Forts[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Forts.exe
Size

6.1MB
MD5

53bb99d6b3b280ca4912be91af227f1d
SHA1

37cd0dc32a2c8fe96f8912c980fe2e03be899a1a
SHA256

c5ae2a5d7c265e4505c324a0e62586a81dc2731931e09b56f719086c413f61c0
SHA512

cc9b40ef1d198392b2a86c31c6e910001f120292c56234ca00366ec522947fe756f232c824e81b79c636fb2066afa477f24ad488cfa3e2c49ddf77503d44c967
SSDEEP

196608:xs4hcbM4/3e9ocTnAPY1aJ2AQ34zyA5Z/wGOR4e93K:xspYIu9ocLAg1AhyA5ZU4ek

Score

1^/10

Malware Config

Signatures

Files

Forts.exe
.exe windows x86

8e0f31f19aaf1408464eab51f13ca026

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2c:5c:52:44:72:98:e1:d5:35:81:17:a7:f7:d4:b8:83
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

08/09/2021, 00:00

Not After

07/09/2024, 23:59

Subject

CN=EarthWork Games Pty Ltd,O=EarthWork Games Pty Ltd,ST=South Australia,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a0:3c:3b:d6:8d:6c:2f:2e:09:d4:4f:27:b4:ad:4a:8b:fe:84:ce:67
Signer

Actual PE Digest

a0:3c:3b:d6:8d:6c:2f:2e:09:d4:4f:27:b4:ad:4a:8b:fe:84:ce:67

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=EarthWork Games Pty Ltd,O=EarthWork Games Pty Ltd,ST=South Australia,C=AU

16/03/2023, 15:36
Valid: true

Chain 1

CN=EarthWork Games Pty Ltd,O=EarthWork Games Pty Ltd,ST=South Australia,C=AU

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

steam_api

SteamMatchmaking
SteamFriends
SteamClient
SteamAPI_Init
SteamGameServer
SteamAPI_RunCallbacks
SteamAPI_UnregisterCallback
SteamAPI_RegisterCallback
SteamMatchmakingServers
SteamAPI_RegisterCallResult
SteamUserStats
SteamUGC
SteamGameServer_Shutdown
SteamGameServer_RunCallbacks
SteamGameServerNetworking
SteamNetworking
SteamGameServer_Init
SteamAPI_UnregisterCallResult
SteamUtils
SteamUser
SteamApps
SteamAPI_Shutdown

dbghelp

MiniDumpWriteDump

shlwapi

PathIsDirectoryA
PathIsDirectoryW

opengl32

wglGetProcAddress
wglCreateContext
glMultMatrixf
glLoadMatrixf
wglMakeCurrent
glAlphaFunc
glClear
glClearColor
glColorMask
glDepthFunc
glFlush
glHint
glOrtho
glPixelStorei
glPolygonMode
glReadBuffer
glScissor
glGetIntegerv
glEnable
glBlendFunc
glBegin
glColor4fv
glTexCoord2f
glVertex3f
glEnd
glDeleteLists
glPushMatrix
glLoadIdentity
glPopMatrix
glDisable
glColor4f
glVertex2f
glLineWidth
glBindTexture
glColor3f
glGenLists
glNewList
glVertex3fv
glEndList
glCallList
glTranslatef
glScalef
glMatrixMode
glGetFloatv
glTexParameteri
glGetString
glRotatef
wglGetCurrentDC
glPushClientAttrib
glPopClientAttrib
glGenTextures
glPushAttrib
glPopAttrib
glTexEnvf
glDeleteTextures
wglGetCurrentContext
glVertex2d
glColor3fv
glTexSubImage2D
glTexImage2D
glReadPixels
glViewport
glShadeModel

ws2_32

ntohs
htons
getsockopt
ntohl
htonl
ioctlsocket
getsockname
getpeername
WSAStartup
inet_addr
connect
closesocket
bind
send
recv
gethostbyname
inet_ntoa
WSASetLastError
select
__WSAFDIsSet
socket
gethostname
setsockopt
sendto
recvfrom
listen
accept
freeaddrinfo
WSAIoctl
WSACleanup
WSAGetLastError
getaddrinfo

