ad8cbf26a9940034fa40ae6f978094abfcb063e190b45db70feec5574a0d73f8

Sharing

Copy URL Twitter E-mail

General

Target

ad8cbf26a9940034fa40ae6f978094abfcb063e190b45db70feec5574a0d73f8
Size

1.2MB
MD5

39f504778a17c5e02b130d14d7197a96
SHA1

a7c93a5e05968ba228de77e672910b65a9365711
SHA256

ad8cbf26a9940034fa40ae6f978094abfcb063e190b45db70feec5574a0d73f8
SHA512

c102f63a478082f13c082b8225547b0cbe01bff0dfb539ce662c47f802ef084bd5e49554dcda40d6c8b5a237b483fac95a41850dd36e3c1897efda38e0874fbf
SSDEEP

12288:aMzkX8EjZ7wWT5l8GfJxmQU/EkLAummD4AHronjogyXOrf7V:alX8Ej1tlJYQCLMCronk/aV

Score

N/A

Malware Config

Signatures

Files

ad8cbf26a9940034fa40ae6f978094abfcb063e190b45db70feec5574a0d73f8
.exe windows x64

e589e23a5735048aa9fe9ad76f186f5a

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:31:61:0a:db:ed:ec:54:df:31:52:f3:cd:75:65:1d
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/06/2021, 00:00

Not After

20/06/2023, 23:59

Subject

CN=Techland S.A.,O=Techland S.A.,L=Ostrów Wielkopolski,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

34:3b:43:52:36:d5:11:fc:a9:f3:c6:35:bc:8a:80:22:a4:fe:f5:a2
Signer

Actual PE Digest

34:3b:43:52:36:d5:11:fc:a9:f3:c6:35:bc:8a:80:22:a4:fe:f5:a2

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Techland S.A.,O=Techland S.A.,L=Ostrów Wielkopolski,C=PL

04/02/2022, 11:06
Valid: true

Chain 1

CN=Techland S.A.,O=Techland S.A.,L=Ostrów Wielkopolski,C=PL

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcr100

?_type_info_dtor_internal_method@type_info@@QEAAXXZ
fmodf
__RTDynamicCast
expf
logf
log10f
tanf
powf
sinf
cosf
_fileno
_isatty
sprintf_s
clearerr
getc
atof
realloc
fwrite
ferror
fprintf
fread
_errno
__iob_func
strftime
strncpy
atoi
_vsnprintf
_strupr_s
_strlwr_s
_purecall
memmove
??_V@YAXPEAX@Z
_itoa
_splitpath
strcat_s
strtoul
??3@YAXPEAX@Z
strcpy_s
vsprintf_s
_snprintf
strstr
free
strncmp
sprintf
malloc
_stricmp
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__C_specific_handler
__getmainargs
_amsg_exit
memcpy
memset

kernel32

CloseHandle
SetProcessAffinityMask
GetProcessAffinityMask
GetCommandLineA
QueryPerformanceFrequency
SetThreadPriority
SetPriorityClass
GetThreadPriority
GetPriorityClass
SetThreadAffinityMask
GetCurrentThread
GetCurrentProcess
GetLogicalProcessorInformation
Sleep
GetStartupInfoW
EncodePointer
SetUnhandledExceptionFilter
DecodePointer
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
FindActCtxSectionStringW
GetDiskFreeSpaceExA
GetCurrentDirectoryA
CreateMutexA
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
SetLastError
GetLastError
CreateDirectoryA
DeactivateActCtx
GetModuleFileNameW
LoadLibraryW
ActivateActCtx
CreateActCtxW
QueryActCtxW
GetModuleHandleExW
lstrlenA
ExitProcess
LeaveCriticalSection
DuplicateHandle
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
OutputDebugStringA
GetVersionExA

steam_api64

SteamAPI_SetMiniDumpComment
SteamAPI_WriteMiniDump

sdl2

SDL_Quit
SDL_DestroyWindow
SDL_GL_DeleteContext
SDL_StopTextInput

user32

MessageBoxA
PeekMessageA
DispatchMessageA
GetSystemMetrics
LoadImageA
TranslateMessage

