EpicGamesLauncher[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

EpicGamesLauncher.exe
Size

31.2MB
MD5

ed644adf881f16e46ec0b9c1727c51be
SHA1

5763f4801a21ea2183e491c5096ca303d71d4056
SHA256

629ff508d7f95c72301d06f8f75c1ebc58d2d6d814b20c5d1cabb52b6b632a01
SHA512

6b24d951848f8576105a9d7fedbf8f5f452575397e5974ee9b069796b7ab749aa47b69c1b936a34576bcd3ad85807ff2e2a72ff7896eafc0252110f6e4979b49
SSDEEP

393216:/y9z7T1JjJgOktY3c9UR4RF4GQ6IkOeB55wVFRn5ePLC34IVSM9QVB+JTlyqWK:/E/mF4oOeC6qQKyzK

Score

N/A

Malware Config

Signatures

Files

EpicGamesLauncher.exe
.exe windows x64

Password: fhdufbsdufb

270fb4c4bc85f829b8236e00215e2bc4

Code Sign

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c3:d5:8b:0e:4a:89:b3:fd:b0:e7:9b:6d:e7:5b:e4:9d:1b:77:12:5a:02:52:d3:92:1b:ac:73:8e:92:10:3c:bf
Signer

Actual PE Digest

c3:d5:8b:0e:4a:89:b3:fd:b0:e7:9b:6d:e7:5b:e4:9d:1b:77:12:5a:02:52:d3:92:1b:ac:73:8e:92:10:3c:bf

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

09/12/2022, 15:49
Valid: true

Chain 1

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

3d:5d:75:25:08:cf:88:6d:7b:9d:b3:e0:59:b2:9d:83:86:47:1e:0f
Signer

Actual PE Digest

3d:5d:75:25:08:cf:88:6d:7b:9d:b3:e0:59:b2:9d:83:86:47:1e:0f

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

15/12/2022, 13:51
Valid: true

Chain 1

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
socket
gethostname
WSAStartup
WSACleanup
accept
InetNtopW
inet_addr
getnameinfo
freeaddrinfo
WSAEventSelect
WSAResetEvent
WSASetEvent
WSAIoctl
__WSAFDIsSet
getaddrinfo
gethostbyname
WSAWaitForMultipleEvents
WSASetLastError
shutdown
setsockopt
sendto
WSAAddressToStringW
WSAStringToAddressW
send
select
recvfrom
recv
ntohs
ntohl
listen
htons
htonl
getsockopt
getsockname
getpeername
ioctlsocket
connect
closesocket
bind
WSAGetLastError
getprotobyname