fmod

?getChannelsPlaying@System@FMOD@@QAG?AW4FMOD_RESULT@@PAH0@Z
?getMasterChannelGroup@System@FMOD@@QAG?AW4FMOD_RESULT@@PAPAVChannelGroup@2@@Z
?setPosition@Channel@FMOD@@QAG?AW4FMOD_RESULT@@II@Z
?setVolumeRamp@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?set3DCustomRolloff@Sound@FMOD@@QAG?AW4FMOD_RESULT@@PAUFMOD_VECTOR@@H@Z
?stop@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?isPlaying@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@PA_N@Z
?getChannel@System@FMOD@@QAG?AW4FMOD_RESULT@@HPAPAVChannel@2@@Z
?getIndex@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?getUserData@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@PAPAX@Z
?getPosition@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAII@Z
?setPaused@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?set3DAttributes@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@PBUFMOD_VECTOR@@0@Z
?setOutput@System@FMOD@@QAG?AW4FMOD_RESULT@@W4FMOD_OUTPUTTYPE@@@Z
?getNumDrivers@System@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?getDriverInfo@System@FMOD@@QAG?AW4FMOD_RESULT@@HPADHPAUFMOD_GUID@@PAHPAW4FMOD_SPEAKERMODE@@2@Z
?setDriver@System@FMOD@@QAG?AW4FMOD_RESULT@@H@Z
?getDriver@System@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?setSoftwareChannels@System@FMOD@@QAG?AW4FMOD_RESULT@@H@Z
?setAdvancedSettings@System@FMOD@@QAG?AW4FMOD_RESULT@@PAUFMOD_ADVANCEDSETTINGS@@@Z
?getAdvancedSettings@System@FMOD@@QAG?AW4FMOD_RESULT@@PAUFMOD_ADVANCEDSETTINGS@@@Z
?set3DSettings@System@FMOD@@QAG?AW4FMOD_RESULT@@MMM@Z
?createStream@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDIPAUFMOD_CREATESOUNDEXINFO@@PAPAVSound@2@@Z
?setCallback@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@P6G?AW43@PAUFMOD_CHANNELCONTROL@@W4FMOD_CHANNELCONTROL_TYPE@@W4FMOD_CHANNELCONTROL_CALLBACK_TYPE@@PAX3@Z@Z
?setUserData@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@PAX@Z
?getRecordNumDrivers@System@FMOD@@QAG?AW4FMOD_RESULT@@PAH0@Z
?getRecordDriverInfo@System@FMOD@@QAG?AW4FMOD_RESULT@@HPADHPAUFMOD_GUID@@PAHPAW4FMOD_SPEAKERMODE@@2PAI@Z
?getRecordPosition@System@FMOD@@QAG?AW4FMOD_RESULT@@HPAI@Z
?recordStart@System@FMOD@@QAG?AW4FMOD_RESULT@@HPAVSound@2@_N@Z
?recordStop@System@FMOD@@QAG?AW4FMOD_RESULT@@H@Z
?isRecording@System@FMOD@@QAG?AW4FMOD_RESULT@@HPA_N@Z
?lock@Sound@FMOD@@QAG?AW4FMOD_RESULT@@IIPAPAX0PAI1@Z
?unlock@Sound@FMOD@@QAG?AW4FMOD_RESULT@@PAX0II@Z
?setPriority@Channel@FMOD@@QAG?AW4FMOD_RESULT@@H@Z
?setVolume@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?playSound@System@FMOD@@QAG?AW4FMOD_RESULT@@PAVSound@2@PAVChannelGroup@2@_NPAPAVChannel@2@@Z
?release@Sound@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?set3DMinMaxDistance@Sound@FMOD@@QAG?AW4FMOD_RESULT@@MM@Z
?createSound@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDIPAUFMOD_CREATESOUNDEXINFO@@PAPAVSound@2@@Z
?setMode@Sound@FMOD@@QAG?AW4FMOD_RESULT@@I@Z
?set3DListenerAttributes@System@FMOD@@QAG?AW4FMOD_RESULT@@HPBUFMOD_VECTOR@@000@Z
?getLength@Sound@FMOD@@QAG?AW4FMOD_RESULT@@PAII@Z
?getCurrentSound@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAPAVSound@2@@Z

