76b2f859e5b57a2975cd0eed0235ffbe[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

76b2f859e5b57a2975cd0eed0235ffbe.bin
Size

2.2MB
MD5

25e86c406e037cac6c68a518b2fbc7e7
SHA1

8562105fadf14fd8d6f2ca89158f54f7011fc22c
SHA256

f34ed4d3ed85a8ea09e0926434df3ca0c632b4330cb1e264df3df200bd9904bd
SHA512

f59e3422a68d1f1def038a970bb5fd86e86000895682948969aa63931661f206acb658952a50ea676988ff725e32bcc0c813ee1438de0868e732a6055aabdf6f
SSDEEP

49152:S6OqrTcNe5mmYvIM82cW7YoZhmegeDN2WEQhvyW9NQaFAlzVb:S63pmDp7df2WEQhFNnGVb

Score

1^/10

Malware Config

Signatures

Files

76b2f859e5b57a2975cd0eed0235ffbe.bin
.zip

Password: infected
7d9c542882a02d978433476a209adf52e29c7e044d2da10bcb22359bb66b7cd5.bin
.dll windows x86

Password: infected

dfe4f2970df42d86abfe6a6712146e58

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

07/10/2021, 00:00

Not After

09/10/2024, 23:59

Subject

CN=Valve Corp.,O=Valve Corp.,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:fc:62:84:2f:a7:e0:dc:27:81:f5:4e:49:af:52:c1:97:5d:fd:4c:2e:91:b8:80:57:d5:65:37:91:a9:82:35
Signer

Actual PE Digest

77:fc:62:84:2f:a7:e0:dc:27:81:f5:4e:49:af:52:c1:97:5d:fd:4c:2e:91:b8:80:57:d5:65:37:91:a9:82:35

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Valve Corp.,O=Valve Corp.,L=Bellevue,ST=Washington,C=US

10/02/2023, 02:40
Valid: true

Chain 1

CN=Valve Corp.,O=Valve Corp.,L=Bellevue,ST=Washington,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=Valve Corp.,O=Valve Corp.,L=Bellevue,ST=Washington,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
CreateFileW
FindClose
FindFirstFileW
GetFileAttributesW
DeviceIoControl
CreateDirectoryW
CreateFileA
DeleteFileW
GetFileSize
GetFullPathNameW
WriteFile
SetLastError
FreeLibrary
GetModuleFileNameW
LoadLibraryA
LocalFree
MoveFileExW
MultiByteToWideChar
ExitProcess
FindFirstFileExW
FindNextFileW
FlushFileBuffers
HeapAlloc
GetDriveTypeW
GetFileInformationByHandle
GetFileSizeEx
ReadFile
SetEndOfFile
SetFilePointer
SetFileTime
GetOverlappedResult
CancelIo
SetProcessShutdownParameters
GetCurrentProcessId
GetEnvironmentVariableA
GetLongPathNameA
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
WaitForMultipleObjects
CreateEventA
ResetEvent
SetEvent
GetModuleHandleExA
GetCurrentThreadId
GetCurrentProcess
CreateMutexA
WaitForSingleObject
ReleaseMutex
DeleteCriticalSection
InitializeCriticalSection
GetLastError
GetModuleHandleA
OpenProcess
GetExitCodeProcess
CloseHandle
GetProcAddress
GetProcessHeap
SleepEx
GetSystemTimeAsFileTime
GetLogicalDriveStringsA
ReadDirectoryChangesW
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
GetModuleHandleW
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
DuplicateHandle
WideCharToMultiByte
GetStringTypeW
InitOnceBeginInitialize
InitOnceComplete
EncodePointer
DecodePointer
InitializeCriticalSectionEx
LCMapStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
RtlUnwind
RaiseException
LeaveCriticalSection
GetDiskFreeSpaceA
EnterCriticalSection
InterlockedFlushSList
TlsAlloc
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
SystemTimeToFileTime
GetSystemTime
ReadConsoleA
SetConsoleMode
ConvertFiberToThread
DeleteFiber
GetEnvironmentVariableW
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
GetStdHandle
GetConsoleOutputCP
GetConsoleMode
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetFilePointerEx
SetConsoleCtrlHandler
ReadConsoleW
GetCurrentDirectoryW
SetStdHandle
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW

user32

ShowWindow
GetWindowLongA
PeekMessageA
GetMessageA
SetWindowLongA
DispatchMessageA
TranslateMessage
SetParent
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
GetParent
GetClientRect

