TombRaider[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

TombRaider.exe
Size

18.5MB
MD5

bdfb303dd87e28cb2e67fbccbc33fa82
SHA1

102a433af938baba220c9da0f8ad5e38fe5dbff1
SHA256

feb8794d763769d80d55da22ff718e011dc5185ebb502302a413b518392a9be9
SHA512

91be28f9790d9a7bd631b85b993319d489c166f215ba7233ae709ab68cf011a2f4d8903099254247a7d75b9966f4305e9f0e61cbadb74d0eb29a03ee19d4e623
SSDEEP

393216:4frMBxZzfgyJGh+5cye1P/nhgLfiV3jDPQ:4frMBHz45h+Cy+/nhgLfiV3jDP

Score

1^/10

Malware Config

Signatures

Files

TombRaider.exe
.exe windows x86

201389cece4faad84581275e2a86480d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesW
ExpandEnvironmentStringsW
GetTickCount
TerminateProcess
GetCurrentProcess
SuspendThread
GetCurrentThreadId
SetPriorityClass
SetThreadAffinityMask
GetVersionExW
GetCurrentDirectoryA
DuplicateHandle
SetUnhandledExceptionFilter
FindClose
FindFirstFileW
MultiByteToWideChar
MulDiv
GetLocalTime
GetProcAddress
LoadLibraryW
FreeLibrary
WideCharToMultiByte
InterlockedExchangeAdd
ReleaseSemaphore
InterlockedExchange
InterlockedCompareExchange
GetProcessAffinityMask
CreateSemaphoreW
RaiseException
lstrlenW
ReleaseMutex
CreateMutexA
ResetEvent
GetModuleFileNameA
GetModuleHandleA
LoadLibraryA
CreateMutexW
TlsAlloc
FlushFileBuffers
WriteFile
GetSystemTime
GlobalMemoryStatusEx
GetVersionExA
CreateFileW
GetCommandLineA
lstrlenA
SystemTimeToFileTime
GetDateFormatA
HeapFree
HeapAlloc
GetProcessHeap
GetModuleFileNameW
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjects
Sleep
GetFileAttributesExA
GetFileSize
CreateEventW
ResumeThread
SetFilePointer
ReadFile
GetLastError
CreateFileA
InterlockedDecrement
InterlockedIncrement
CreateEventA
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoA
GetCurrentProcessId
FormatMessageW
LocalFree
GetTimeZoneInformation
OpenFile
GetSystemDirectoryA
CreateWaitableTimerA
SetWaitableTimer
SetLastError
OpenEventA
ExitThread
CreateThread
GetCurrentThread
SetThreadPriority
GetThreadPriority
GetSystemInfo
VirtualQuery
VirtualFree
VirtualAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
OutputDebugStringA
SetEvent
WaitForSingleObject
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetGeoInfoA
ExitProcess
GetComputerNameA

user32

GetWindowLongW
IsIconic
SetWindowPos
AdjustWindowRectEx
ClientToScreen
GetClientRect
ShowWindow
ClipCursor
ShowCursor
GetKeyboardLayout
CharLowerBuffA
PostMessageW
MessageBoxW
SetForegroundWindow
SetFocus
GetClassNameW
GetForegroundWindow
GetSystemMetrics
MonitorFromWindow
EnumDisplaySettingsW
SetCursorPos
ScreenToClient
GetCursorInfo
SetWindowPlacement
SetWindowLongW
EnumDisplayMonitors
GetDC
DefWindowProcW
GetRawInputData
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
SendMessageW
EnumWindows
DestroyWindow
InsertMenuItemW
GetSystemMenu
CreateWindowExW
RegisterClassW
LoadCursorW
LoadIconW
mouse_event
GetCursorPos
MessageBoxA
SystemParametersInfoW
SetWindowTextW
EndDialog
SetTimer
SetWindowTextA
GetDlgItem
DialogBoxParamW
GetWindowRect
LoadBitmapW
DrawTextW
ReleaseDC
InvalidateRect
EndPaint
BeginPaint
GetUpdateRect
SetActiveWindow
UpdateWindow
RegisterClassExW
WaitMessage
wsprintfW
RegisterRawInputDevices
MapVirtualKeyExW
GetKeyNameTextW
GetDesktopWindow
UnregisterClassW
GetWindowPlacement
PostQuitMessage
PostThreadMessageW
DrawMenuBar
EnumDisplayDevicesW
SendDlgItemMessageW
EnableWindow
CheckDlgButton
SetPropA
GetSysColorBrush
IsDlgButtonChecked
GetPropA
EnumDisplayDevicesA

gdi32

CreateFontW
GetDeviceCaps
SetTextColor
SetBkMode
CreateCompatibleDC
SelectObject
BitBlt
SetStretchBltMode
StretchBlt
DeleteDC
GetObjectW
DeleteObject
GetStockObject
CreateCompatibleBitmap

advapi32

RegQueryValueExA
RegEnumKeyA
CryptGenRandom
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyA
CryptReleaseContext
CryptAcquireContextA

ole32

CoCreateInstance
PropVariantClear
CLSIDFromString
CoTaskMemFree
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoInitialize
CoSetProxyBlanket

