MT2[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

MT2.exe
Size

39.8MB
MD5

5b4ce6d71fd7d67d55a4e5b7c812fbe2
SHA1

c63a3ef62849bdc11c2b5fe027e4199993cc6f30
SHA256

595009e8d7a6529c743520054b7ab53152c3fe261061f79b3fc250f17bff95a7
SHA512

cbccb227979ca9bd92e43f4987267464286a3be89835c4e00a21c2039e6ffd1291e60defd27594f32d3d485508e51489ebb47a0f938f9d23d6cd74faea6c31df
SSDEEP

196608:XfwSwznhPNu90Qo8XRwxdx1FLPCyKVq2ZVNH:ISwznhPNu9xvhwB1FLPwvV5

Score

1^/10

Malware Config

Signatures

Files

MT2.exe
.exe windows x64

28d148736cd511880cfdc88f0613ae68

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

sdl2

SDL_AtomicLock
SDL_AtomicTryLock
SDL_AtomicUnlock
SDL_CreateMutex
SDL_CreateRGBSurface
SDL_CreateSystemCursor
SDL_CreateThread
SDL_CreateWindow
SDL_Delay
SDL_DestroyMutex
SDL_DestroyWindow
SDL_DetachThread
SDL_FreeCursor
SDL_FreeSurface
SDL_GL_CreateContext
SDL_GL_DeleteContext
SDL_GL_GetAttribute
SDL_GL_GetCurrentContext
SDL_GL_GetDrawableSize
SDL_GL_GetSwapInterval
SDL_GL_MakeCurrent
SDL_GL_SetAttribute
SDL_GL_SetSwapInterval
SDL_GL_SwapWindow
SDL_GameControllerClose
SDL_GameControllerFromInstanceID
SDL_GameControllerGetAxis
SDL_GameControllerGetButton
SDL_GameControllerGetJoystick
SDL_GameControllerNameForIndex
SDL_GameControllerOpen
SDL_GetCPUCount
SDL_GetClipboardText
SDL_GetClosestDisplayMode
SDL_GetDisplayBounds
SDL_GetDisplayMode
SDL_GetDisplayName
SDL_GetError
SDL_GetKeyFromScancode
SDL_GetKeyName
SDL_GetKeyboardState
SDL_GetModState
SDL_GetMouseState
SDL_GetNumDisplayModes
SDL_GetNumVideoDisplays
SDL_GetPerformanceCounter
SDL_GetPerformanceFrequency
SDL_GetPrefPath
SDL_GetSurfaceBlendMode
SDL_GetVersion
SDL_GetWindowDisplayMode
SDL_GetWindowSize
SDL_GetWindowWMInfo
SDL_Init
SDL_InitSubSystem
SDL_IsTextInputActive
SDL_JoystickGetAxis
SDL_JoystickGetButton
SDL_JoystickGetHat
SDL_JoystickNumAxes
SDL_JoystickNumBalls
SDL_JoystickNumButtons
SDL_JoystickNumHats
SDL_LockMutex
SDL_PollEvent
SDL_Quit
SDL_SetClipboardText
SDL_SetCursor
SDL_SetHint
SDL_SetRelativeMouseMode
SDL_SetSurfaceBlendMode
SDL_SetTextInputRect
SDL_SetWindowDisplayMode
SDL_SetWindowFullscreen
SDL_SetWindowGrab
SDL_SetWindowPosition
SDL_SetWindowResizable
SDL_SetWindowSize
SDL_SetWindowTitle
SDL_ShowCursor
SDL_ShowSimpleMessageBox
SDL_StartTextInput
SDL_StopTextInput
SDL_ThreadID
SDL_TryLockMutex
SDL_UnlockMutex
SDL_UpperBlit
SDL_WarpMouseInWindow
SDL_free

libcurl-x64

curl_easy_cleanup
curl_easy_getinfo
curl_easy_init
curl_easy_perform
curl_easy_setopt
curl_easy_strerror
curl_formadd
curl_global_cleanup
curl_global_init
curl_multi_add_handle
curl_multi_cleanup
curl_multi_fdset
curl_multi_init
curl_multi_perform
curl_multi_timeout
curl_slist_append

exchndl

ExcHndlInit

libphysfs

PHYSFS_close
PHYSFS_deinit
PHYSFS_delete
PHYSFS_enumerateFiles
PHYSFS_fileLength
PHYSFS_freeList
PHYSFS_getBaseDir
PHYSFS_getDirSeparator
PHYSFS_getErrorByCode
PHYSFS_getLastErrorCode
PHYSFS_getLinkedVersion
PHYSFS_getRealDir
PHYSFS_getWriteDir
PHYSFS_init
PHYSFS_mkdir
PHYSFS_mount
PHYSFS_openRead
PHYSFS_openWrite
PHYSFS_readBytes
PHYSFS_seek
PHYSFS_setWriteDir
PHYSFS_stat
PHYSFS_unmount
PHYSFS_writeBytes