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

kernel32

CreateThread
GetCurrentThread
SetThreadPriority
SuspendThread
ResumeThread
GetProcessId
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
OpenProcess
GlobalMemoryStatusEx
GetSystemInfo
GetVersionExW
GetLogicalProcessorInformation
GetNativeSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FreeLibrary
GetModuleFileNameW
GetModuleHandleExW
GetProcAddress
LoadResource
LockResource
SizeofResource
FindResourceW
LoadLibraryW
SetThreadAffinityMask
FormatMessageW
lstrlenW
QueryFullProcessImageNameW
SetDllDirectoryW
GetDllDirectoryW
MoveFileW
GetComputerNameW
VerifyVersionInfoW
FileTimeToSystemTime
SystemTimeToFileTime
GetSystemPowerStatus
GetUserPreferredUILanguages
GetUserDefaultLocaleName
SetConsoleCtrlHandler
GetConsoleWindow
K32EnumProcessModules
K32GetProcessMemoryInfo
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
RtlCaptureStackBackTrace
GetProcessTimes
OpenThread
GetThreadContext
GetSystemTime
GetSystemTimeAsFileTime
GetLocalTime
InitializeSRWLock
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GlobalAlloc
GlobalFree
CancelIoEx
WaitForSingleObjectEx
ReadDirectoryChangesW
SetWaitableTimer
CreateWaitableTimerW
GetProcessHandleCount
GetVersion
GlobalUnlock
GlobalLock
GetLocaleInfoW
GetSystemDefaultLCID
GetConsoleScreenBufferInfo
SetConsoleScreenBufferSize
SetConsoleWindowInfo
SetConsoleTextAttribute
FreeConsole
AttachConsole
AllocConsole
MulDiv
GetExitCodeProcess
LocalAlloc
LocalFree
GetBinaryTypeW
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
QueryInformationJobObject
Module32FirstW
LoadLibraryExA
ConvertFiberToThread
RtlVirtualUnwind
WideCharToMultiByte
MultiByteToWideChar
CreateFiber
DeleteFiber
SwitchToFiber
InitializeCriticalSectionAndSpinCount
GetTimeFormatW
GetDateFormatW
SystemTimeToTzSpecificLocalTime
GetCurrencyFormatW
GetNumberFormatW
GetUserGeoID
GetGeoInfoA
GetTimeZoneInformation
GetLocaleInfoA
CreateFileMappingA
CreateFileA
GetThreadLocale
GetACP
VirtualQuery
InitializeSListHead
SwitchToThread
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
SetFilePointerEx
GetFileSize
CreateSemaphoreA
lstrlenA
ExitProcess
VerifyVersionInfoA
GetModuleHandleA
GetSystemDirectoryA
ExpandEnvironmentStringsA
WaitForMultipleObjects
SleepEx
InitializeCriticalSectionEx
GetTickCount64
FormatMessageA
ReadConsoleW
ReadConsoleA
GetTickCount
SetConsoleMode
GetConsoleMode
LoadLibraryA
ConvertThreadToFiber
GetCurrentThreadId
CreateFileW
GetDriveTypeW
GetLogicalDrives
CloseHandle
GetLastError
SetErrorMode
DeviceIoControl
QueryPerformanceCounter
GetCommandLineW
ReleaseMutex
WaitForSingleObject
CreateMutexW
GetModuleHandleW
InitializeCriticalSection
SetCriticalSectionSpinCount
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
TlsGetValue
TlsSetValue
GetFileAttributesW
CreateProcessW
GetStdHandle
GetFileType
WriteConsoleW
TlsAlloc
TlsFree
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
Sleep
CreateEventW
ReleaseSemaphore
ResetEvent
SetEvent
QueryPerformanceFrequency
PeekNamedPipe
SetThreadErrorMode
SetLastError
RaiseException
OutputDebugStringW
GetTempPathW
SetFileTime
SetFileAttributesW
SetEndOfFile
RemoveDirectoryW
GetLongPathNameW
GetFinalPathNameByHandleW
GetFileSizeEx
GetFileAttributesExW
GetDiskFreeSpaceExW
SetHandleInformation
FlushFileBuffers
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEnvironmentVariableW
GetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
VerSetConditionMask
ReadFile
WriteFile
GetOverlappedResult
CreatePipe

user32

GetRawInputDeviceList
SendMessageW
GetRawInputDeviceInfoA
RegisterRawInputDevices
GetRawInputData
GetWindowInfo
EnumDisplayMonitors
GetMonitorInfoW
RegisterWindowMessageW
MoveWindow
GetUserObjectInformationW
MonitorFromWindow
MonitorFromRect
MonitorFromPoint
SystemParametersInfoW
CreateIconIndirect
LoadImageW
LoadCursorFromFileW
SetWindowLongW
GetWindowLongW
ClipCursor
WindowFromPoint
ClientToScreen
GetCursorPos
SetCursor
MessageBoxW
MsgWaitForMultipleObjects
SetRect
DefWindowProcW
GetWindowRect
ScreenToClient
EnumWindows
GetTopWindow
GetWindowThreadProcessId
EnumDisplayDevicesW
MapVirtualKeyW
MsgWaitForMultipleObjectsEx
GetKeyboardLayout
DisableProcessWindowsGhosting
TranslateMessage
DispatchMessageW
SetForegroundWindow
RegisterClassExW
CreateWindowExW
DestroyWindow
RegisterClassW
UnregisterClassW
IsWindow
GetWindowLongPtrW
IsChild
VkKeyScanExW
GetParent
SetParent
GetLastInputInfo
GetShellWindow
SwitchToThisWindow
SetWindowTextW
SetWindowLongPtrW
LoadCursorW
LoadIconW
AllowSetForegroundWindow
PeekMessageW
RegisterHotKey
UnregisterHotKey
PostQuitMessage
SetWindowPos
IsWindowVisible
DialogBoxParamW
EndDialog
GetDlgItem
SetDlgItemTextW
GetProcessWindowStation
ShowWindow
SetLayeredWindowAttributes
FlashWindowEx
GetWindowPlacement
GetSystemMetrics
SetCursorPos
ShowCursor
AdjustWindowRectEx
GetClientRect
SetWindowPlacement
SetWindowRgn
ReleaseDC
GetDC
GetForegroundWindow
SetActiveWindow
UpdateWindow
EnableMenuItem
GetSystemMenu
IsWindowEnabled
EnableWindow
ReleaseCapture
SetCapture
GetCapture
RegisterTouchWindow
CloseTouchInputHandle
GetTouchInputInfo
SendInput
GetAsyncKeyState
GetKeyState
GetFocus
GetActiveWindow
SetFocus
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
IsZoomed
IsIconic

