DyingLightGame_x64_rwdi[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

DyingLightGame_x64_rwdi.exe
Size

1.9MB
MD5

c32cb71bb2abb588c587b10e106a1e18
SHA1

9eaa4a3c326959169dd745abc6f38f7a9a79ed34
SHA256

3a3740c5e4bb12aed1545e29888a228e3d3ee7c4ed033d257b4cbed05c0c9c37
SHA512

266b1ae1440e61856da6a5b9d093b56629a91d3f743f9e0e5b3231928a608c0eed3a86d618044d45cbd1d332ea8c1b0edadd44e3bea2aceebf2ed0fd68051ab1
SSDEEP

6144:uozjFqRmssM3F1q/QrG0IIdJC77JhmjtWv5BeI6/IHL8nAh8LX1gggggyd7q66CI:H8jvdJYvOov5k1wHL8nbBBbRjd

Score

1^/10

Malware Config

Signatures

Files

DyingLightGame_x64_rwdi.exe
.exe windows x64

3ed1581a876e00fad2d4dd9bd3284681

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

logger_x64_rwdi

?can_dispatch_log@logger@core@@YA_NAEBULogCategory@12@W4MessageVerbosity@12@@Z
?log_format@logger@core@@YAXW4LogOptions@12@AEBULogCategory@12@AEBULogLevel@12@V?$basic_string_view@DU?$char_traits@D@std@@@std@@Uformat_args@v5@fmt@@@Z
?log_format_assert@logger@core@@YAXULogLocation@12@V?$basic_string_view@DU?$char_traits@D@std@@@std@@11Uformat_args@v5@fmt@@@Z

filesystem_x64_rwdi

??_7file@fs@@6B@
?CrashClose@@YAXXZ
?CrashGetLogFileName@@YAPEBDXZ
?CrashSendAssertErrorToChute@@YAX_N@Z
?CrashShowMessageBox@@YAX_N@Z
?GenerateDump@@YAHKPEAU_EXCEPTION_POINTERS@@@Z
?GetBuildInfo@fs@@YAAEBV?$string_base@D@ttl@@PEAI@Z
?GetCategoryLevel@Settings@Log@@QEBA?AW4TYPE@ELevel@2@PEBD@Z
?GetDumpFunction@@YAP6A?AW4TYPE@EDumpResult@@KPEAU_EXCEPTION_POINTERS@@@ZXZ
?Instance@Settings@Log@@SAAEAV12@XZ
?IsBuildSealBroken@fs@@YA_NXZ
?SetDumpFunction@@YAXP6A?AW4TYPE@EDumpResult@@KPEAU_EXCEPTION_POINTERS@@@Z@Z
?WriteFullDump@@YAXKPEAU_EXCEPTION_POINTERS@@PEBD1_NPEAD@Z
?_CLFilter@@YA?AW4ENUM@CLFilterAction@@I@Z
?_CLog@@YAXW4TYPE@ELevel@Log@@PEBD1HW4ENUM@CLFilterAction@@W44CLLineMode@@1ZZ
?_CLogCategoryFromLabel@@YA?AV?$string_base@D@ttl@@I@Z
?_CLogLevelFromId@@YA?AW4TYPE@ELevel@Log@@I@Z
?_CLogV@@YAXW4TYPE@ELevel@Log@@PEBD1HW4ENUM@CLFilterAction@@W44CLLineMode@@1PEAD@Z
?acquire_game_infos@fs@@YA_NAEAV?$vectorm@$0DH@Ugames_info@fs@@V?$heap_allocator@Ugames_info@fs@@@vector_allocators@ttl@@$0A@@ttl@@@Z
?close@file@fs@@UEAAXXZ
?exists@fs@@YA_NPEBD@Z
?g_StringAllocator@@3PEAVCStringAllocator@@EA
?g_StringPool@@3PEAVCStringPool@@EA
?get_default_out_path@fs@@YAAEBV?$string_base@D@ttl@@XZ
?get_mount_setup@fs@@YAAEBUmount_setup@1@XZ
?init@fs@@YA_NPEBD@Z
?is_initialized@fs@@YA_NXZ
?join@path@fs@@YA?AV?$temp_string_base@D$0PA@@ttl@@V?$string_const@D@4@0@Z
?length@file@fs@@UEAA_KXZ
?mount_default_out@fs@@YAXP6A_NAEBUmount_path@1@GPEAX@Z1_N3@Z
?normalize@path@fs@@YA?AV?$temp_string_base@D$0PA@@ttl@@V?$string_const@D@4@@Z
?open@file@fs@@UEAA_NPEBDW4TYPE@EFSMode@@W43FFSOpenFlags@@@Z
?read@file@fs@@UEAA_KPEAX_K@Z
?shutdown@fs@@YAXXZ
?sp_control_thread_id@@3IA
?split@path@fs@@YA?AU?$pair@V?$temp_string_base@D$0PA@@ttl@@V12@@ttl@@V?$string_const@D@4@@Z
?utf8_to_wchar@path@fs@@YA?AV?$temp_string_base@_W$0PI@@ttl@@AEBV?$string_base@D@4@@Z
?wchar_to_utf8@path@fs@@YA?AV?$temp_string_base@D$0PA@@ttl@@AEBV?$string_base@_W@4@@Z

