LEGOSTARWARSSKYWALKERSAGA_DX11[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

LEGOSTARWARSSKYWALKERSAGA_DX11.exe
Size

95.5MB
MD5

f721b5f716bc579a74f06a3f4820bc3a
SHA1

7288672bbaae62b9e6d85447db82f5903142172b
SHA256

0118e9d4d1e4677af30f33218d0772a6239e4c81c710104b99420b15ad34722b
SHA512

5f514007d506c2ad85b3f0b863ccbb9ef3a267c28de72475db790fb52452d41880ed54cdaae9f19640eca745a1c45d2b219cefc97cd44b92867c1a5d4dab1913
SSDEEP

786432:m0rNQCWOyU/mnNHIw8KGw3kUb+xaYWj6i:m0JXWC+JItQ3k5nWB

Score

1^/10

Malware Config

Signatures

Files

LEGOSTARWARSSKYWALKERSAGA_DX11.exe
.exe windows x64

6d1d63b2d606b4b5e1fa2c97554905e3

Code Sign

Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

01/09/2009, 00:00

Not After

31/12/2037, 23:59

Subject

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a9:21:c2:86:6b:a4:73:7d
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

11/08/2020, 13:31

Not After

20/09/2023, 13:06

Subject

CN=TT Games Studios Limited,O=TT Games Studios Limited,L=Knutsford,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

85:37:c1:6a:6a:7c:9d:bf:b0:d6:f9:48:3c:ea:8e:37:49:3b:64:3b
Signer

Actual PE Digest

85:37:c1:6a:6a:7c:9d:bf:b0:d6:f9:48:3c:ea:8e:37:49:3b:64:3b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=TT Games Studios Limited,O=TT Games Studios Limited,L=Knutsford,C=GB

07/02/2023, 20:39
Valid: true

Chain 1

CN=TT Games Studios Limited,O=TT Games Studios Limited,L=Knutsford,C=GB

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oo2core_8_win64

OodleLZ_Decompress

steam_api64

SteamInternal_ContextInit
SteamAPI_UnregisterCallback
SteamAPI_RunCallbacks
SteamAPI_Shutdown
SteamInternal_FindOrCreateUserInterface
SteamAPI_RegisterCallback
SteamAPI_Init
SteamAPI_RestartAppIfNecessary
SteamAPI_GetHSteamUser

advapi32

RegQueryInfoKeyW
RegOpenKeyExA
RegCloseKey
GetUserNameA
RegCreateKeyExA
RegSetValueExA
RegEnumValueA
RegEnumKeyExW
RegGetValueW
RegQueryValueExA
RegOpenKeyExW

dbghelp

StackWalk64
SymFromAddr
SymGetLineFromAddr64
SymSetOptions
SymCleanup
SymFunctionTableAccess64
SymGetModuleBase64
SymInitialize
MiniDumpWriteDump

gdi32

CreateCompatibleDC
BitBlt
CreateDIBSection
DeleteObject
DeleteDC
SelectObject

ole32

CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoInitialize
CoCreateGuid
PropVariantClear

oleaut32

SafeArrayGetElement
SysStringLen
SysFreeString
SysAllocString
VariantInit
VariantClear
VariantCopy
SafeArrayGetUBound
SafeArrayGetLBound

shell32

SHCreateDirectoryExA
ShellExecuteA
SHGetFolderPathA

user32

SetWindowPos
ShowWindow
GetSystemMetrics
MessageBoxA
PostMessageA
GetWindowThreadProcessId
SetFocus
SetForegroundWindow
AdjustWindowRect
GetWindowLongA
SetWindowLongA
EnumDisplaySettingsA
MonitorFromRect
GetMonitorInfoA
IsWindowVisible
GetForegroundWindow
GetDC
ReleaseDC
GetClientRect
ScreenToClient
MapVirtualKeyExA
GetKeyboardLayout
ToUnicodeEx
EnumDisplayDevicesW
EnumDisplaySettingsW
GetRawInputDeviceList
GetRegisteredRawInputDevices
RegisterRawInputDevices
GetRawInputDeviceInfoA
GetRawInputData
EnumDisplayMonitors
LoadIconA
LoadCursorA
IntersectRect
ClipCursor
SetCursor
ShowCursor
SetWindowTextA
UpdateWindow
MapVirtualKeyA
IsIconic
DestroyWindow
CreateWindowExA
RegisterClassExA
PostQuitMessage
DefWindowProcA
SendMessageA
PeekMessageA
DispatchMessageA
TranslateMessage
TrackMouseEvent
MonitorFromWindow
SystemParametersInfoA
EnumWindows
GetDesktopWindow
WindowFromPoint
ClientToScreen
GetWindowRect

