General

Malware Config

Signatures

Files

• softaim-fortnite_132289.exe

  .exe windows x86

  ce996424fb05b44b06743a9b08f403fb

  
  

  Code Sign

  48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  25-05-2021 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a

  Certificate

  Issuer

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  Not Before

  22-03-2021 00:00

  Not After

  21-03-2036 23:59

  Subject

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  94:9b:b8:d4:dd:2e:4e:21:68:2a:13:02:9f:3a:98:38

  Certificate

  Issuer

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  Not Before

  10-02-2022 00:00

  Not After

  10-02-2023 23:59

  Subject

  CN=10sIT Oy,O=10sIT Oy,ST=Uusimaa,C=FI

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a

  Certificate

  Issuer

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Not Before

  21-09-2022 00:00

  Not After

  21-11-2033 23:59

  Subject

  CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  23-03-2022 00:00

  Not After

  22-03-2037 23:59

  Subject

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-08-2022 00:00

  Not After

  09-11-2031 23:59

  Subject

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0d:82:17:f8:81:1e:1b:7f:c0:b7:49:4e:e5:94:4a:82:1c:52:f5:22:56:d0:49:1f:92:b2:d0:e0:0e:8a:79:bf

  Signer

  Actual PE Digest

  0d:82:17:f8:81:1e:1b:7f:c0:b7:49:4e:e5:94:4a:82:1c:52:f5:22:56:d0:49:1f:92:b2:d0:e0:0e:8a:79:bf

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=10sIT Oy,O=10sIT Oy,ST=Uusimaa,C=FI

