3b29281e7553a698ee42e8cbb575d722e57885cb70fbde3f5676d0b3104b8a91

Sharing

Copy URL Twitter E-mail

General

Target

3b29281e7553a698ee42e8cbb575d722e57885cb70fbde3f5676d0b3104b8a91
Size

1.8MB
MD5

a352fad756556e7ea9e0efc1d0b28908
SHA1

277ef80ee3b77457134eed415117622021ff34df
SHA256

3b29281e7553a698ee42e8cbb575d722e57885cb70fbde3f5676d0b3104b8a91
SHA512

1909c6fbe825adfad04abe203779a3993d547b9dc6af389a878b70cfb065d90d64646f440452ffa3bce5b3f179f582b90e4604cb10b1a50f2bceefdee9e2b520
SSDEEP

24576:OzxihdP+tTn9uFx+sVKzJINHgX6Gv29H+o+OvP4sjfLs7kXdjzoKkHrIBk/JKkKp:/CuFx+KPViIBHkrKdffR6Of

Score

N/A

Malware Config

Signatures

Files

3b29281e7553a698ee42e8cbb575d722e57885cb70fbde3f5676d0b3104b8a91
.dll windows x86

3d5666a0d694e74006f33d52ca2cfd39

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

select
sendto
closesocket
bind
__WSAFDIsSet
inet_ntoa
socket
shutdown
gethostname
ntohl
getsockname
htons
ioctlsocket
gethostbyname
setsockopt
ntohs

tier0

?DevMsg@@YAXPBDZZ
?Lock@CThreadMutex@@QBEXXZ
MemAllocScratch
MemFreeScratch
DevMsg
g_pMemAlloc
Error
?Lock@CThreadMutex@@QAEXXZ
g_pVCR
Msg
GetCPUInformation
Warning

kernel32

GetSystemInfo
VirtualAlloc
VirtualProtect
SetEnvironmentVariableA
FindClose
FindNextFileA
FindFirstFileA
GetModuleFileNameA
GetModuleHandleA
GetSystemTime
GlobalUnlock
GlobalLock
VirtualQuery
HeapAlloc
GetProcessHeap
ExitThread
QueryPerformanceCounter
QueryPerformanceFrequency
LeaveCriticalSection
CreateEventA
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
TerminateThread
Sleep
SetEvent
SetLastError
GetLastError
CreateMutexA
ReleaseMutex
GlobalFree
GlobalAlloc
DeleteFileA
CopyFileA
CompareStringW
CompareStringA
CreateFileA
FlushFileBuffers
SetStdHandle
GetOEMCP
GetACP
InterlockedExchange
IsBadWritePtr
IsBadCodePtr
GetTimeZoneInformation
SetConsoleCtrlHandler
SetEndOfFile
GetLocaleInfoW
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCPInfo
GetDateFormatA
GetTimeFormatA
SetCurrentDirectoryA
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
WriteFile
LCMapStringW
LCMapStringA
SetFilePointer
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ReadFile
TlsGetValue
FileTimeToSystemTime
RaiseException
TlsSetValue
TlsFree
GetCurrentThread
TlsAlloc
FatalAppExitA
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
LoadLibraryA
FreeLibrary
InterlockedDecrement
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
WaitForSingleObject
FormatMessageA
IsBadReadPtr
ExitProcess
TerminateProcess
GetCurrentProcess
GetFileAttributesA
GetCurrentThreadId
GetCommandLineA
GetVersionExA
RtlUnwind
GetDriveTypeA
GetCurrentDirectoryA
GetFullPathNameA
FileTimeToLocalFileTime

user32

SetCursorPos
PostMessageA
GetWindowTextA
EnumWindows
FindWindowA
RegisterWindowMessageA
LoadImageA

gdi32

GetObjectA
CreateCompatibleDC
GetDIBits
DeleteDC
DeleteObject

steam_api

SteamAPI_Shutdown
SteamFriends
SteamUser

vstdlib

Q_strncmp
Q_StripExtension
Q_FileBase
KeyValuesSystem
Q_StripLastDir
Q_binarytohex
Q_FixSlashes
Q_ExtractFileExtension
Q_strncat
GetCVarIF
Q_strcasecmp
?Q_stristr@@YAPBDPBD0@Z
Q_IsAbsolutePath
Q_strnistr
Q_strnchr
RandomFloat
Q_strnicmp
Q_ExtractFilePath
Q_SetExtension
RandomInt
Q_snprintf
Q_strncpy
Q_vsnprintf
CommandLine

shlwapi

SHDeleteKeyA

advapi32

CryptGenRandom
CryptAcquireContextA
CryptReleaseContext
RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
RegSetValueExA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Exports

Exports

CreateInterface

Sections

.text
Size: 1.2MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 284KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3d5666a0d694e74006f33d52ca2cfd39

Headers

File Characteristics

Imports

wsock32

tier0

kernel32

user32

gdi32

steam_api

vstdlib

shlwapi

advapi32

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.1MB

.rdata Size: 284KB - Virtual size: 283KB

.data Size: 44KB - Virtual size: 175KB

.reloc Size: 136KB - Virtual size: 133KB

.text Size: 196KB - Virtual size: 196KB

.text
Size: 1.2MB - Virtual size: 1.1MB

.rdata
Size: 284KB - Virtual size: 283KB

.data
Size: 44KB - Virtual size: 175KB

.reloc
Size: 136KB - Virtual size: 133KB

.text
Size: 196KB - Virtual size: 196KB