winmm

timeEndPeriod
timeBeginPeriod
timeGetTime
timeGetDevCaps

ws2_32

inet_ntop
WSAGetLastError
WSAStartup
send
WSAEventSelect
socket
WSAEnumNetworkEvents
WSACreateEvent
gethostname
gethostbyname
htonl
connect
recvfrom
recv
ntohs
shutdown
setsockopt
bind
closesocket
ioctlsocket
getsockname
htons
inet_addr
sendto

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsExW
SetupDiOpenDevRegKey
SetupDiDestroyDeviceInfoList

hid

HidD_GetHidGuid
HidP_GetValueCaps
HidD_SetFeature
HidD_GetPreparsedData
HidD_GetAttributes
HidP_GetCaps
HidD_GetManufacturerString
HidD_GetProductString
HidD_GetFeature
HidD_GetSerialNumberString
HidD_FreePreparsedData

dxgi

CreateDXGIFactory

d3dcompiler_47

D3DReflect
D3DPreprocess

xinput1_3

ord2
ord4
ord3

dinput8

DirectInput8Create

wininet

HttpOpenRequestA
InternetCloseHandle
InternetConnectA
InternetReadFile
InternetWriteFile
HttpQueryInfoA
HttpEndRequestA
HttpSendRequestExA
InternetOpenA
InternetSetOptionA
InternetQueryOptionA
InternetQueryDataAvailable

xaudio2_8

ord3
ord4
ord2
ord1

amd_ags_x64

agsDeInitialize
agsInitialize

kernel32

GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
FreeLibraryAndExitThread
GetTempPathW
GetModuleHandleExW
ExitProcess
RtlPcToFileHeader
InterlockedPushEntrySList
RtlUnwindEx
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
InitializeSListHead
WaitForSingleObjectEx
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer
SwitchToThread
GetFullPathNameW
VerifyVersionInfoW
FindFirstFileExW
GetModuleHandleW
GetModuleFileNameW
IsValidCodePage
GetSystemDirectoryW
CreateSemaphoreW
WaitForMultipleObjects
CancelIo
FindNextFileW
FindNextFileA
FindClose
FileTimeToLocalFileTime
WriteFile
SetFilePointerEx
GetFileSizeEx
FlushFileBuffers
MultiByteToWideChar
SystemTimeToFileTime
FileTimeToSystemTime
ReadDirectoryChangesW
MoveFileW
MoveFileA
CancelIoEx
GetOverlappedResult
SetFileTime
RemoveDirectoryW
RemoveDirectoryA
GetLongPathNameA
GetFinalPathNameByHandleW
GetFinalPathNameByHandleA
GetFileInformationByHandle
GetFileAttributesExW
GetFileAttributesExA
GetFileAttributesW
FindFirstFileW
FindFirstFileA
DeleteFileW
DeleteFileA
CreateFileW
CreateDirectoryW
ReadFile
GetStdHandle
LocalAlloc
GetLogicalProcessorInformationEx
GlobalMemoryStatusEx
GetCurrentDirectoryW
WaitForMultipleObjectsEx
WideCharToMultiByte
SetFileAttributesA
GetUserDefaultLangID
GetUserGeoID
VerifyVersionInfoA
SetThreadExecutionState
SetThreadAffinityMask
TerminateProcess
CreateMutexA
ReleaseMutex
VerSetConditionMask
LoadLibraryA
GetACP
GetOEMCP
GetCommandLineW
WriteConsoleW
HeapSize
SetEndOfFile
SetStdHandle
FreeEnvironmentStringsW
GetProcAddress
FreeLibrary
SetLastError
GetEnvironmentStringsW
ProcessIdToSessionId
GetComputerNameA
GetSystemTime
K32GetModuleBaseNameA
FormatMessageA
LocalFree
GetModuleHandleA
LoadLibraryExW
HeapLock
GetModuleFileNameA
GetLocalTime
GetCurrentProcessId
GetLastError
GetTempPathA
GetFileAttributesA
CreateFileA
CreateDirectoryA
GetCurrentDirectoryA
RtlCaptureContext
SetUnhandledExceptionFilter
IsDebuggerPresent
ExpandEnvironmentStringsA
GetCommandLineA
GetCurrentThreadId
CreateSemaphoreA
ResumeThread
GetExitCodeThread
TerminateThread
ExitThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetCurrentProcess
RtlCaptureStackBackTrace
QueryPerformanceCounter
QueryPerformanceFrequency
GetProcessAffinityMask
SetProcessAffinityMask
OutputDebugStringA
HeapAlloc
HeapFree
GetProcessHeap
CloseHandle
RaiseException
HeapUnlock
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventA
Sleep
CreateThread
GetCurrentThread
SetThreadPriority