  23-09-2022 11:59

  Valid: true

  Chain 1

  CN=10sIT Oy,O=10sIT Oy,ST=Uusimaa,C=FI

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  gdi32

  BitBlt

  GetGlyphOutlineW

  DeleteDC

  CreateDIBSection

  CreateBitmap

  SetWorldTransform

  EnumFontFamiliesExW

  OffsetRgn

  CreateCompatibleDC

  GetTextExtentPoint32W

  DeleteObject

  RemoveFontMemResourceEx

  GetTextFaceW

  ExtTextOutW

  GetRegionData

  CreateDCW

  CreateCompatibleBitmap

  GetDIBits

  GetDeviceCaps

  GetFontData

  AddFontResourceExW

  GetTextMetricsW

  SelectObject

  RemoveFontResourceExW

  GetCharABCWidthsI

  SelectClipRgn

  CombineRgn

  SetBkMode

  GdiFlush

  GetStockObject

  GetObjectW

  GetOutlineTextMetricsW

  SetGraphicsMode

  CreateFontIndirectW

  GetCharABCWidthsFloatW

  AddFontMemResourceEx

  SetTextColor

  CreateRectRgn

  GetCharABCWidthsW

  SetTextAlign

  oleaut32

  SystemTimeToVariantTime

  VariantChangeType

  VariantInit

  SysAllocStringLen

  SysFreeString

  SysStringLen

  SysAllocString

  imm32

  ImmNotifyIME

  ImmGetDefaultIMEWnd

  ImmGetCompositionStringW

  ImmSetCandidateWindow

  ImmSetCompositionWindow

  ImmGetContext

  ImmReleaseContext

  winmm

  PlaySoundW

  kernel32

  GetSystemTimeAsFileTime

  GetTickCount

  InterlockedIncrement

  SleepEx

  GetTempPathW

  CreateFileMappingW

  GetFileType

  GetDriveTypeW

  GetCPInfo

  ExpandEnvironmentStringsW

  ReadFile

  GetLocaleInfoW

  GetCommandLineA

  GetCurrentProcessId

  EnterCriticalSection

  GetSystemDirectoryW

  FindFirstFileW

  GetCommandLineW

  VirtualFree

  TlsAlloc

  SetStdHandle

  GetEnvironmentVariableA

  GetVolumeInformationW

  SetEndOfFile

  GetSystemInfo

  SetEnvironmentVariableA

  FindNextFileW

  FormatMessageW

  UnmapViewOfFile

  CloseHandle

  ResumeThread

  LocalFree

  SetErrorMode

  GetStringTypeW

  GetOEMCP

  OutputDebugStringA

  PeekNamedPipe

  GlobalUnlock

  DeleteFileW

  SetFileAttributesW

  GetModuleFileNameW

  GetCurrentThread

  GetSystemTime

  LoadLibraryA

  InterlockedDecrement

  MapViewOfFile

  LeaveCriticalSection

  GlobalAlloc

  CheckRemoteDebuggerPresent

  GetFileAttributesW

  GetUserDefaultLCID

  ReleaseSemaphore

  CreateFileA

  HeapAlloc

  TlsSetValue

  SetFilePointerEx

  SetHandleCount

  CreateSemaphoreW

  lstrcmpW

  OpenFileMappingW

  WideCharToMultiByte

  OpenProcess

  GetStartupInfoW

  DeviceIoControl

  IsValidLanguageGroup

  CreateProcessW

  GetEnvironmentStringsW

  GetThreadPriority

  WaitForMultipleObjects

  MoveFileExW

  FindFirstFileExW

  SetUnhandledExceptionFilter

  CreateDirectoryW

  GetLocaleInfoA

  GetFileSize

  GetCurrentProcess

  WriteConsoleW

  DeleteFileA

  GetModuleHandleA

  QueryPerformanceCounter

  GetTimeFormatW

  GetTimeFormatA

  TlsGetValue

  HeapReAlloc

  InterlockedExchange

  GetCurrencyFormatW

  WriteFile

  GetACP

  MoveFileW

  ResetEvent

  FreeEnvironmentStringsW

  GetVersionExW

  OutputDebugStringW

  lstrlenA

  GetDateFormatA

  WaitForSingleObject

  CreateThread

  HeapSetInformation

  GetConsoleWindow

  SetThreadPriority

  VerSetConditionMask

  VirtualQuery

  GetProcAddress

  CreateFileW

  InitializeCriticalSectionAndSpinCount

  EncodePointer

  GetFileAttributesExW

  TlsFree

  HeapFree

  SystemTimeToTzSpecificLocalTime

  VerifyVersionInfoW

  CreateEventW

  GetTickCount64

  GetProcessHeap

  GetGeoInfoW

  GetLongPathNameW

  ExitProcess

  IsValidLocale

  GetConsoleCP

  GetTimeZoneInformation

  CopyFileW

  GetCurrentThreadId

  GetStdHandle

  ReleaseMutex

  IsDebuggerPresent

  QueryPerformanceFrequency

  Sleep

  FileTimeToLocalFileTime

  GetUserDefaultUILanguage

  EnumSystemLocalesA

  UnhandledExceptionFilter

  DecodePointer

  SetLastError

  GetUserGeoID

  RtlUnwind

  GetCurrentDirectoryW

  LoadLibraryW

  IsValidCodePage

  DeleteCriticalSection

  GetFileInformationByHandle

  RaiseException

  GetLocalTime

  FlushFileBuffers

  GlobalSize

  FindClose

  GetLastError

  TerminateProcess

  DuplicateHandle

  GetFileSizeEx

  GetLogicalDrives

  CompareStringW

  HeapSize

  FileTimeToSystemTime

  ExitThread

  TerminateThread

  RemoveDirectoryW

  GetUserDefaultLangID

  MultiByteToWideChar

  GetConsoleMode

  GetModuleHandleW

  GlobalLock

  InitializeCriticalSection

  SetEvent

  HeapCreate

  IsProcessorFeaturePresent

  GetFullPathNameW

  SetFilePointer

  GetModuleFileNameA

  CreateMutexW

  LCMapStringW

  GetDateFormatW

  FreeLibrary

  user32

  DestroyWindow

  RegisterWindowMessageW

  GetClientRect

  GetSysColorBrush

  PeekMessageW

  GetAsyncKeyState

  SetCapture

  PostMessageW

  GetFocus

  MsgWaitForMultipleObjectsEx

  GetKeyState

  DrawIconEx

  InvalidateRect

  FlashWindowEx

  KillTimer

  RegisterClassW

  MessageBoxW

  ChildWindowFromPointEx

  EnumDisplayMonitors

