3c6805f5df259184eefca0242eec04de2dceec63b4ae50f932a40de0486d53c2

Sharing

Copy URL Twitter E-mail

General

Target

3c6805f5df259184eefca0242eec04de2dceec63b4ae50f932a40de0486d53c2
Size

207KB
MD5

f7ab907c8ead800b230ce539681b3a22
SHA1

c439f2d9b665029fe9cd9be4fe5541ee58f32aa1
SHA256

3c6805f5df259184eefca0242eec04de2dceec63b4ae50f932a40de0486d53c2
SHA512

0a14220b8642e829c83111e20d40c23d028caba5b776633cd79af8a22acdb292489ef2b44e6e614fbd5b55ddf9cbd6447cf5dd33c9c641cac6615275de917aba
SSDEEP

3072:VLU6mg34q8wZKhk2jAKbyU6v11rGQrLy2c9/ZtmQLyYtgOTk3Mg4s2JPLZHsU:VD8wZwAKev11r3LGVZtmQ8+VsWHsU

Score

N/A

Malware Config

Signatures

Files

3c6805f5df259184eefca0242eec04de2dceec63b4ae50f932a40de0486d53c2
.dll windows x86

c4b774d8c2d0f7cd2bb2c1690c47d426

Code Sign

72:5c:d0:77:c3:dd:c7:bc:15:32:02:bc:8a:b3:45:81:15:29:40:ac
Signer

Actual PE Digest

72:5c:d0:77:c3:dd:c7:bc:15:32:02:bc:8a:b3:45:81:15:29:40:ac

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

NO CERTIFICATE

01/01/0001, 00:00
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
GetDriveTypeW
GetCurrentThreadId
GetModuleFileNameA
VirtualQuery
HeapAlloc
GetProcessHeap
GetVersionExA
FoldStringW
IsBadStringPtrA
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
ReadFile
CloseHandle
FlushFileBuffers
WriteFile
GetLastError
CreateFileW
SetEndOfFile
SetFilePointer
LoadLibraryW
GetModuleHandleW
LeaveCriticalSection
EnterCriticalSection
GetFullPathNameA
SetEnvironmentVariableA
HeapFree
WriteConsoleW
CreateFileA
GetConsoleMode
GetConsoleCP
SetStdHandle
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentDirectoryW
GetStringTypeW
LCMapStringW
ExitProcess
SetLastError
TlsFree
GetCurrentDirectoryA
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsProcessorFeaturePresent
DeleteCriticalSection
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetModuleFileNameW
GetStdHandle
GetCommandLineA
GetSystemTimeAsFileTime
GetFullPathNameW
SetCurrentDirectoryA
RtlUnwind

user32

CharLowerBuffW

tier0_s

Plat_OutputDebugStringRaw
ThreadGetCurrentProcessId
g_ulLastCycleSample
g_cBadCycleCountReceived
Is64BitOS
WriteMiniDump
Plat_ExitProcess
g_dwDllEntryThreadId
Plat_OutputDebugString
??0CThreadSpinRWLock@@QAE@XZ
?UnlockRead@CThreadSpinRWLock@@QAEXXZ
?LockForRead@CThreadSpinRWLock@@QAEXXZ
?UnlockWrite@CThreadSpinRWLock@@QAEXXZ
?LockForWrite@CThreadSpinRWLock@@QAEXXZ
Warning
??1CThreadMutex@@QAE@XZ
??0CThreadMutex@@QAE@XZ
Msg
Plat_IsInDebugSession
?GetCurrentScope@CVProfile@@QAEPAXXZ
?GetCurrentNode@CVProfile@@QAEPAVCVProfNode@@XZ
?GetBudgetGroupID@CVProfNode@@QAEHXZ
?GetParent@CVProfNode@@QAEPAV1@XZ
?GetCurrentScope@CVProfNode@@QAEPAXXZ
?GetProfile@CVProfNode@@QAEPAVCVProfile@@XZ
?IsEnabled@CVProfile@@QBE_NXZ
?GetBudgetGroupName@CVProfile@@QAEPBDH@Z
?GetName@CVProfNode@@QAEPBDXZ
?EnterScope@CVProfile@@QAEXPBDH0_NPAX@Z
g_VProfile
CreateVProfile
g_VProfManager
?AddProfileForThread@CVProfManager@@QAEPAVCVProfileThreadEntry@@PAVCVProfile@@I@Z
?SetThreadEntry@CVProfile@@QAEXPAVCVProfileThreadEntry@@@Z
?Unlock@CThreadMutex@@QAEXXZ
?Lock@CThreadMutex@@QAEXXZ
?Set@CThreadLocalBase@@QAEXPAX@Z
?Get@CThreadLocalBase@@QBEPAXXZ
??0CThreadLocalBase@@QAE@XZ
??1CThreadLocalBase@@QAE@XZ
Plat_GetCommandLine
_DMsg
g_pMemAllocSteam
Error
?ClaimMemory@CValidator@@QAEXPAX@Z
?Push@CValidator@@QAEXPBDPAX0@Z
?Pop@CValidator@@QAEXXZ
AssertMsgImplementation
?ExitScope@CVProfile@@QAEXXZ