fmodstudio

?getPlaybackState@EventInstance@Studio@FMOD@@QBG?AW4FMOD_RESULT@@PAW4FMOD_STUDIO_PLAYBACK_STATE@@@Z
?unload@Bank@Studio@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?loadBankMemory@System@Studio@FMOD@@QAG?AW4FMOD_RESULT@@PBDHW4FMOD_STUDIO_LOAD_MEMORY_MODE@@IPAPAVBank@23@@Z
?loadBankFile@System@Studio@FMOD@@QAG?AW4FMOD_RESULT@@PBDIPAPAVBank@23@@Z
?getParameterByName@System@Studio@FMOD@@QBG?AW4FMOD_RESULT@@PBDPAM1@Z
?getCoreSystem@System@Studio@FMOD@@QBG?AW4FMOD_RESULT@@PAPAV13@@Z
?release@System@Studio@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?initialize@System@Studio@FMOD@@QAG?AW4FMOD_RESULT@@HIIPAX@Z
?getAdvancedSettings@System@Studio@FMOD@@QAG?AW4FMOD_RESULT@@PAUFMOD_STUDIO_ADVANCEDSETTINGS@@@Z
?setAdvancedSettings@System@Studio@FMOD@@QAG?AW4FMOD_RESULT@@PAUFMOD_STUDIO_ADVANCEDSETTINGS@@@Z
?create@System@Studio@FMOD@@SG?AW4FMOD_RESULT@@PAPAV123@I@Z
?setParameterByName@System@Studio@FMOD@@QAG?AW4FMOD_RESULT@@PBDM_N@Z
?setListenerAttributes@System@Studio@FMOD@@QAG?AW4FMOD_RESULT@@HPBUFMOD_3D_ATTRIBUTES@@PBUFMOD_VECTOR@@@Z
?getEvent@System@Studio@FMOD@@QBG?AW4FMOD_RESULT@@PBDPAPAVEventDescription@23@@Z
?isOneshot@EventDescription@Studio@FMOD@@QBG?AW4FMOD_RESULT@@PA_N@Z
?loadSampleData@EventDescription@Studio@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?createInstance@EventDescription@Studio@FMOD@@QBG?AW4FMOD_RESULT@@PAPAVEventInstance@23@@Z
?set3DAttributes@EventInstance@Studio@FMOD@@QAG?AW4FMOD_RESULT@@PBUFMOD_3D_ATTRIBUTES@@@Z
?start@EventInstance@Studio@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?release@EventInstance@Studio@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?setParameterByName@EventInstance@Studio@FMOD@@QAG?AW4FMOD_RESULT@@PBDM_N@Z
?setPaused@EventInstance@Studio@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?update@System@Studio@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?setVolume@EventInstance@Studio@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?stop@EventInstance@Studio@FMOD@@QAG?AW4FMOD_RESULT@@W4FMOD_STUDIO_STOP_MODE@@@Z
?getID@EventDescription@Studio@FMOD@@QBG?AW4FMOD_RESULT@@PAUFMOD_GUID@@@Z
?getLength@EventDescription@Studio@FMOD@@QBG?AW4FMOD_RESULT@@PAH@Z

devil

ilGetInteger
ilSetInteger
ilGetError
ilLoadL
ilOriginFunc
ilInit
ilSave
ilEnable
ilBindImage
ilDeleteImage
ilGenImage

ilu

iluErrorString
iluFlipImage
iluInit
iluScale
iluGetInteger

ilut

ilutGLScreen
ilutGetInteger
ilutInit
ilutGLBindTexImage
ilutGLBindMipmaps
ilutRenderer
ilutGLBuildMipmaps
ilutGLTexImage

advapi32

CryptGenRandom
GetUserNameA
CryptAcquireContextA
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext

crypt32

CertFreeCertificateContext

wldap32

ord41
ord22
ord50
ord27
ord32
ord33
ord60
ord211
ord26
ord143
ord35
ord79
ord30
ord200
ord301
ord46