engine_x64_rwdi

?CreateMountHelper@Mount@@YAPEAVIMountHelper@1@AEBUmount_setup@fs@@@Z
?DestroyMountHelper@Mount@@YAXPEAVIMountHelper@1@@Z
?GetAssetManager@@YAPEAUAssetManager@@XZ
?Initialize@IGame@@QEAAHPEADHPEAUHICON__@@1AEBUInitializeOptions@Lobby@@KKPEAVIProgressIndicator@@UHandle@LivePP@@@Z
?OnPaint@IGame@@QEAAXXZ
?SetForceBakePrefabDataOnStart@IGame@@SAX_N@Z
?SetRootDirectory@IGame@@QEAA_NPEBD@Z
?Start@GameTimeMonitor@@YAXAEBV?$string_base@D@ttl@@@Z
?resolve_module_fullpath@engine@@YA?AV?$string_base@D@ttl@@V23@@Z
?s_ForceBakeData@CStorage@ps@cbs@@0_NA
?set_module_resolver@engine@@YAXAEAVResolver@modules@core@@@Z
?unset_module_resolver@engine@@YAXXZ
CreateGame
DestroyGame
GetEngineDllVersion
HideSplashscreen
InitializeGameScript
Main
ShowSplashscreen
UninitializeGameScript

kernel32

CloseHandle
CreateDirectoryW
CreateEventW
CreateMutexA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
FreeLibrary
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceExA
GetLastError
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetStartupInfoW
GetSystemInfo
GetSystemTimeAsFileTime
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InitializeSRWLock
IsDebuggerPresent
IsProcessorFeaturePresent
LeaveCriticalSection
LoadLibraryExA
LocalFileTimeToFileTime
LocalFree
QueryPerformanceCounter
RaiseException
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetEvent
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TerminateProcess
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObjectEx
lstrlenA

user32

DispatchMessageA
GetSystemMetrics
LoadImageA
MessageBoxA
PeekMessageA
TranslateMessage

gdi32

DeleteObject

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

memdump_x64_rwdi

mdFrameAlloc
mdFrameRealloc

msvcp140

??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
??Bid@locale@std@@QEAA_KXZ
??_7_Facet_base@std@@6B@
??_7facet@locale@std@@6B@
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?id@?$numpunct@D@std@@2V0locale@2@A

vcruntime140

_CxxThrowException
__C_specific_handler
__CxxFrameHandler3
__RTDynamicCast
__std_terminate
_purecall
memchr
memcmp
memcpy
memmove
memset
strchr
strstr

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__stdio_common_vfprintf
__stdio_common_vsnprintf_s
__stdio_common_vsprintf
__stdio_common_vsprintf_s
_fileno
_isatty
_set_fmode
clearerr
ferror
fread
fwrite
getc

api-ms-win-crt-heap-l1-1-0

_aligned_free
_aligned_malloc
_set_new_mode
calloc
free
malloc
realloc

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
_create_locale
_free_locale
localeconv

api-ms-win-crt-math-l1-1-0

__setusermatherr
_dsign
_dtest
_ldsign
_ldtest
atan2f
cosf
expf
fmodf
logf
powf
sinf
tanf

api-ms-win-crt-runtime-l1-1-0

_c_exit
_cexit
_configure_narrow_argv
_crt_atexit
_errno
_exit
_get_narrow_winmain_command_line
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_set_app_type
abort
exit
terminate

api-ms-win-crt-time-l1-1-0

_strftime_l

api-ms-win-crt-string-l1-1-0

_stricmp
_strlwr_s
_strupr_s
strcpy_s
strncmp
strncpy_s
strnlen

api-ms-win-crt-convert-l1-1-0

atof
atoi
strtoul

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 471KB - Virtual size: 471KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 321B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ed1581a876e00fad2d4dd9bd3284681

Headers

DLL Characteristics

File Characteristics

Imports

logger_x64_rwdi

filesystem_x64_rwdi

engine_x64_rwdi

kernel32

user32

gdi32

advapi32

memdump_x64_rwdi

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

Exports

Exports

Sections

.text Size: 471KB - Virtual size: 471KB

.rdata Size: 146KB - Virtual size: 146KB

.data Size: 32KB - Virtual size: 43KB

.pdata Size: 24KB - Virtual size: 24KB

.00cfg Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 321B

_RDATA Size: 44KB - Virtual size: 43KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 471KB - Virtual size: 471KB

.rdata
Size: 146KB - Virtual size: 146KB

.data
Size: 32KB - Virtual size: 43KB

.pdata
Size: 24KB - Virtual size: 24KB

.00cfg
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 321B

_RDATA
Size: 44KB - Virtual size: 43KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 12KB - Virtual size: 11KB