Exports

Exports

??0CCommandLineParam@@QAE@PBD0@Z
??0CGaussianRandomStream@@QAE@PAVIUniformRandomStream@@@Z
??0CUniformRandomStream@@QAE@ABV0@@Z
??0CUniformRandomStream@@QAE@XZ
??1CCommandLineParam@@QAE@XZ
??4CCommandLineParam@@QAEAAV0@ABV0@@Z
??4CGaussianRandomStream@@QAEAAV0@ABV0@@Z
??4CStringNormalization@@QAEAAV0@ABV0@@Z
??4CUniformRandomStream@@QAEAAV0@ABV0@@Z
??_7CUniformRandomStream@@6B@
??_FCGaussianRandomStream@@QAEXXZ
?AttachToStream@CGaussianRandomStream@@QAEXPAVIUniformRandomStream@@@Z
?Exists@CCommandLineParam@@QAE_NXZ
?Fold@CStringNormalization@@SAHPBGPAGH@Z
?GenerateRandomNumber@CUniformRandomStream@@AAEHXZ
?GetHParam@CCommandLineParam@@QAEHXZ
?Initialize@CStringNormalization@@SAXXZ
?Normalize@CStringNormalization@@SAH_NPBDPADH@Z
?Normalize@CStringNormalization@@SAH_NPBGPAGH@Z
?Q_UnicodeAdvance@@YAPADPADH@Z
?Q_UnicodeAdvance@@YAPAGPAGH@Z
?Q_UnicodeAdvance@@YAPAIPAIH@Z
?Q_UnicodeLength@@YAHPBD@Z
?Q_UnicodeLength@@YAHPBG@Z
?Q_UnicodeLength@@YAHPBI@Z
?Q_UnicodeRepair@@YAHPADW4EStringConvertErrorPolicy@@@Z
?Q_UnicodeRepair@@YAHPAGW4EStringConvertErrorPolicy@@@Z
?Q_UnicodeRepair@@YAHPAIW4EStringConvertErrorPolicy@@@Z
?Q_UnicodeValidate@@YA_NPBD@Z
?Q_UnicodeValidate@@YA_NPBG@Z
?Q_UnicodeValidate@@YA_NPBI@Z
?Q_stristr@@YAPBDPBD0@Z
?RandomChar@CUniformRandomStream@@UAEDXZ
?RandomFillMemory@CUniformRandomStream@@UAEXPAXI@Z
?RandomFloat@CGaussianRandomStream@@QAEMMM@Z
?RandomFloat@CUniformRandomStream@@UAEMMM@Z
?RandomInt@CUniformRandomStream@@UAEHHH@Z
?SetSeed@CUniformRandomStream@@UAEXH@Z
?Test_BValidateStructures@CStringNormalization@@SA_NXZ
?ValidateStatics@CStringNormalization@@SAXAAVCValidator@@PBD@Z
?m_bInitialized@CStringNormalization@@0_NA
BHanIdeograph
CanBeginLine
CanBreakBetween
CanBreakRepeated
CanEndLine
CommandLine
Coroutine_Cancel
Coroutine_Continue
Coroutine_Create
Coroutine_DebugBreak
Coroutine_GetCurrentlyActive
Coroutine_GetStackDepth
Coroutine_IsActive
Coroutine_IsAddressInOurStack
Coroutine_ReleaseThreadMemory
Coroutine_Test
Coroutine_ValidateGlobals
Coroutine_YieldToMain
CreateInterface
DebugStatsSystem
GetNameFromOSType
GetOSDetailString
GetOSType
GetPlatformFromOS
GetPlatformName
GetPlatformNameFromEPlatformType
InstallUniformRandomStream
KeyValuesSystemSteam
OSTypesAreCompatible
Q_AggressiveStripPrecedingAndTrailingWhitespace
Q_AggressiveStripPrecedingAndTrailingWhitespaceW
Q_AppendParamToURL
Q_AppendSlash
Q_BasicHtmlEntityEncode
Q_CbMakeAbsolutePath
Q_ComposeFileName
Q_CopyAndFixSlashes
Q_DefaultExtension
Q_ExtractDomainFromURL
Q_ExtractFileExtension
Q_ExtractFilePath
Q_FileBase
Q_FixSlashes
Q_FormatAndAppend
Q_FormatAndAppendTail
Q_FormatAndAppendV