shlwapi

ord219

bink2w64

BinkSetWillLoop
BinkOpen
BinkDoFrame
BinkNextFrame
BinkWait
BinkClose
BinkCopyToBuffer
BinkSetVolume
BinkShouldSkip
BinkSetOSFileCallbacks
BinkSetMemory
BinkSetSoundTrack
BinkSetSoundSystem2
BinkOpenXAudio2

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo

Sections

.text
Size: 56.5MB - Virtual size: 56.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25.2MB - Virtual size: 25.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7.8MB - Virtual size: 13.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.shr
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d1d63b2d606b4b5e1fa2c97554905e3

Code Sign

Certificate

Key Usages

07Certificate

Key Usages

a9:21:c2:86:6b:a4:73:7dCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

85:37:c1:6a:6a:7c:9d:bf:b0:d6:f9:48:3c:ea:8e:37:49:3b:64:3bSigner

Signature Validations

Verification

07/02/2023, 20:39 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

oo2core_8_win64

steam_api64

advapi32

dbghelp

gdi32

ole32

oleaut32

shell32

user32

winmm

ws2_32

setupapi

hid

dxgi

d3dcompiler_47

xinput1_3

dinput8

wininet

xaudio2_8

amd_ags_x64

kernel32

shlwapi

bink2w64

iphlpapi

Sections

.text Size: 56.5MB - Virtual size: 56.5MB

.rdata Size: 25.2MB - Virtual size: 25.2MB

.data Size: 7.8MB - Virtual size: 13.5MB

.pdata Size: 2.4MB - Virtual size: 2.4MB

.shr Size: 512B - Virtual size: 16B

_RDATA Size: 3KB - Virtual size: 2KB

.gehcont Size: 512B - Virtual size: 20B

.rsrc Size: 2.2MB - Virtual size: 2.2MB

.reloc Size: 1.4MB - Virtual size: 1.4MB

07
Certificate

a9:21:c2:86:6b:a4:73:7d
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

85:37:c1:6a:6a:7c:9d:bf:b0:d6:f9:48:3c:ea:8e:37:49:3b:64:3b
Signer

07/02/2023, 20:39
Valid: true

.text
Size: 56.5MB - Virtual size: 56.5MB

.rdata
Size: 25.2MB - Virtual size: 25.2MB

.data
Size: 7.8MB - Virtual size: 13.5MB

.pdata
Size: 2.4MB - Virtual size: 2.4MB

.shr
Size: 512B - Virtual size: 16B

_RDATA
Size: 3KB - Virtual size: 2KB

.gehcont
Size: 512B - Virtual size: 20B

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

.reloc
Size: 1.4MB - Virtual size: 1.4MB