YakuzaKiwami[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

YakuzaKiwami.exe
Size

18.0MB
MD5

7eb3041d683a87b3f2ebe2cc2bb3234f
SHA1

a1eeb300d395b211919f36a38de9de0b5ce1d9df
SHA256

a720854f6b4ba0db00c218631af1b14f5e8c72fc4c517232e93fcd1a3a3286a5
SHA512

1a811182a46912f4dd9da3041ef097068288b69678e2ad1cbe60da48c2840c7a32ef19533e81d0c53f2cc1ce2c8da877f7d93d1557c71790de831b8ff2f1f90b
SSDEEP

196608:9fl0iT0aLLr1pgmBVCmj9fUCB7gaV6gDoRH6OifTE/93UbWmf/U:NGdaL9pgCCmj9fUiV6gDGH6c/EWmE

Score

1^/10

Malware Config

Signatures

Files

YakuzaKiwami.exe
.exe windows x64

ba955b62bc9dfdcd02e7a11a19c01db2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

xinput1_3

ord2

dxgi

CreateDXGIFactory1

steam_api64

SteamAPI_RegisterCallback
SteamAPI_RunCallbacks
SteamAPI_RestartAppIfNecessary
SteamAPI_Shutdown
SteamAPI_Init
SteamInternal_CreateInterface
SteamInternal_ContextInit
SteamAPI_GetHSteamUser
SteamAPI_GetHSteamPipe
SteamAPI_UnregisterCallback
SteamAPI_UnregisterCallResult

crypt32

CertFreeCertificateContext

ws2_32

htonl
htons
ntohl
ntohs
accept
bind
listen
setsockopt
socket
closesocket
connect
getsockname
recv
recvfrom
ioctlsocket
sendto
freeaddrinfo
getaddrinfo
WSAIoctl
getsockopt
getpeername
WSASetLastError
WSAGetLastError
WSACleanup
WSAStartup
gethostname
select
__WSAFDIsSet
send

kernel32

TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameW
GetProcessHeap
GetConsoleCP
GetStartupInfoW
ReadConsoleW
GetConsoleMode
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
AreFileApisANSI
GetModuleHandleExW
GetCurrentThreadId
QueryPerformanceCounter
QueryPerformanceFrequency
SetEvent
ResetEvent
WaitForSingleObject
OutputDebugStringA
MultiByteToWideChar
GetFileAttributesW
GetSystemInfo
CreateDirectoryW
CreateFileW
DeleteFileW
ReadFile
WriteFile
CloseHandle
GetLocalTime
SystemTimeToFileTime
GetDateFormatA
GetTimeFormatA
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
InitializeCriticalSection
FileTimeToLocalFileTime
GetFileInformationByHandle
GetModuleFileNameA
FileTimeToSystemTime
VirtualAlloc
VirtualFree
FindClose
FindFirstFileA
GetFileSize
GlobalMemoryStatusEx
FreeLibrary
LoadLibraryExW
GetCurrentProcess
VirtualProtect
TlsFree
GetModuleHandleA
GetProcAddress
lstrcmpiA
GetTickCount64
GetLastError
SetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
Sleep
SleepEx
VerSetConditionMask
GetSystemDirectoryA
LoadLibraryA
VerifyVersionInfoA
FormatMessageA
WaitForSingleObjectEx
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
CreateDirectoryA
CreateFileA
DeleteFileA
FlushFileBuffers
GetFileAttributesA
SetEndOfFile
SetFilePointer
MoveFileA
MoveFileW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
GetTickCount
GetProcessAffinityMask
GetCurrentDirectoryA
ReleaseSemaphore
CreateEventA
RaiseException
CreateThread
SetThreadAffinityMask
SetThreadPriority
ResumeThread
GetExitCodeThread
SetThreadExecutionState
FindNextFileA
InitializeCriticalSectionAndSpinCount
CreateSemaphoreA
_lopen
GetFileSizeEx
SetFilePointerEx
GetModuleHandleW
ReleaseMutex
SetPriorityClass
EncodePointer
DecodePointer
RtlLookupFunctionEntry
SetStdHandle
FindFirstFileExW
RtlUnwindEx
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
IsProcessorFeaturePresent
ExitThread
GetCurrentProcessId
HeapSize
RtlPcToFileHeader
GetCurrentThread
ExitProcess
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
HeapQueryInformation
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetStringTypeW
WriteConsoleW
OutputDebugStringW
GetTimeZoneInformation
SetEnvironmentVariableA
GetFullPathNameW
GetCurrentDirectoryW
WriteProcessMemory
GetThreadPriority