Q_GetFileExtension
Q_HtmlEntityDecodeToUTF8
Q_IsAbsolutePath
Q_IsDeprecatedW
Q_IsMeanSpaceW
Q_IsValidUChar32
Q_JoinNumbers
Q_LocaleSpecificANSIToUTF8
Q_MakeAbsolutePath
Q_NormalizeUTF8
Q_NormalizeUTF8Old
Q_RemoveDotSlashes
Q_ReplaceBadFilenameCharacters
Q_ReplaceBadFilenameCharactersInPlace
Q_SetExtension
Q_SetURLParam
Q_SplitNumbers
Q_SplitString
Q_SplitString2
Q_StrLeft
Q_StrReplaceChar
Q_StrRight
Q_StrSlice
Q_StrSubst
Q_StrSubstInPlace
Q_StrTrim
Q_StripAndPreserveHTML
Q_StripExtension
Q_StripFilename
Q_StripHTML
Q_StripLastDir
Q_StripPrecedingAndTrailingWhitespace
Q_StripPrecedingAndTrailingWhitespaceW
Q_StripTrailingSlash
Q_StripUnprintable
Q_StripUnprintableW
Q_UChar32ToUTF16
Q_UChar32ToUTF16Len
Q_UChar32ToUTF8
Q_UChar32ToUTF8Len
Q_URLContainsDomain
Q_URLCracker
Q_URLDecode
Q_URLDecodeRaw
Q_URLEncode
Q_URLEncodeRaw
Q_UTF16ToUTF32
Q_UTF16ToUTF8
Q_UTF32ToUTF16
Q_UTF32ToUTF8
Q_UTF8ToUTF16
Q_UTF8ToUTF32
Q_UnqualifiedFileName
Q_atof
Q_atoi
Q_binarytohex
Q_hextobinary
Q_isnumeric
Q_isstrlower
Q_isvalidhex
Q_pretifymem
Q_pretifynum
Q_qsort_s
Q_snprintf
Q_snwprintf
Q_strcat
Q_strcmp_prefix
Q_stricmp_prefix
Q_stristr
Q_strnappend
Q_strnappend_strlen
Q_strncat
Q_strnchr
Q_strncmp
Q_strncpy
Q_strnicmp
Q_strnistr
Q_strnlen
Q_strtoi64
Q_strtoui64
Q_tolower
Q_toupper
Q_vsnprintf
Q_vsnprintfRet
Q_wcscat
Q_wcsncat
Q_wcsncpy
Q_wcsnicmp
Q_wcstoi64
Q_wcstoui64
RandomChar
RandomFillMemory
RandomFloat
RandomGaussianFloat
RandomInt
RandomSeed
RandomUint32
StringAfterPrefix
StringAfterPrefixCaseSensitive
VStdLib_GetICVarFactory
V_FixDoubleSlashes
V_FixupPathName
V_GetCurrentDirectory
V_MakeRelativePath
V_SetCurrentDirectory
_Q_atoi64
_Q_memcmp
_Q_memcpy
_Q_memmove
_Q_memset
_Q_strcmp
_Q_strcspn
_Q_stricmp
_Q_strlen
_Q_strlower
_Q_strpbrk
_Q_strrchr
_Q_strstr
_Q_strupr
_Q_wcscmp
_Q_wcslen
_Q_wcslower
_Q_wcsupr
_Q_wtoi
_Q_wtoi64
isbreakablewspace

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c4b774d8c2d0f7cd2bb2c1690c47d426

Code Sign

72:5c:d0:77:c3:dd:c7:bc:15:32:02:bc:8a:b3:45:81:15:29:40:acSigner

Signature Validations

Verification

01/01/0001, 00:00 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

tier0_s

Exports

Exports

Sections

.text Size: 133KB - Virtual size: 133KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 6KB - Virtual size: 71KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 14KB

72:5c:d0:77:c3:dd:c7:bc:15:32:02:bc:8a:b3:45:81:15:29:40:ac
Signer

01/01/0001, 00:00
Valid: false

.text
Size: 133KB - Virtual size: 133KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 6KB - Virtual size: 71KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 14KB