gdi32

DeleteObject

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

gamedll_x64_rwdi

ShutdownGameScriptDLL
InitializeGameScriptDLL

engine_x64_rwdi

?SteamTerminate@IGame@@SAXXZ
?SteamInitialize@IGame@@SA_NPEBDH@Z
?CheckForceLangParameter@IGame@@SA?AV?$string_base@D@ttl@@AEAV23@@Z
?GetDefaultSpeechID@IGame@@SA?AV?$string_base@D@ttl@@AEBV23@@Z
?GetDefaultLocaleID@IGame@@SA?AV?$string_base@D@ttl@@XZ
?GetFallbackSpeechID@IGame@@SA?AV?$string_base@D@ttl@@XZ
?GetFallbackLocaleID@IGame@@SA?AV?$string_base@D@ttl@@XZ
?OnPaint@IGame@@QEAAXXZ
?Initialize@IGame@@QEAAHPEADHPEAUHICON__@@1KKPEAVIProgressIndicator@@@Z
?SteamClientStarted@IGame@@SA_NXZ
UninitializeGameScript
HideSplashscreen
?GetAssetManager@@YAPEAUAssetManager@@XZ
?CreateMountHelper@Mount@@YAPEAVIMountHelper@1@PEBD00@Z
?DestroyMountHelper@Mount@@YAXPEAVIMountHelper@1@@Z
?SetLocaleID@IGame@@QEBA_NPEBD@Z
DumpRTTI
InitializeGameScriptFn
DestroyGame
?SetSpeechID@IGame@@QEBA_NPEBD_N@Z
?SetRootDirectory@IGame@@QEAA_NPEBD@Z
InitializeGameScript
ShowSplashscreen
Main
GetEngineDllVersion
CreateGame

filesystem_x64_rwdi

?does_dir_exist@fs@@YA_NPEBD@Z
?shutdown@fs@@YAXXZ
?WriteFullDump@@YAXKPEAU_EXCEPTION_POINTERS@@PEBD_NPEAD@Z
?exists@fs@@YA_NPEBD@Z
?init@fs@@YA_NPEBDW4ENUM@FFSAddSourceFlags@@0_N2PEAPEBD@Z
?CrashClose@@YAXXZ
?_CLogLevelFromId@@YA?AW4TYPE@ELevel@Log@@I@Z
?GetCategoryLevel@Settings@Log@@QEBA?AW4TYPE@ELevel@2@PEBD@Z
?Instance@Settings@Log@@SAAEAV12@XZ
?GetDumpFunction@@YAP6A?AW4TYPE@EDumpResult@@KPEAU_EXCEPTION_POINTERS@@@ZXZ
?g_SdlManager@@3PEAVSDL@@EA
??_7ifile@fs@@6B@
??_7file@fs@@6B@
?close@file@fs@@UEAAXXZ
?open@file@fs@@UEAA_NPEBDW4TYPE@EFSMode@@W4FLAGS@FFSOpenFlags@@@Z
?length@file@fs@@UEAA_KXZ
?read@file@fs@@UEAA_KPEAX_K@Z
??1file@fs@@UEAA@XZ
?_CLogV@@YAXW4TYPE@ELevel@Log@@PEBD1HW4ENUM@CLFilterAction@@W44CLLineMode@@1PEAD@Z
?_CLog@@YAXW4TYPE@ELevel@Log@@PEBD1HW4ENUM@CLFilterAction@@W44CLLineMode@@AEBV?$string_base@D@ttl@@@Z
?_CLog@@YAXW4TYPE@ELevel@Log@@PEBD1HW4ENUM@CLFilterAction@@W44CLLineMode@@1ZZ
?SetDumpFunction@@YAXP6A?AW4TYPE@EDumpResult@@KPEAU_EXCEPTION_POINTERS@@@Z@Z
?_CLogCategoryFromLabel@@YA?AV?$string_base@D@ttl@@I@Z
?_CLFilter@@YA?AW4ENUM@CLFilterAction@@I@Z
?GenerateDump@@YAHKPEAU_EXCEPTION_POINTERS@@@Z
?CrashShowMessageBox@@YAX_N@Z
?is_full_path@fs@@YA_NPEBD@Z

Sections

.text
Size: 258KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 549KB - Virtual size: 549KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bind
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e589e23a5735048aa9fe9ad76f186f5a

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

01:31:61:0a:db:ed:ec:54:df:31:52:f3:cd:75:65:1dCertificate

Extended Key Usages

Key Usages

34:3b:43:52:36:d5:11:fc:a9:f3:c6:35:bc:8a:80:22:a4:fe:f5:a2Signer

Signature Validations

Verification

04/02/2022, 11:06 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

msvcr100

kernel32

steam_api64

sdl2

user32

gdi32

advapi32

gamedll_x64_rwdi

engine_x64_rwdi

filesystem_x64_rwdi

Sections

.text Size: 258KB - Virtual size: 258KB

.rdata Size: 101KB - Virtual size: 101KB

.data Size: 14KB - Virtual size: 17KB

.pdata Size: 14KB - Virtual size: 13KB

.rsrc Size: 549KB - Virtual size: 549KB

.reloc Size: 8KB - Virtual size: 7KB

.bind Size: 231KB - Virtual size: 231KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

01:31:61:0a:db:ed:ec:54:df:31:52:f3:cd:75:65:1d
Certificate

34:3b:43:52:36:d5:11:fc:a9:f3:c6:35:bc:8a:80:22:a4:fe:f5:a2
Signer

04/02/2022, 11:06
Valid: true

.text
Size: 258KB - Virtual size: 258KB

.rdata
Size: 101KB - Virtual size: 101KB

.data
Size: 14KB - Virtual size: 17KB

.pdata
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 549KB - Virtual size: 549KB

.reloc
Size: 8KB - Virtual size: 7KB

.bind
Size: 231KB - Virtual size: 231KB