user32

GetWindowLongPtrW
SetWindowLongPtrW
GetFocus
GetParent
GetAsyncKeyState
GetActiveWindow
GetRawInputDeviceList
GetRawInputDeviceInfoA
BeginPaint
EndPaint
GetDesktopWindow
DestroyWindow
GetForegroundWindow
EnumWindows
GetMonitorInfoW
EnumDisplaySettingsW
SetWindowLongW
IsWindowVisible
SetWindowPos
PostMessageW
GetWindowTextA
SetWindowTextA
SetFocus
GetDlgItem
EndDialog
DialogBoxParamW
SendMessageW
OffsetRect
LoadIconW
LoadCursorW
AdjustWindowRectEx
SetWindowTextW
UpdateWindow
GetMenu
MoveWindow
ShowWindowAsync
ShowWindow
CreateWindowExW
InflateRect
ScreenToClient
ShowScrollBar
LockWindowUpdate
InvalidateRect
RegisterClassW
PostQuitMessage
DefWindowProcW
PeekMessageW
DispatchMessageW
TranslateMessage
RegisterRawInputDevices
GetCursorInfo
ReleaseDC
GetDC
SetForegroundWindow
PtInRect
ClientToScreen
ClipCursor
GetCursorPos
ShowCursor
GetWindowRect
GetClientRect
DrawTextA
GetSystemMetrics
GetRawInputData
GetDlgCtrlID
IsWindow
GetKeyboardLayout
EnumDisplayMonitors
EnumDisplayDevicesW
MessageBoxA
EnableMenuItem
GetSystemMenu
GetWindowLongW

gdi32

SelectObject
GetStockObject

advapi32

CryptGetHashParam
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptEncrypt
RegQueryValueExA
RegOpenKeyExA
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
CryptCreateHash
CryptImportKey

shell32

SHGetKnownFolderPath

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoSetProxyBlanket
CoInitialize
CoCreateGuid

oleaut32

SysFreeString
SysAllocString

xinput9_1_0

XInputSetState
XInputGetCapabilities

d3d11

D3D11CreateDevice

d3dcompiler_43

D3DReflect

shlwapi

PathFindExtensionW
PathFileExistsW
PathFindFileNameW

dbghelp

ImageDirectoryEntryToData

dinput8

DirectInput8Create

wldap32

ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord60
ord211
ord46
ord143

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 12.4MB - Virtual size: 12.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 12.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 724KB - Virtual size: 723KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 193B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bind
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba955b62bc9dfdcd02e7a11a19c01db2

Headers

DLL Characteristics

File Characteristics

Imports

xinput1_3

dxgi

steam_api64

crypt32

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

xinput9_1_0

d3d11

d3dcompiler_43

shlwapi

dbghelp

dinput8

wldap32

Exports

Exports

Sections

.text Size: 12.4MB - Virtual size: 12.4MB

.rdata Size: 3.3MB - Virtual size: 3.3MB

.data Size: 1.1MB - Virtual size: 12.9MB

.pdata Size: 724KB - Virtual size: 723KB

.tls Size: 512B - Virtual size: 193B

.rsrc Size: 256KB - Virtual size: 255KB

.bind Size: 175KB - Virtual size: 175KB

.text
Size: 12.4MB - Virtual size: 12.4MB

.rdata
Size: 3.3MB - Virtual size: 3.3MB

.data
Size: 1.1MB - Virtual size: 12.9MB

.pdata
Size: 724KB - Virtual size: 723KB

.tls
Size: 512B - Virtual size: 193B

.rsrc
Size: 256KB - Virtual size: 255KB

.bind
Size: 175KB - Virtual size: 175KB