normaliz

IdnToAscii

kernel32

HeapSize
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExA
FlushFileBuffers
SetStdHandle
FormatMessageA
GetTimeZoneInformation
CreateDirectoryW
MoveFileExW
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleMode
GetTickCount64
SetFilePointerEx
ReadFile
GetACP
InitializeCriticalSectionEx
SleepEx
VerSetConditionMask
GetSystemDirectoryA
LoadLibraryA
VerifyVersionInfoA
ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcmpA
WriteFile
GetStdHandle
HeapReAlloc
HeapFree
HeapAlloc
SetEndOfFile
PeekNamedPipe
GetFileType
CreateFileW
ExitProcess
GetModuleHandleExW
ExitThread
RemoveDirectoryW
GetCurrentDirectoryW
GetCurrentDirectoryA
SetCurrentDirectoryW
SetCurrentDirectoryA
SetEnvironmentVariableW
ReadConsoleW
SetEnvironmentVariableA
GetFullPathNameW
GetDriveTypeW
DeleteFileW
RtlUnwind
RaiseException
LoadLibraryW
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
VirtualProtect
GetVersionExW
SetHandleInformation
CreatePipe
CreateProcessW
InterlockedIncrement
InterlockedDecrement
LoadLibraryExW
GetModuleFileNameW
FreeLibraryAndExitThread
FreeLibrary
GetThreadTimes
OutputDebugStringW
UnregisterWait
RegisterWaitForSingleObject
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
CreateThread
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetCurrentProcessId
CreateProcessA
GetTempPathW
GetFileAttributesExW
GetConsoleCP
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLocalTime
GlobalLock
GlobalUnlock
GetLastError
FindClose
GetFileTime
CloseHandle
FileTimeToSystemTime
lstrlenW
CreateDirectoryA
CreateFileA
GetFileAttributesA
GetFileAttributesW
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
MoveFileA
MultiByteToWideChar
WideCharToMultiByte
CreateToolhelp32Snapshot
GetFileSizeEx
DeleteFileA
VirtualAlloc
VirtualFree
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventA
CreateSemaphoreA
GetModuleFileNameA
CopyFileA
CreateMutexA
ReleaseMutex
GetCurrentProcess
GetProcessId
GetCurrentThreadId
GetProcessHeap
HeapSetInformation
SetThreadAffinityMask
GetCurrentThread
Module32First
Module32Next
RemoveDirectoryA
GetModuleHandleA
Sleep
OutputDebugStringA
SetThreadPriority
GetDateFormatA
GetTimeFormatA
GetShortPathNameW
TerminateThread
CompareFileTime
GetSystemInfo
WaitForMultipleObjects
GetExitCodeProcess
SystemTimeToTzSpecificLocalTime
GetUserDefaultLCID
GetLocaleInfoA
DuplicateHandle
WaitForSingleObjectEx
TryEnterCriticalSection
GetStringTypeW
EncodePointer
DecodePointer
GetCPInfo
QueryPerformanceCounter
QueryPerformanceFrequency
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW

user32

GetActiveWindow
SetCursorPos
GetCursorPos
GetKeyState
ScreenToClient
PtInRect
BringWindowToTop
EnumWindows
GetWindowThreadProcessId
ChangeDisplaySettingsExA
ReleaseDC
GetMonitorInfoA
GetClipboardData
ClientToScreen
FlashWindowEx
SetFocus
DefWindowProcW
GetClientRect
PostQuitMessage
ClipCursor
SystemParametersInfoA
GetWindowLongA
CreateWindowExA
RegisterClassA
DispatchMessageA
OpenClipboard
CloseClipboard
GetWindowRect
EnumDisplaySettingsA
GetDC
GetSystemMetrics
EnumDisplaySettingsExA
EnumDisplayMonitors
ShowCursor
DestroyWindow
MessageBoxA
FindWindowW
SetForegroundWindow
ShowWindow
MessageBoxW
SetProcessDPIAware
LoadIconA
LoadCursorA
RegisterClassExW
AdjustWindowRectEx
CreateWindowExW
SetWindowPos
SetWindowTextA
SendMessageA
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
DefWindowProcA
PeekMessageA
GetMessageA

gdi32

SwapBuffers
ChoosePixelFormat
DescribePixelFormat
SetPixelFormat
GetDeviceCaps

shell32

ShellExecuteW
ShellExecuteA
ShellExecuteExA
SHFileOperationW

dinput8

DirectInput8Create

winmm

waveInClose
waveInStop

imm32

ImmAssociateContext
ImmGetContext

Sections

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bind
Size: 195KB - Virtual size: 195KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8e0f31f19aaf1408464eab51f13ca026

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

2c:5c:52:44:72:98:e1:d5:35:81:17:a7:f7:d4:b8:83Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

a0:3c:3b:d6:8d:6c:2f:2e:09:d4:4f:27:b4:ad:4a:8b:fe:84:ce:67Signer

Signature Validations

Verification

16/03/2023, 15:36 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

steam_api

dbghelp

shlwapi

opengl32

ws2_32

fmod

fmodstudio

devil

ilu

ilut

advapi32

crypt32

wldap32

normaliz

kernel32

user32

gdi32

shell32

dinput8

winmm

imm32

Sections

.text Size: 4.4MB - Virtual size: 4.4MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 76KB - Virtual size: 130KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 1KB - Virtual size: 1KB

.rsrc Size: 130KB - Virtual size: 130KB

.reloc Size: 248KB - Virtual size: 248KB

.bind Size: 195KB - Virtual size: 195KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

2c:5c:52:44:72:98:e1:d5:35:81:17:a7:f7:d4:b8:83
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

a0:3c:3b:d6:8d:6c:2f:2e:09:d4:4f:27:b4:ad:4a:8b:fe:84:ce:67
Signer

16/03/2023, 15:36
Valid: true

.text
Size: 4.4MB - Virtual size: 4.4MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 76KB - Virtual size: 130KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 130KB - Virtual size: 130KB

.reloc
Size: 248KB - Virtual size: 248KB

.bind
Size: 195KB - Virtual size: 195KB