAH.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
NACAH.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
Nacah_Manual_Win_EN.pdf
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
Nacah_Manual_Win_EN.pdf
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
WAVMIX32.dll
Resource
win7-20240708-en
Behavioral task
behavioral14
Sample
WAVMIX32.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
a.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
a.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
setupwin2kXP.bat
Resource
win7-20240729-en
Behavioral task
behavioral18
Sample
setupwin2kXP.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
setupwin9x.bat
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
setupwin9x.bat
Resource
win10v2004-20241007-en
Target
9eb87c0b29794234739b1fb08248b355eff2d7f73896186052c14894a49ab424.exe
Size
83.2MB
MD5
a157b97ebf2a03f99dbab4b3c5d5c58c
SHA1
dd5d1d5a2dbf11695fb37c23a14f7fd2cdc86fa3
SHA256
9eb87c0b29794234739b1fb08248b355eff2d7f73896186052c14894a49ab424
SHA512
4574a88f2e7c5a94d15978fcebe8e26a7401fbe8aa724e304732bd5035705b5890b0a30c063c3131bfa57cd01942fe3cd07be6669a7cb5659ea355ccfa1cb760
SSDEEP
1572864:cuSMmzLGvb7e7Qk/nTx+VloFnSejh2ceXktLRi6z7E005j9ES9m:clMmzE7e77/nTxSW8ejh2dXktLNz7E0j
Checks for missing Authenticode signature.
| resource |
|---|
| 9eb87c0b29794234739b1fb08248b355eff2d7f73896186052c14894a49ab424.exe |
| unpack001/$PLUGINSDIR/System.dll |
| unpack001/$PLUGINSDIR/nsDialogs.dll |
| unpack001/NACAH.exe |
| unpack001/WAVMIX32.dll |
| unpack001/a |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
RegEnumValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW
ShellExecuteExW
CoCreateInstance
OleUninitialize
OleInitialize
IIDFromString
CoTaskMemFree
ImageList_Destroy
ord17
ImageList_AddMasked
ImageList_Create
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
CreatePopupMenu
AppendMenuW
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
IsWindowEnabled
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CharPrevW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
CharNextA
wsprintfA
DispatchMessageW
CreateWindowExW
PeekMessageW
GetSystemMetrics
GetDeviceCaps
SetBkColor
SelectObject
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
lstrcmpiA
CreateFileW
GetTempFileNameW
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
WriteFile
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
Sleep
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
MulDiv
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
SetEnvironmentVariableW
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
GlobalAlloc
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError
wsprintfW
StringFromGUID2
CLSIDFromString
Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
lstrcpyW
GetFileAttributesW
lstrcmpiW
MulDiv
lstrlenW
HeapFree
GetProcessHeap
GetCurrentDirectoryW
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
HeapAlloc
SetCurrentDirectoryW
GetPropW
DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
RemovePropW
CharPrevW
GetWindowLongW
DrawTextW
GetWindowTextW
SetWindowLongW
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
MapDialogRect
GetClientRect
CharNextW
SendMessageW
DrawFocusRect
SetTextColor
SHBrowseForFolderW
SHGetPathFromIDListW
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
CoTaskMemFree
Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
__vbaVarTstGt
__vbaVarSub
ord690
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
ord588
__vbaStrVarMove
__vbaLateIdCall
__vbaLenBstr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
__vbaRecAnsiToUni
ord518
__vbaResume
__vbaStrCat
__vbaVarCmpNe
ord553
__vbaLsetFixstr
__vbaWriteFile
ord660