steam_api64

SteamAPI_ISteamClient_SetWarningMessageHook
SteamAPI_ISteamUser_GetSteamID
SteamAPI_ISteamFriends_GetFriendCount
SteamAPI_ISteamFriends_GetFriendByIndex
SteamAPI_ISteamFriends_GetFriendPersonaState
SteamAPI_ISteamFriends_GetFriendPersonaName
SteamAPI_ISteamFriends_GetLargeFriendAvatar
SteamAPI_ISteamUtils_GetImageSize
SteamAPI_ISteamUtils_GetImageRGBA
SteamAPI_ISteamUtils_ShowFloatingGamepadTextInput
SteamAPI_ISteamUtils_DismissFloatingGamepadTextInput
SteamAPI_ISteamRemoteStorage_GetLocalFileChangeCount
SteamAPI_ISteamRemoteStorage_GetLocalFileChange
SteamAPI_ISteamApps_GetCurrentGameLanguage
SteamAPI_ISteamApps_GetCurrentBetaName
SteamAPI_ISteamInput_SetInputActionManifestFilePath
SteamAPI_ISteamInput_GetActionSetHandle
SteamAPI_ISteamInput_ActivateActionSet
SteamAPI_ISteamInput_GetDigitalActionHandle
SteamAPI_ISteamInput_GetDigitalActionData
SteamAPI_ISteamInput_GetAnalogActionHandle
SteamAPI_ISteamInput_GetAnalogActionData
SteamAPI_RunCallbacks
SteamAPI_GetHSteamUser
SteamInternal_ContextInit
SteamInternal_CreateInterface
SteamInternal_FindOrCreateUserInterface
SteamAPI_RegisterCallback
SteamAPI_UnregisterCallback
SteamAPI_Init
SteamAPI_Shutdown
SteamAPI_RestartAppIfNecessary

dbghelp

StackWalk64
SymCleanup
SymFunctionTableAccess64
SymGetModuleBase64
SymInitialize

kernel32

CloseHandle
CreateFileW
CreateHardLinkW
CreateSemaphoreA
CreateSemaphoreW
DeleteCriticalSection
DeleteFileW
EnterCriticalSection
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
FreeLibrary
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileInformationByHandle
GetFileSizeEx
GetFileType
GetFullPathNameW
GetLastError
GetModuleHandleW
GetProcAddress
GetStartupInfoA
GetTempPathW
GetVolumeInformationW
GlobalLock
GlobalMemoryStatusEx
GlobalUnlock
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
MoveFileExW
MultiByteToWideChar
RaiseException
ReleaseSemaphore
RemoveDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetEndOfFile
SetFilePointer
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteConsoleW
__C_specific_handler

msvcrt

___lc_codepage_func
___mb_cur_max_func
__argc
__argv
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthreadex
_cexit
_close
_commode
_endthreadex
_errno
_filelengthi64
_fileno
_findclose
_fmode
_fstat64
_get_osfhandle
_gmtime64
_initterm
_isatty
_localtime64
_lock
_lseeki64
_onexit
_strnicmp
_telli64
_time64
_unlock
_vscprintf
_vsnprintf
_wchdir
_wchmod
_wfindfirst64
_wfindnext64
_wfopen
_wfullpath
_wgetcwd
_wmkdir
_wopen
_wstat64
_wutime64
abort
acos
atoi
calloc
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fopen
fprintf
fputc
fputs
fread
free
frexp
fseek
fsetpos
ftell
fwrite
getc
getwc
islower
isspace
isupper
iswctype
isxdigit
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
putc
putwc
qsort
realloc
remove
rename
rewind
setlocale
setvbuf
signal
strcmp
strcoll
strerror
strftime
strlen
strncmp
strncpy
strtol
strtoul
strxfrm
tan
tolower
toupper
towlower
towupper
ungetc
ungetwc
vfprintf
wcscat
wcscmp
wcscoll
wcscpy
wcsftime
wcslen
wcsxfrm
_write
_read
_fileno
_fdopen
_close

ole32

CoLockObjectExternal
OleInitialize
RegisterDragDrop
ReleaseStgMedium

opengl32

glBindTexture
glBlendFunc
glClear
glClearColor
glClearDepth
glClearStencil
glColorMask
glCullFace
glDeleteTextures
glDepthFunc
glDepthMask
glDisable
glDrawBuffer
glDrawElements
glEnable
glGenTextures
glGetError
glGetFloatv
glGetIntegerv
glGetString
glGetTexImage
glPixelStorei
glPolygonOffset
glReadBuffer
glReadPixels
glScissor
glStencilFunc
glStencilMask
glStencilOp
glTexImage1D
glTexImage2D
glTexParameterf
glTexParameteri
glTexSubImage2D
glViewport
wglGetCurrentDC
wglGetProcAddress