gdi32

CreateRoundRectRgn
CreateRectRgn
CreateFontIndirectW
CreateBitmap
GetTextExtentPoint32W
DeleteDC
CreateCompatibleDC
GetTextMetricsW
CreateFontW
SwapBuffers
SetPixelFormat
ChoosePixelFormat
DeleteObject
GetDeviceCaps
PtInRegion
SelectObject

comdlg32

ChooseFontW

advapi32

OpenProcessToken
SetSecurityDescriptorDacl
RegQueryInfoKeyA
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
CryptAcquireContextW
CryptReleaseContext
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptDestroyKey
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
RegQueryInfoKeyW
CreateProcessWithTokenW
LookupPrivilegeValueW
GetSidSubAuthority
DuplicateTokenEx
DuplicateToken
CreateWellKnownSid
CheckTokenMembership
AdjustTokenPrivileges
RegDeleteTreeW
RegDeleteKeyExW
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid
CryptSetHashParam
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
GetUserNameW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptGetProvParam
InitializeSecurityDescriptor

shell32

Shell_NotifyIconW
SHGetFolderPathW
SHGetKnownFolderPath
ShellExecuteW
SHGetSpecialFolderLocation
SHQueryUserNotificationState
ShellExecuteExW
SHCreateItemFromParsingName
SHChangeNotify

ole32

CoUninitialize
CoCreateInstance
CoCreateGuid
CoInitialize
GetRunningObjectTable
CreateBindCtx
CoSetProxyBlanket
ReleaseStgMedium
RevokeDragDrop
RegisterDragDrop
OleUninitialize
OleInitialize
CoTaskMemFree

oleaut32

VariantClear
VariantCopy
SysFreeString
SysAllocString

iphlpapi

IcmpCreateFile
GetAdaptersAddresses
IcmpCloseHandle
IcmpSendEcho
GetAdaptersInfo

setupapi

CM_Get_Device_IDW
SetupDiOpenDevRegKey
SetupDiGetClassDevsExW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo

dwmapi

DwmGetCompositionTimingInfo
DwmIsCompositionEnabled
DwmSetWindowAttribute
DwmExtendFrameIntoClientArea

imm32

ImmNotifyIME
ImmGetCompositionStringW
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmAssociateContext
ImmReleaseContext
ImmGetContext
ImmDestroyContext
ImmCreateContext
ImmGetProperty
ImmGetIMEFileNameW
ImmGetDescriptionW

crypt32

CertOpenStore
CertGetCertificateContextProperty
CryptMsgClose
CertOpenSystemStoreW
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertGetNameStringW
CryptMsgGetParam
CryptQueryObject
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetDefaultProxyConfiguration

wldap32

ord211
ord60
ord46
ord143
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord301
ord200
ord30

normaliz

IdnToAscii

xinput1_3

ord2
ord3

opengl32

glStencilFunc
glStencilMask
glScissor
glPolygonMode
glTexParameteri
glTexSubImage2D
glViewport
glTexEnvi
glGetString
glGenTextures
glEnable
glDisable
glDeleteTextures
glBlendFunc
glBindTexture
glAlphaFunc
wglMakeCurrent
wglGetProcAddress
wglDeleteContext
wglCreateContext
glStencilOp
glPixelStorei
glTexImage2D
glGetIntegerv

dxgi

CreateDXGIFactory1
CreateDXGIFactory

d3d11

D3D11CreateDevice

d3dcompiler_43

D3DReflect
D3DCompile

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Inf
?_Xbad_alloc@std@@YAXXZ
?uncaught_exception@std@@YA_NXZ
?_Ios_base_dtor@ios_base@std@@CAXPEAV12@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_BADOFF@std@@3_JB
??_7ios_base@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

powrprof

CallNtPowerInformation

wintrust

WinVerifyTrust

msi

ord141
ord88

bcrypt

BCryptGenRandom

vcruntime140

memmove
memset
__C_specific_handler
wcsstr
memcmp
strrchr
wcsrchr
wcschr
strstr
memchr
__std_terminate
longjmp
_CxxThrowException
__CxxFrameHandler3
strchr
__RTtypeid
__std_type_info_compare
__RTDynamicCast
__std_exception_copy
__std_exception_destroy
__intrinsic_setjmp
memcpy
_set_purecall_handler
_purecall

