DyingLightGame[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

DyingLightGame.exe
Size

994KB
MD5

293d41a008e62a74b813c94c04985182
SHA1

397f28a8c63b2b004eb7f86cc80956d1672de196
SHA256

b1c18790a14d2d7eed8f30354191ad748e2da41ee29fc0e8cd2d1c72dea54950
SHA512

12081d05c5ab4dfee2f4eadb7bd122eca48b5cf904bbeba89890347490051e872eecf103e5885f4536ee07f99dc0219775500294fd412be15d45abdf8b871dda
SSDEEP

6144:eqPldI/alRAP1yfFqsrGrjeLX1ggggg4tnD4j8HfLmfM:eqPldI/a8PyFqsrU8/D4AHDmU

Score

1^/10

Malware Config

Signatures

Files

DyingLightGame.exe
.exe windows x64

b91986edd2ee69a309ace099e425cd99

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:31:61:0a:db:ed:ec:54:df:31:52:f3:cd:75:65:1d
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/06/2021, 00:00

Not After

20/06/2023, 23:59

Subject

CN=Techland S.A.,O=Techland S.A.,L=Ostrów Wielkopolski,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5a:ed:7b:72:03:3f:01:c4:d6:e7:66:cc:0f:80:f5:4f:93:80:a2:1f
Signer

Actual PE Digest

5a:ed:7b:72:03:3f:01:c4:d6:e7:66:cc:0f:80:f5:4f:93:80:a2:1f

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Techland S.A.,O=Techland S.A.,L=Ostrów Wielkopolski,C=PL

02/03/2022, 13:40
Valid: true

Chain 1

CN=Techland S.A.,O=Techland S.A.,L=Ostrów Wielkopolski,C=PL

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

vcruntime140

strstr
_purecall
__std_terminate
__CxxFrameHandler3
__RTDynamicCast
memcpy
memmove
memset
__C_specific_handler

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
realloc
free

api-ms-win-crt-runtime-l1-1-0

exit
_exit
_cexit
_initterm
_c_exit
_initialize_narrow_environment
_configure_narrow_argv
_register_thread_local_exe_atexit_callback
_initterm_e
_seh_filter_exe
_set_app_type
terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_errno
_get_narrow_winmain_command_line

api-ms-win-crt-math-l1-1-0

sinf
expf
cosf
fmodf
__setusermatherr
powf
logf
tanf
log10f

api-ms-win-crt-stdio-l1-1-0

_fileno
__stdio_common_vsprintf_s
_isatty
_set_fmode
fread
__stdio_common_vsprintf
fwrite
__stdio_common_vfprintf
getc
clearerr
__acrt_iob_func
ferror
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

kernel32

DeactivateActCtx
GetCurrentDirectoryA
GetModuleHandleA
CreateMutexA
ExitProcess
lstrlenA
FindActCtxSectionStringW
GetModuleFileNameW
OutputDebugStringA
GetModuleHandleExW
SetLastError
ActivateActCtx
CreateActCtxW
CreateEventW
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
DuplicateHandle
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetModuleFileNameA
GetLastError
LoadLibraryA
LoadLibraryW
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ResetEvent
SetEvent
CloseHandle
SetProcessAffinityMask
GetProcessAffinityMask
GetCommandLineA
QueryPerformanceFrequency
SetThreadPriority
SetPriorityClass
GetThreadPriority
GetPriorityClass
SetThreadAffinityMask
GetCurrentThread
GetCurrentProcess
GetLogicalProcessorInformation
CreateDirectoryA
GetDiskFreeSpaceExA
VerifyVersionInfoW
VerSetConditionMask
QueryActCtxW

api-ms-win-crt-convert-l1-1-0

strtoul
atof
atoi
_itoa

api-ms-win-crt-filesystem-l1-1-0

_splitpath

api-ms-win-crt-string-l1-1-0

_strupr_s
_strlwr_s
strcat_s
_stricmp
strncmp
strcpy_s
strcmp

sdl2

SDL_StopTextInput
SDL_GL_DeleteContext
SDL_DestroyWindow
SDL_Quit

user32

GetSystemMetrics
LoadImageA
DispatchMessageA
MessageBoxA
PeekMessageA
TranslateMessage

