TheWitcher2TrainerExternal[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

TheWitcher2TrainerExternal.exe
Size

551KB
MD5

1dc7610b6e640a87d82d2789c4c9ca73
SHA1

dba5b01fb5df9452fa6efbabba3a3590297feb71
SHA256

f8e0bdf3cd06bb9be12105b242b9aad24f60be87d72c2be74ebf1a8fe310ee26
SHA512

3525ed033616151484c4afa2c5b2699aabd97bb72580694d25305622e2fb1ed8d10f96c994cb6ce812c8031ca2b4ce6158683f7a036d1fa216faa4c35264fe9b
SSDEEP

12288:yucXCMLDccQ3ybyeyMyngwTY4Z+VnH0UNwAXNkS9Q3aiZ8o:yu0CMIcQEyeinWVnH0tMQ3ai/

Score

N/A

Malware Config

Signatures

Files

TheWitcher2TrainerExternal.exe
.exe windows x86

80a2fb4e88542624d128f065acae9b6c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

opengl32

glClear
glClearColor
glViewport

kernel32

OpenProcess
CreateToolhelp32Snapshot
Process32Next
CloseHandle
VirtualProtectEx
VirtualAllocEx
ReadProcessMemory
CreateRemoteThread
VirtualFreeEx
VirtualQueryEx
GetModuleHandleW
QueryPerformanceFrequency
QueryPerformanceCounter
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetCurrentProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
LoadLibraryA
WaitForSingleObject
GetFileInformationByHandleEx
GetLastError
AreFileApisANSI
GetFileAttributesExW
CreateFileW
CreateDirectoryW
GetCurrentDirectoryW
FormatMessageA
LocalFree
Module32First
Module32Next
WriteProcessMemory
Process32First
FreeLibrary
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
TerminateProcess
GetCurrentProcessId

user32

SystemParametersInfoW
RegisterDeviceNotificationW
EnumDisplaySettingsW
EnumDisplaySettingsExW
EnumDisplayDevicesW
ChangeDisplaySettingsExW
GetRawInputDeviceList
GetRawInputDeviceInfoA
TranslateMessage
DispatchMessageW
LoadImageW
RegisterClassExW
GetPropW
DefWindowProcW
TrackMouseEvent
ReleaseCapture
SetCapture
PtInRect
CopyIcon
GetKeyNameTextW
WindowFromPoint
LoadCursorW
SetCursor
SetCursorPos
GetCursorPos
ScreenToClient
ClipCursor
IsZoomed
IsWindowVisible
IsIconic
GetActiveWindow
GetWindowLongW
SetWindowLongW
BringWindowToTop
SetForegroundWindow
AdjustWindowRectEx
GetDC
ReleaseDC
ClientToScreen
CreateIconIndirect
GetClientRect
MessageBoxA
GetKeyState
PeekMessageW
GetMessageTime
OpenClipboard
SetWindowPos
SetPropW
CreateWindowExW
SetFocus
ShowWindow
GetWindowRect
MoveWindow
GetSystemMetrics
GetClassLongW
SendMessageW
DestroyWindow
CloseClipboard
GetAsyncKeyState
DestroyIcon
SetClipboardData
GetClipboardData
UnregisterClassW
EmptyClipboard
RemovePropW

gdi32

DeleteObject
SetDeviceGammaRamp
CreateBitmap
CreateDIBSection
DescribePixelFormat
SetPixelFormat
SwapBuffers
DeleteDC
GetDeviceCaps
CreateDCW

shell32

DragQueryPoint
DragFinish
DragAcceptFiles
ShellExecuteA
DragQueryFileW

msvcp140

_Query_perf_counter
_Thrd_sleep
_Query_perf_frequency
??Bid@locale@std@@QAEIXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Winerror_map@std@@YAHH@Z
?_Throw_C_error@std@@YAXH@Z
?_Syserror_map@std@@YAPBDH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
_Xtime_get_ticks
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Throw_Cpp_error@std@@YAXH@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Xlength_error@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ

imm32

ImmAssociateContextEx
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

wininet

DeleteUrlCacheEntry

urlmon

URLDownloadToFileA

winmm

PlaySoundA
waveOutSetVolume

vcruntime140

memmove
_CxxThrowException
_except_handler4_common
__current_exception_context
__current_exception
memcpy
memset
strchr
strstr
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
memchr
__std_terminate

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
__p___argv
__p___argc
_invalid_parameter_noinfo_noreturn
_errno
_initialize_onexit_table
_register_onexit_function
_c_exit
_crt_atexit
_controlfp_s
exit
_beginthreadex
terminate
_cexit
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_set_app_type
_seh_filter_exe

api-ms-win-crt-stdio-l1-1-0

__p__commode
ftell
feof
fopen_s
__acrt_iob_func
ferror
fflush
fclose
_get_stream_buffer_pointers
_fseeki64
fsetpos
ungetc
setvbuf
fgetpos
_set_fmode
fgetc
fputc
__stdio_common_vfprintf
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
fwrite
fseek

api-ms-win-crt-string-l1-1-0

strncpy
_strdup
strncmp

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

_set_new_mode
realloc
_callnewh
free
malloc
calloc

api-ms-win-crt-convert-l1-1-0

strtoll
strtod
strtol
atof
strtoull

api-ms-win-crt-math-l1-1-0

_libm_sse2_sin_precise
_libm_sse2_pow_precise
_libm_sse2_cos_precise
_libm_sse2_tan_precise
ceil
__setusermatherr
_libm_sse2_acos_precise
_dclass
_libm_sse2_sqrt_precise
_CIfmod
_CIsqrt
_dsign
ldexp

api-ms-win-crt-filesystem-l1-1-0

remove
_unlock_file
_lock_file

api-ms-win-crt-locale-l1-1-0

localeconv
___lc_codepage_func
_configthreadlocale

Sections

.text
Size: 429KB - Virtual size: 429KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80a2fb4e88542624d128f065acae9b6c

Headers

DLL Characteristics

File Characteristics

Imports

opengl32

kernel32

user32

gdi32

shell32

msvcp140

imm32

wininet

urlmon

winmm

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 429KB - Virtual size: 429KB

.rdata Size: 101KB - Virtual size: 101KB

.data Size: 3KB - Virtual size: 7KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 429KB - Virtual size: 429KB

.rdata
Size: 101KB - Virtual size: 101KB

.data
Size: 3KB - Virtual size: 7KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 16KB - Virtual size: 15KB