__vbaSetSystemError
ord662
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaVarCmpGe
__vbaLateMemSt
ord593
__vbaExitProc
__vbaVarForInit
ord300
ord594
ord301
ord595
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaFpR4
ord306
__vbaBoolVar
ord307
__vbaVarTstLt
__vbaBoolVarNull
__vbaFpR8
_CIsin
ord631
ord524
ord525
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord529
__vbaStrCmp
__vbaVarTstEq
__vbaI2I4
__vbaObjVar
DllFunctionCall
__vbaVarOr
__vbaCastObjVar
__vbaRedimPreserve
__vbaStrR4
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
__vbaStrToUnicode
__vbaInputFile
ord314
_adj_fprem
_adj_fdivr_m64
ord315
__vbaLateIdStAd
__vbaVarDiv
__vbaI2Str
ord316
ord530
ord608
__vbaVarCmpLe
__vbaFPException
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaDateVar
ord535
__vbaI2Var
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
__vbaR8Str
__vbaNew2
ord571
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
ord577
__vbaR8Var
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaI4Var
ord689
__vbaVarCmpEq
__vbaVarAdd
__vbaLateMemCall
__vbaVarDup
__vbaStrToAnsi
__vbaVerifyVarObj
__vbaFpI2
__vbaFpI4
__vbaVarCopy
ord616
__vbaVarTstGe
__vbaRecDestructAnsi
__vbaLateMemCallLd
__vbaR8IntI2
_CIatan
__vbaStrMove
ord618
__vbaCastObj
__vbaStrVarCopy
ord542
_allmul
ord544
__vbaLateIdSt
ord545
_CItan
ord546
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaR8FixI2
__vbaFreeObj
__vbaFreeStr
ord581
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
http://www.biblegamescompany.com/techsupport.htmlOCRSuspect/OCRSuspectVIRTUEOCRSuspectGAMESOCRSuspectMOCRSuspect3OCRSuspectL.OCRSuspect'OCRSuspect-dF*'OCRSuspectKiOCRSuspect*�-OCRSuspect-OCRSuspect-�
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
FindResourceA
GlobalLock
GlobalAlloc
FreeResource
lstrcpyA
lstrlenA
SizeofResource
LockResource
GlobalHandle
GlobalUnlock
GetPrivateProfileIntA
OpenFile
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
LocalFree
LocalAlloc
LoadResource
GlobalFree
GetEnvironmentStrings
VirtualFree
WideCharToMultiByte
GetCurrentThread
FatalAppExitA
ExitProcess
MultiByteToWideChar
EnterCriticalSection
DeleteCriticalSection
LeaveCriticalSection
GetLastError
WriteFile
GetStartupInfoA
GetFileType
GetStdHandle
GetCPInfo
GetOEMCP
GetACP
UnhandledExceptionFilter
VirtualAlloc
GetCurrentThreadId
GetModuleHandleA
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
GetVersion
GetProcAddress
GetCommandLineA
InitializeCriticalSection
wsprintfA
MessageBoxA
DestroyWindow
RegisterClassA
LoadCursorA
MessageBeep
DefWindowProcA
PostMessageA
CreateWindowExA
GetStockObject
waveOutRestart
waveOutGetNumDevs
waveOutGetDevCapsA
mmioOpenA
mmioAscend
mmioDescend
mmioRead
mmioClose
waveOutPause
sndPlaySoundA
waveOutOpen
waveOutReset
waveOutClose
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutGetPosition
timeGetTime
waveOutWrite
WaveMixActivate
WaveMixCloseChannel
WaveMixCloseSession
WaveMixConfigureInit
WaveMixFlushChannel
WaveMixFreeWave
WaveMixGetInfo
WaveMixInit
WaveMixOpenChannel
WaveMixOpenWave
WaveMixPlay
WaveMixPump
_DLLEntryPoint@12
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL
RegCloseKey
RegCreateKeyExA
RegSetValueExA
CloseHandle
CreateFileA
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
FreeLibrary
GetFileSize
GetLastError
GetModuleHandleA
GetProcAddress
GetTempFileNameA
GetTempPathA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
ReadFile
SetLastError
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WriteFile
lstrcatA
lstrcpyA
__p__iob
_amsg_exit
_initterm
_lock
_unlock
abort
calloc
free
fwrite
realloc
strlen
strncmp
vfprintf
ShellExecuteA
main
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