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

ws2_32

WSACancelAsyncRequest
htonl
connect
inet_ntoa
send
recv
select
getsockname
gethostbyname
ntohl
listen
accept
setsockopt
socket
htons
bind
WSAWaitForMultipleEvents
WSAIoctl
WSARecvFrom
inet_addr
WSASendTo
WSASocketW
ntohs
WSACloseEvent
WSAResetEvent
WSAAsyncGetHostByName
WSAGetOverlappedResult
WSAGetLastError
WSACreateEvent
closesocket
WSAStartup
WSACleanup
ioctlsocket
shutdown

binkw32

_BinkGetTrackID@8
_BinkWait@4
_BinkDoFrame@4
_BinkShouldSkip@4
_BinkNextFrame@4
_BinkCopyToBuffer@28
_BinkSetVolume@12
_BinkOpenDirectSound@4
_BinkSetSoundSystem@8
_BinkSetSoundTrack@8
_BinkPause@8
_BinkClose@4
_BinkOpen@8

steam_api

SteamRemoteStorage
SteamNetworking
SteamMatchmaking
SteamUserStats
SteamAPI_UnregisterCallback
SteamAPI_RestartAppIfNecessary
SteamAPI_RunCallbacks
SteamAPI_IsSteamRunning
SteamApps
SteamAPI_SetMiniDumpComment
SteamAPI_WriteMiniDump
SteamAPI_Init
SteamAPI_UnregisterCallResult
SteamAPI_RegisterCallResult
SteamUser
SteamFriends
SteamUtils
SteamAPI_Shutdown
SteamAPI_RegisterCallback

winmm

waveInGetNumDevs
waveInMessage
waveInGetDevCapsW
mixerOpen
mixerGetDevCapsW
mixerGetLineInfoW
mixerGetLineControlsW
timeGetTime
mixerSetControlDetails
waveOutGetPosition
waveInAddBuffer
waveInPrepareHeader
waveInUnprepareHeader
waveOutGetNumDevs
waveOutGetDevCapsA
waveOutWrite
waveOutGetDevCapsW
waveInGetDevCapsA
waveInStart
waveOutClose
waveOutOpen
waveOutUnprepareHeader
waveOutReset
mixerGetControlDetailsW
waveInOpen
waveInClose
waveInReset
waveOutPrepareHeader

shell32

ShellExecuteW
SHAppBarMessage
SHGetFolderPathW

msvcp90

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

msvcr90

_clearfp
wcschr
_wtoi
_swprintf
isxdigit
_ftime64
_wstat64
_itoa_s
_controlfp_s
_strtoui64
localeconv
_wcsicmp
_strnicmp
_stricmp
_vswprintf
fwprintf
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_cexit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
strcspn
strspn
wcscoll
_wcsicoll
wcstoul
_snwprintf
sin
cos
strcpy
strcat
tan
_fullpath
pow
_endthreadex
fabs
sqrt
_mktime64
_fileno
_isatty
strncpy_s
_ftime64_s
memcmp
isalnum
strcpy_s
strcmp
strlen
_vsnprintf_s
wcsncpy
fflush
atol
swprintf_s
strtoul
vsprintf_s
wcsrchr
realloc
_vsnprintf
_CIlog10
_snprintf
_itoa
mbstowcs_s
_vsnwprintf_s
fseek
ftell
srand
_CIlog
_CIexp
sprintf_s
__CxxFrameHandler3
memmove_s
_recalloc
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
_invalid_parameter_noinfo
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
puts
tolower
_beginthreadex
atof
_CIasin
_CIfmod
swscanf
wcsstr
fwrite
setlocale
_ltoa
_vsnwprintf
getenv
_exit
fopen
fread
fclose
sscanf
_CIpow
ceil
memmove
strtok
atoi
_CIatan
abort
vsprintf
printf
_strlwr
_except_handler4_common
_snprintf_s
strncpy
memset
_purecall
strchr
strrchr
strstr
_CIsqrt
_time64
fprintf
malloc
memcpy
exit
strncat
sprintf
strtod
strtol
free
longjmp
clock
isdigit
isspace
qsort
__iob_func
toupper
calloc
floor
_setjmp3
strncmp
_CIacos
_CIatan2
_CIcos
_CIsin
_CItan
_isnan
_finite
rand
fscanf
_control87

wininet

InternetGetConnectedState
InternetOpenA
InternetOpenUrlA
InternetCloseHandle

shlwapi

SHRegGetUSValueA

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

crypt32

CertOpenSystemStoreA
CertGetNameStringA
CertCloseStore
CertEnumCertificatesInStore

msacm32

acmStreamOpen
acmFormatSuggest
acmStreamUnprepareHeader
acmStreamConvert
acmStreamPrepareHeader
acmStreamSize

Exports

Exports

NvOptimusEnablement

Sections

.text
Size: 9.5MB - Virtual size: 9.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 992KB - Virtual size: 991KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.5MB - Virtual size: 22.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shad
Size: 384KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 663KB - Virtual size: 662KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

201389cece4faad84581275e2a86480d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

ws2_32

binkw32

steam_api

winmm

shell32

msvcp90

msvcr90

wininet

shlwapi

version

crypt32

msacm32

Exports

Exports

Sections

.text Size: 9.5MB - Virtual size: 9.5MB

.rdata Size: 992KB - Virtual size: 991KB

.data Size: 4.5MB - Virtual size: 22.9MB

.shad Size: 384KB - Virtual size: 384KB

.rsrc Size: 2.5MB - Virtual size: 2.5MB

.reloc Size: 663KB - Virtual size: 662KB

.text
Size: 9.5MB - Virtual size: 9.5MB

.rdata
Size: 992KB - Virtual size: 991KB

.data
Size: 4.5MB - Virtual size: 22.9MB

.shad
Size: 384KB - Virtual size: 384KB

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

.reloc
Size: 663KB - Virtual size: 662KB