advapi32

DeregisterEventSource
ReportEventW
RegQueryValueExW
RegOpenKeyExA
RegEnumValueW
RegDeleteValueW
LookupPrivilegeValueA
AdjustTokenPrivileges
SetSecurityDescriptorDacl
IsValidSid
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
GetLengthSid
CreateWellKnownSid
CopySid
AddAccessAllowedAce
OpenProcessToken
RegQueryValueExA
RegOpenKeyA
RegCloseKey
RegisterEventSourceW

shell32

ShellExecuteW
SHGetKnownFolderPath

ole32

CoTaskMemFree
OleUninitialize
OleInitialize

oleaut32

VariantClear

psapi

GetModuleFileNameExW

tier0_s

?Pop@CValidator@@QAEXXZ
?AssertFailed@?$AssertMsgHelper@$0A@@@SA_NPBDI0ZZ
?ClaimMemory@CValidator@@QAEXPBX@Z
VProfInternalEnterScopeCurrentThread
CVProfile_ExitScope
g_VProfProfilesRunningCount
Msg
?Init@CThread@@MAE_NXZ
?OnExit@CThread@@MAEXXZ
?IsThreadRunning@CThread@@MBE_NXZ
?GetThreadProc@CThread@@EAEP6GIPAX@ZXZ
??0CThreadMutex@@QAE@XZ
??1CThreadMutex@@QAE@XZ
??0CThread@@QAE@XZ
??1CThread@@UAE@XZ
?Start@CThread@@QAE_NI@Z
?IsAlive@CThread@@QBE_NXZ
?Join@CThread@@QAE_NI@Z
?IsClaimed@CValidator@@QBE_NPBX@Z
Warning
Plat_FloatTime
Plat_MSTime
Plat_CommandLineParamExists
Plat_CommandLineParamValue
Plat_IsGamescope
ETW_Steamworks_RunCallbacks_Start
ETW_Steamworks_RunCallbacks_End_
ETW_Steamworks_DispatchCallback_Start
ETW_Steamworks_DispatchCallback_End_
Log
?GetCPUInformation@@YAABUCPUInformation@@XZ
Plat_IsInDebugSession
Plat_RelativeTicks
Plat_gmtime
Plat_GetExecutablePath
SpewOutputFunc
ThreadSleep
ThreadGetCurrentProcessId
?Get@CThreadLocalBase@@QBEPAXXZ
VProfInternalGetProfileForCurrentThread
?MarkFrame@CVProfile@@QAEXPBD@Z
g_pMemAllocSteam
?StartProfilingAllThreads@CVProfManager@@QAEXXZ
?StopProfilingAllThreads@CVProfManager@@QAEXXZ
?DumpAllThreadProfiles@CVProfManager@@QAEXH@Z
CatchAndWriteMiniDumpForVoidPtrFn
SetMiniDumpBuildID
SetMiniDumpSteamID
g_VProfile
g_VProfManager
?SetName@CThread@@QAEXPBD@Z
?AssertFailed@?$AssertMsgHelper@$00@@SA_NPBDI0@Z
?Push@CValidator@@QAEXPBDPAX0@Z
Plat_MSTime64
ThreadShellExecute
ThreadIsProcessIdActive
Plat_ExitProcess
WriteMiniDump
g_dwDllEntryThreadId
Error
Plat_IsChromeOS
GetLocalHostname
BGetLocalFQDN
Plat_GetExecutablePathUTF8
Plat_localtime
Is64BitOS
Plat_OutputDebugString
?Set@CThreadEvent@@QAE_NXZ
?ClaimArrayMemory@CValidator@@QAEXPBX@Z
ThreadImplOneTimeInit
ThreadInterlockedExchangeAdd64
SecureRandomBytes
fopen_utf8_internal
Plat_RelativeTickFrequency
Plat_ctime
_DMsg
g_ClockSpeed
Test_SetFailed
Test_IsActive
?Lock@CThreadSpinLock@@ACEXI@Z
?Set@CThreadLocalBase@@QAEXPAX@Z
??1CThreadLocalBase@@QAE@XZ
?CleanupUnusedProfiles@CVProfManager@@QAEXXZ
??0CThreadLocalBase@@QAE@XZ
ThreadInMainThread
ReleaseThreadHandle
?CreateSimpleThread@@YAPAXP6AIPAX@Z0PAII@Z
_SpewMessageType
GetSpewOutputFunc
Plat_OutputDebugStringRaw
getcwd_utf8