  RealGetWindowClassW

  SetClipboardViewer

  LoadIconW

  ReleaseCapture

  GetCursorInfo

  LoadImageW

  CreateCursor

  GetMessageExtraInfo

  SetFocus

  SetMenuItemInfoW

  GetQueueStatus

  ShowWindow

  HideCaret

  CallNextHookEx

  GetWindowRect

  DestroyCaret

  UnhookWindowsHookEx

  EnableMenuItem

  SetWindowRgn

  GetParent

  CreateWindowExW

  GetWindowLongW

  SetWindowTextW

  SystemParametersInfoW

  TrackPopupMenuEx

  GetAncestor

  CreateIconIndirect

  GetWindowTextW

  GetSystemMenu

  MapVirtualKeyW

  GetMenu

  SetWindowsHookExW

  DestroyCursor

  RegisterClassExW

  CreateCaret

  ClientToScreen

  RegisterClipboardFormatW

  BeginPaint

  UnregisterClassW

  GetKeyboardLayoutList

  GetIconInfo

  ToAscii

  IsChild

  IsIconic

  GetCapture

  AdjustWindowRectEx

  ToUnicode

  SetParent

  CharNextExA

  GetKeyboardState

  TranslateMessage

  GetWindowPlacement

  GetClipboardFormatNameW

  SendMessageW

  GetDC

  IsWindowVisible

  NotifyWinEvent

  GetCaretBlinkTime

  SetCursorPos

  DefWindowProcW

  EnumWindows

  SetWindowPos

  GetSysColor

  GetUpdateRect

  SetCursor

  GetDoubleClickTime

  ReleaseDC

  DestroyIcon

  GetWindowThreadProcessId

  GetSystemMetrics

  ChangeClipboardChain

  SetTimer

  GetMonitorInfoW

  MoveWindow

  SetWindowLongW

  ScreenToClient

  GetCursorPos

  GetClassInfoW

  SetForegroundWindow

  TrackMouseEvent

  GetDesktopWindow

  EndPaint

  DispatchMessageW

  SetCaretPos

  IsZoomed

  MessageBeep

  GetForegroundWindow

  shell32

  SHGetFileInfoW

  ShellExecuteW

  SHBrowseForFolderW

  SHGetPathFromIDListW

  SHGetMalloc

  SHGetSpecialFolderPathW

  ole32

  OleIsCurrentClipboard

  OleFlushClipboard

  OleGetClipboard

  ReleaseStgMedium

  RevokeDragDrop

  OleInitialize

  DoDragDrop

  CoTaskMemFree

  CoCreateGuid

  CoGetMalloc

  CoTaskMemAlloc

  CoCreateInstance

  OleSetClipboard

  CoLockObjectExternal

  RegisterDragDrop

  OleUninitialize

  CoUninitialize

  CoInitialize

  advapi32

  RegQueryInfoKeyW

  CryptHashData

  RegDeleteKeyW

  CryptAcquireContextW

  RegEnumKeyExW

  CryptEncrypt

  CryptCreateHash

  CryptGenRandom

  RegCreateKeyExW

  RegDeleteValueW

  CryptGetHashParam

  RegSetValueExW

  RegFlushKey

  RegQueryValueExW

  OpenProcessToken

  GetTokenInformation

  CryptReleaseContext

  RegCloseKey

  CryptDestroyKey

  CopySid

  RegEnumValueW

  CryptDestroyHash

  GetLengthSid

  CryptImportKey

  RegOpenKeyExW

  FreeSid

  ws2_32

  htons

  getsockopt

  getpeername

  socket

  connect

  WSASetLastError

  WSAResetEvent

  bind

  accept

  listen

  htonl

  sendto

  recvfrom

  select

  __WSAFDIsSet

  ioctlsocket

  gethostname

  ntohs

  getsockname

  setsockopt

  WSACloseEvent

  recv

  WSAEventSelect

  freeaddrinfo

  WSAWaitForMultipleEvents

  WSAEnumNetworkEvents

  getaddrinfo

  WSACreateEvent

  WSAStartup

  WSACleanup

  WSAGetLastError

  send

  closesocket

  WSAAsyncSelect

  WSAIoctl

  crypt32

  CertOpenStore

  CertFreeCertificateChain

  CertEnumCertificatesInStore

  CertFreeCertificateContext

  CryptQueryObject

  CryptDecodeObjectEx

  PFXImportCertStore

  CertFindCertificateInStore

  CertGetCertificateChain

  CertFindExtension

  CertAddCertificateContextToStore

  CryptStringToBinaryW

  CertCloseStore

  CertFreeCertificateChainEngine

  CertCreateCertificateChainEngine

  wldap32

  ord117

  ord216

  ord73

  ord301

  ord167

  ord79

  ord142

  ord46

  ord27

  ord127

  ord147

  ord133

  ord26

  ord208

  ord145

  ord219

  ord14

  ord41

  Exports

  Exports

  z_adler32

  z_adler32_combine

  z_adler32_combine64

  z_compress

  z_compress2

  z_compressBound

  z_crc32

  z_crc32_combine

  z_crc32_combine64

  z_deflate

  z_deflateBound

  z_deflateCopy

  z_deflateEnd

  z_deflateInit2_

  z_deflateInit_

  z_deflateParams

  z_deflatePrime

  z_deflateReset

  z_deflateSetDictionary

  z_deflateSetHeader

  z_deflateTune

  z_get_crc_table

  z_inflate

  z_inflateCopy

  z_inflateEnd

  z_inflateGetHeader

  z_inflateInit2_

  z_inflateInit_

  z_inflateMark

  z_inflatePrime

  z_inflateReset

  z_inflateReset2

  z_inflateSetDictionary

  z_inflateSync

  z_inflateSyncPoint

  z_inflateUndermine

  z_uncompress

  z_zError

  z_zlibCompileFlags

  z_zlibVersion

  Sections

  .text

  Size: 6.3MB - Virtual size: 6.3MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 2.5MB - Virtual size: 2.5MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 54KB - Virtual size: 73KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 3B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .qtmetad

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 67KB - Virtual size: 67KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 266KB - Virtual size: 265KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