shell32

DragQueryFileA
ShellExecuteA

wsock32

WSAStartup
htonl
htons
ntohl
ntohs
select

zlib1

deflate
deflateEnd
deflateInit_
inflate
inflateEnd
inflateInit_

fmodstudio

FMOD_Studio_Bank_GetEventList
FMOD_Studio_Bank_Unload
FMOD_Studio_Bus_SetVolume
FMOD_Studio_EventDescription_CreateInstance
FMOD_Studio_EventDescription_GetParameterDescriptionByIndex
FMOD_Studio_EventDescription_GetParameterDescriptionCount
FMOD_Studio_EventDescription_GetPath
FMOD_Studio_EventInstance_GetDescription
FMOD_Studio_EventInstance_GetPlaybackState
FMOD_Studio_EventInstance_Release
FMOD_Studio_EventInstance_Set3DAttributes
FMOD_Studio_EventInstance_SetParameterByName
FMOD_Studio_EventInstance_SetVolume
FMOD_Studio_EventInstance_Start
FMOD_Studio_EventInstance_Stop
FMOD_Studio_System_Create
FMOD_Studio_System_GetBus
FMOD_Studio_System_GetCoreSystem
FMOD_Studio_System_GetEvent
FMOD_Studio_System_Initialize
FMOD_Studio_System_LoadBankMemory
FMOD_Studio_System_Release
FMOD_Studio_System_SetListenerAttributes
FMOD_Studio_System_SetNumListeners
FMOD_Studio_System_Update

fmod

FMOD_ChannelGroup_Release
FMOD_ChannelGroup_SetVolume
FMOD_Channel_Stop
FMOD_Sound_GetFormat
FMOD_Sound_GetLength
FMOD_Sound_GetOpenState
FMOD_Sound_Release
FMOD_System_CreateChannelGroup
FMOD_System_CreateSound
FMOD_System_GetDriver
FMOD_System_GetDriverInfo
FMOD_System_GetNumDrivers
FMOD_System_GetVersion
FMOD_System_PlaySound
FMOD_System_SetOutput

Exports

Exports

NvOptimusEnablement

Sections

.text
Size: 13.6MB - Virtual size: 13.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 211KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 588KB - Virtual size: 592KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 368KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 145KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 538KB - Virtual size: 540KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 36KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 79KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 197KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28d148736cd511880cfdc88f0613ae68

Headers

File Characteristics

Imports

sdl2

libcurl-x64

exchndl

libphysfs

steam_api64

dbghelp

kernel32

msvcrt

ole32

opengl32

shell32

wsock32

zlib1

fmodstudio

fmod

Exports

Exports

Sections

.text Size: 13.6MB - Virtual size: 13.6MB

.data Size: 211KB - Virtual size: 212KB

.rdata Size: 5.0MB - Virtual size: 5.0MB

.pdata Size: 588KB - Virtual size: 592KB

.xdata Size: 1.2MB - Virtual size: 1.2MB

.bss Size: - Virtual size: 2.1MB

.edata Size: 512B - Virtual size: 4KB

.idata Size: 18KB - Virtual size: 20KB

.CRT Size: 512B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 368KB - Virtual size: 372KB

.reloc Size: 145KB - Virtual size: 148KB

/4 Size: 5KB - Virtual size: 8KB

/19 Size: 538KB - Virtual size: 540KB

/31 Size: 36KB - Virtual size: 40KB

/45 Size: 79KB - Virtual size: 80KB

/57 Size: 13KB - Virtual size: 16KB

/70 Size: 5KB - Virtual size: 8KB

/81 Size: 197KB - Virtual size: 200KB

/92 Size: 9KB - Virtual size: 12KB

.text
Size: 13.6MB - Virtual size: 13.6MB

.data
Size: 211KB - Virtual size: 212KB

.rdata
Size: 5.0MB - Virtual size: 5.0MB

.pdata
Size: 588KB - Virtual size: 592KB

.xdata
Size: 1.2MB - Virtual size: 1.2MB

.bss
Size: - Virtual size: 2.1MB

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 18KB - Virtual size: 20KB

.CRT
Size: 512B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 368KB - Virtual size: 372KB

.reloc
Size: 145KB - Virtual size: 148KB

/4
Size: 5KB - Virtual size: 8KB

/19
Size: 538KB - Virtual size: 540KB

/31
Size: 36KB - Virtual size: 40KB

/45
Size: 79KB - Virtual size: 80KB

/57
Size: 13KB - Virtual size: 16KB

/70
Size: 5KB - Virtual size: 8KB

/81
Size: 197KB - Virtual size: 200KB

/92
Size: 9KB - Virtual size: 12KB