api-ms-win-crt-convert-l1-1-0

wcstod
wcstoul
_wtoi
_wtof
_wcstoui64
_wtoi64
atoll
_strtoi64
strtoll
atoi
wcstombs
atol
strtol
strtod
strtoul

api-ms-win-crt-math-l1-1-0

sinf
__setusermatherr
fabs
powf
fmod
floor
modf
asin
atan
atan2
cos
sin
sqrt
tan
_isnan
logf
ceil
pow
log
_finite

api-ms-win-crt-string-l1-1-0

iswpunct
strcmp
strcpy
strncmp
wcsncpy
strlen
isgraph
islower
isupper
iswdigit
strtok_s
iswspace
isalnum
iswupper
strpbrk
wcsncmp
isalpha
tolower
iswalpha
iswxdigit
iswlower
isxdigit
isprint
_strdup
strspn
strcspn
_strnicmp
_stricmp
isspace
iswalnum
strcat
isdigit
wcslen
strncpy
strncat

api-ms-win-crt-stdio-l1-1-0

_isatty
_open
clearerr
setbuf
_lseeki64
fputc
_close
_write
fputs
_read
_wfopen
__p__commode
__stdio_common_vsscanf
__stdio_common_vfprintf
ftell
fseek
feof
_fileno
fopen
__stdio_common_vsprintf
_setmode
fgets
fflush
__stdio_common_vfwprintf
__acrt_iob_func
__stdio_common_vswprintf
fwrite
fread
ferror
_set_fmode
fclose

api-ms-win-crt-utility-l1-1-0

bsearch
srand
rand
qsort

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
free
realloc
calloc

api-ms-win-crt-runtime-l1-1-0

raise
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
strerror_s
_register_onexit_function
signal
_crt_atexit
strerror
__sys_nerr
_endthreadex
exit
_cexit
_errno
terminate
_seh_filter_exe
_beginthreadex
_getpid
_set_app_type
_invalid_parameter_noinfo_noreturn
_get_narrow_winmain_command_line
_initterm
_initterm_e
_c_exit
_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64_s
_localtime64
_gmtime64
clock
_mktime64
__tzname
__daylight
_tzset
__timezone

api-ms-win-crt-filesystem-l1-1-0

_stat64
_stat32i64
_stat64i32
_fstat64i32
_fstat64
rename

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

NvOptimusEnablement
PrintScriptCallstack

Sections

.text
Size: 24.3MB - Virtual size: 24.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.uedbg
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 208KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: fhdufbsdufb

270fb4c4bc85f829b8236e00215e2bc4

Code Sign

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

c3:d5:8b:0e:4a:89:b3:fd:b0:e7:9b:6d:e7:5b:e4:9d:1b:77:12:5a:02:52:d3:92:1b:ac:73:8e:92:10:3c:bfSigner

Signature Validations

Verification

09/12/2022, 15:49 Valid: true

Chain 1

3d:5d:75:25:08:cf:88:6d:7b:9d:b3:e0:59:b2:9d:83:86:47:1e:0fSigner

Signature Validations

Verification

15/12/2022, 13:51 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

winmm

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

iphlpapi

setupapi

dwmapi

imm32

crypt32

winhttp

wldap32

normaliz

xinput1_3

opengl32

dxgi

d3d11

d3dcompiler_43

msvcp140

version

powrprof

wintrust

msi

bcrypt

vcruntime140

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

c3:d5:8b:0e:4a:89:b3:fd:b0:e7:9b:6d:e7:5b:e4:9d:1b:77:12:5a:02:52:d3:92:1b:ac:73:8e:92:10:3c:bf
Signer

09/12/2022, 15:49
Valid: true

3d:5d:75:25:08:cf:88:6d:7b:9d:b3:e0:59:b2:9d:83:86:47:1e:0f
Signer

15/12/2022, 13:51
Valid: true

.text
Size: 24.3MB - Virtual size: 24.3MB

.uedbg
Size: 180KB - Virtual size: 180KB

.rdata
Size: 5.2MB - Virtual size: 5.2MB

.data
Size: 208KB - Virtual size: 1.7MB

.pdata
Size: 1.1MB - Virtual size: 1.1MB

_RDATA
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 67KB - Virtual size: 66KB

.reloc
Size: 218KB - Virtual size: 217KB