gdi32

DeleteObject

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

gamedll_x64_rwdi

ShutdownGameScriptDLL
InitializeGameScriptDLL

engine_x64_rwdi

?GetFallbackSpeechID@IGame@@SA?AV?$string_base@D@ttl@@XZ
?GetFallbackLocaleID@IGame@@SA?AV?$string_base@D@ttl@@XZ
?OnPaint@IGame@@QEAAXXZ
?Initialize@IGame@@QEAAHPEADHPEAUHICON__@@1KKPEAVIProgressIndicator@@@Z
?ToString@ELanguage@@YAPEBDW4TYPE@1@@Z
HideSplashscreen
DumpRTTI
UninitializeGameScript
?GetAssetManager@@YAPEAUAssetManager@@XZ
Main
GetEngineDllVersion
?DestroyMountHelper@Mount@@YAXPEAVIMountHelper@1@@Z
?CreateMountHelper@Mount@@YAPEAVIMountHelper@1@PEBD00@Z
InitializeGameScript
InitializeGameScriptFn
DestroyGame
ShowSplashscreen
CreateGame
?ShutdownOnlineServices@IGame@@SAXXZ
?InitializeOnlineServices@IGame@@SA_NPEAX@Z
?SetSpeechID@IGame@@QEBA_NPEBD_N@Z
?SetLocaleID@IGame@@QEBA_NPEBD@Z
?CheckForceLangParameter@IGame@@SA?AV?$string_base@D@ttl@@AEAV23@@Z
?GetDefaultSpeechID@IGame@@SA?AV?$string_base@D@ttl@@AEBV23@@Z
?GetDefaultLocaleID@IGame@@SA?AV?$string_base@D@ttl@@XZ
?SetRootDirectory@IGame@@QEAA_NPEBD@Z

filesystem_x64_rwdi

?is_full_path@fs@@YA_NPEBD@Z
?shutdown@fs@@YAXXZ
?does_dir_exist@fs@@YA_NPEBD@Z
?CrashClose@@YAXXZ
?init@fs@@YA_NPEBDW4ENUM@FFSAddSourceFlags@@0_N2PEAPEBD@Z
?g_SdlManager@@3PEAVSDL@@EA
?_CLFilter@@YA?AW4ENUM@CLFilterAction@@I@Z
?_CLogV@@YAXW4TYPE@ELevel@Log@@PEBD1HW4ENUM@CLFilterAction@@W44CLLineMode@@1PEAD@Z
?_CLog@@YAXW4TYPE@ELevel@Log@@PEBD1HW4ENUM@CLFilterAction@@W44CLLineMode@@AEBV?$string_base@D@ttl@@@Z
?_CLogCategoryFromLabel@@YA?AV?$string_base@D@ttl@@I@Z
?_CLogLevelFromId@@YA?AW4TYPE@ELevel@Log@@I@Z
??_7ifile@fs@@6B@
??_7file@fs@@6B@
?close@file@fs@@UEAAXXZ
?open@file@fs@@UEAA_NPEBDW4TYPE@EFSMode@@W4FLAGS@FFSOpenFlags@@@Z
?length@file@fs@@UEAA_KXZ
?read@file@fs@@UEAA_KPEAX_K@Z
??1file@fs@@UEAA@XZ
?exists@fs@@YA_NPEBD@Z
?GenerateDump@@YAHKPEAU_EXCEPTION_POINTERS@@@Z
?WriteFullDump@@YAXKPEAU_EXCEPTION_POINTERS@@PEBD_NPEAD@Z
?_CLog@@YAXW4TYPE@ELevel@Log@@PEBD1HW4ENUM@CLFilterAction@@W44CLLineMode@@1ZZ
?CrashShowMessageBox@@YAX_N@Z
?GetDumpFunction@@YAP6A?AW4TYPE@EDumpResult@@KPEAU_EXCEPTION_POINTERS@@@ZXZ
?Instance@Settings@Log@@SAAEAV12@XZ
?GetCategoryLevel@Settings@Log@@QEBA?AW4TYPE@ELevel@2@PEBD@Z
?SetDumpFunction@@YAXP6A?AW4TYPE@EDumpResult@@KPEAU_EXCEPTION_POINTERS@@@Z@Z

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 261KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 549KB - Virtual size: 549KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b91986edd2ee69a309ace099e425cd99

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

01:31:61:0a:db:ed:ec:54:df:31:52:f3:cd:75:65:1dCertificate

Extended Key Usages

Key Usages

5a:ed:7b:72:03:3f:01:c4:d6:e7:66:cc:0f:80:f5:4f:93:80:a2:1fSigner

Signature Validations

Verification

02/03/2022, 13:40 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

kernel32

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

sdl2

user32

gdi32

advapi32

gamedll_x64_rwdi

engine_x64_rwdi

filesystem_x64_rwdi

Exports

Exports

Sections

.text Size: 261KB - Virtual size: 261KB

.rdata Size: 103KB - Virtual size: 103KB

.data Size: 13KB - Virtual size: 17KB

.pdata Size: 12KB - Virtual size: 12KB

_RDATA Size: 41KB - Virtual size: 41KB

.rsrc Size: 549KB - Virtual size: 549KB

.reloc Size: 4KB - Virtual size: 3KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

01:31:61:0a:db:ed:ec:54:df:31:52:f3:cd:75:65:1d
Certificate

5a:ed:7b:72:03:3f:01:c4:d6:e7:66:cc:0f:80:f5:4f:93:80:a2:1f
Signer

02/03/2022, 13:40
Valid: true

.text
Size: 261KB - Virtual size: 261KB

.rdata
Size: 103KB - Virtual size: 103KB

.data
Size: 13KB - Virtual size: 17KB

.pdata
Size: 12KB - Virtual size: 12KB

_RDATA
Size: 41KB - Virtual size: 41KB

.rsrc
Size: 549KB - Virtual size: 549KB

.reloc
Size: 4KB - Virtual size: 3KB