vstdlib_s

V_vsnprintfRet
V_StrSubstInPlace
V_FixSlashes
V_URLDecodeRaw
StringAfterPrefix
V_strnicmp
V_UTF16ToUTF8
?V_SplitStringInternal@@YAXPBDPBQBDQAPBDHAAV?$CUtlVector@VCUtlString@@V?$CUtlMemory@VCUtlString@@@@@@_N@Z
WeakRandomInt
V_StripFilename
V_strncpy
V_pretifymem
V_URLEncode
V_StrSkipArticles
V_UTF8ToUTF16
V_strncat
V_SplitNumbers
V_StripPrecedingAndTrailingWhitespace
V_snprintf
V_StripTrailingSlash
GetOSType
V_atoi
V_strtoui64
?V_stristr@@YAPBDPBD0@Z
V_snwprintf
WeakRandomFloat
??0CCommandLineParam@@QAE@PBD0@Z
??1CCommandLineParam@@QAE@XZ
CommandLine
V_strncmp
V_vsnprintf
V_MakeAbsolutePath
V_AggressiveStripPrecedingAndTrailingWhitespace
V_UTF32ToUTF8
V_URLContainsDomain
V_URLParse
V_IsSteamCloseProtocol
V_strristr
V_ParseURLQueryString
V_ParseSteamOpenURLExternalProtocol
GetPlatformName
V_ExtractDomainFromURL
V_URLCracker
V_UTF16ToUTF32
V_UTF32ToUTF16
V_binarytohex
V_wcsncpy
V_vsnwprintf
V_ExtractFileExtension
StringFindSuffix
V_strncat_length
V_ExtractFilePath
V_RemoveDotSlashes
V_AppendSlash
V_IsAbsolutePath
V_FixDoubleSlashes
V_tolower
V_strlower_fast
V_strcat
V_atof
V_wcstoui64
KeyValuesSystemSteam
V_atoui64
V_towlower32
V_towupper32
V_UChar32ToUTF16
?V_UnicodeAdvance@@YAPAGPAGH@Z
V_UTF32CharsToUTF8
V_UTF32CharsToUTF16
V_UTF16ToUChar32
CanBreakBetween
V_isbreakablewspace
V_IsValidURLCharacter
V_stricmp_prefix
V_GetFileExtension
V_WcsSkipArticles
V_SetExtension
V_StripLastDir
V_UnqualifiedFileName

ws2_32

closesocket
WSASetLastError
recv
WSACleanup
getaddrinfo
ntohs
ntohl
WSAGetLastError
freeaddrinfo
send

opengl32

glClear
glEnable
glDisable
glGetError
glMatrixMode
glBegin
glOrtho
glLoadIdentity
glClearColor
glBindTexture
glGenTextures
glTexImage2D
glEnd
glVertex2f
glColor4ub
glTexCoord2f
glPixelStorei

sdl3

SDL_GetNumVideoDisplays
SDL_GetDisplayBounds
SDL_CreateWindow
SDL_GetWindowFromID
SDL_GetWindowSize
SDL_ShowWindow
SDL_GetWindowWMInfo
SDL_RaiseWindow
SDL_DestroyWindow
SDL_GL_SetAttribute
SDL_GL_CreateContext
SDL_GL_MakeCurrent
SDL_GL_SwapWindow
SDL_GL_DeleteContext
SDL_ShowCursor
SDL_HideCursor
SDL_AddEventWatch
SDL_DelEventWatch
SDL_SetHint
SDL_InitSubSystem
SDL_WasInit

bcrypt

BCryptGenRandom

Exports

Exports

CreateInterface
WinAppMain

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

dfe4f2970df42d86abfe6a6712146e58

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4Certificate

Extended Key Usages

Key Usages

77:fc:62:84:2f:a7:e0:dc:27:81:f5:4e:49:af:52:c1:97:5d:fd:4c:2e:91:b8:80:57:d5:65:37:91:a9:82:35Signer

Signature Validations

Verification

10/02/2023, 02:40 Valid: true

Chain 1

Chain 2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

psapi

tier0_s

vstdlib_s

ws2_32

opengl32

sdl3

bcrypt

Exports

Exports

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 84KB - Virtual size: 126KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 252KB - Virtual size: 251KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4
Certificate

77:fc:62:84:2f:a7:e0:dc:27:81:f5:4e:49:af:52:c1:97:5d:fd:4c:2e:91:b8:80:57:d5:65:37:91:a9:82:35
Signer

10/02/2023, 02:40
Valid: true

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 84KB - Virtual size: 126KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 252KB - Virtual size: 251KB