version_2[.]6_2023[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

version_2.6_2023.rar
Size

38.6MB
MD5

a5f0fcca435bc4c13a599df48bbed52c
SHA1

ee1a7371345c661084aef6239bd58d072204d9e4
SHA256

ca4bc63b5ab20803f45b51af345a28435128b4f703ec621d49ecafcba07b473a
SHA512

2ff6c488cd2102ea1d266d57b5cf1df20579fa11be1497d0651644edb2a7d4e7f58eebe8b5699ba813047909ce0e03a40bc2881e28a15663166eab372c927e32
SSDEEP

786432:haizEh7mfvPT3HqCLeDblmdFXekRRkRgikRxqM5PYGl3fccYOgTB0Bmma:siEh7uT3KCSF2FXekRRkRgiooM5Pl3fi

Score

1^/10

Malware Config

Signatures

Files

version_2.6_2023.rar
.rar
version_2.6_2023/dаtа/2103_23.unr
version_2.6_2023/dаtа/Debug/Cracker.dll
version_2.6_2023/dаtа/Debug/DebugPPF.tmp
version_2.6_2023/dаtа/Debug/DebugPPT.tmp
version_2.6_2023/dаtа/Debug/Main.ini
.xml
version_2.6_2023/dаtа/Debug/Management.log
version_2.6_2023/dаtа/Debug/Utils.dll
.xml
version_2.6_2023/dаtа/Debug/updater.ini
version_2.6_2023/dаtа/Main.ini
version_2.6_2023/dаtа/Packaged/Language.pimx
version_2.6_2023/dаtа/Packaged/Resource.dll
version_2.6_2023/dаtа/Packaged/Utils.dll
.xml
version_2.6_2023/dаtа/Packaged/client.dll
.dll windows x86

Password: 2023

161b23bb0797951ff064681e98760812

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

07/10/2021, 00:00

Not After

09/10/2024, 23:59

Subject

CN=Valve Corp.,O=Valve Corp.,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:ca:da:d1:7e:e9:b9:af:87:37:eb:2e:89:61:bd:57:03:bc:2a:d1:8a:38:fe:c6:26:62:50:fa:1d:38:f5:9f
Signer

Actual PE Digest

0d:ca:da:d1:7e:e9:b9:af:87:37:eb:2e:89:61:bd:57:03:bc:2a:d1:8a:38:fe:c6:26:62:50:fa:1d:38:f5:9f

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Valve Corp.,O=Valve Corp.,L=Bellevue,ST=Washington,C=US

16/12/2022, 22:07
Valid: true

Chain 1

CN=Valve Corp.,O=Valve Corp.,L=Bellevue,ST=Washington,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=Valve Corp.,O=Valve Corp.,L=Bellevue,ST=Washington,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SystemParametersInfoA
LoadImageA

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA

gdi32

DeleteDC
GetDIBits
CreateCompatibleDC
GetObjectA
DeleteObject

parsifal

ord24
ord8
ord3
ord2
ord1
ord23

steam_api

SteamAPI_GetHSteamPipe
SteamAPI_UnregisterCallResult
SteamAPI_RegisterCallResult
SteamAPI_UnregisterCallback
SteamInternal_CreateInterface
SteamAPI_RegisterCallback
SteamAPI_InitSafe
SteamAPI_SetTryCatchCallbacks
SteamAPI_GetHSteamUser
SteamInternal_FindOrCreateUserInterface
SteamInternal_ContextInit

tier0

Plat_IsInDebugSession
?FindOrCreateCounter@CVProfile@@QAEPAHPBDW4CounterGroup_t@@@Z
Error
Msg
DevMsg
Warning
?ExitScope@CVProfile@@QAEXXZ
Plat_ExitProcess
g_pMemAlloc
CommandLine
LoggingSystem_RegisterLoggingChannel
ThreadInterlockedAssignIf64
?DevWarning@@YAXPBDZZ
?Lock@CThreadMutex@@QAEXXZ
?Unlock@CThreadMutex@@QAEXXZ
?Set@CThreadEvent@@QAE_NXZ
?Lock@CThreadFastMutex@@ACEXII@Z
ThreadInMainThread
DevWarning
g_ClockSpeedMillisecondsMultiplier
LoggingSystem_LogAssert
CallAssertFailedNotifyFunc
ShouldUseNewAssertDialog
AddMemoryInfoCallback
RemoveMemoryInfoCallback
StackToolsNotify_LoadedLibrary
GetThreadedLoadLibraryFunc
DoNewAssertDialog
_ExitOnFatalAssert
?EnterScope@CVProfile@@QAEXPBDH0_NH@Z
g_VProfCurrentProfile
?DevMsg@@YAXPBDZZ
Plat_USTime
?ConColorMsg@@YAXABVColor@@PBDZZ
LoggingSystem_IsChannelEnabled
LoggingSystem_Log
??0CThreadMutex@@QAE@XZ
??1CThreadMutex@@QAE@XZ
??0CThreadEvent@@QAE@_N@Z
??1CThreadEvent@@QAE@XZ
COM_TimestampedLog
ThreadSleep
?g_nThreadID@@3V?$CThreadLocalInt@H@GenericThreadLocals@@A
?SpinLockForRead@CThreadSpinRWLock@@QAEXXZ
?SpinLockForWrite@CThreadSpinRWLock@@QAEXXZ
?Get@CThreadLocalBase@GenericThreadLocals@@QBEPAXXZ
?Reset@CThreadEvent@@QAE_NXZ
LOG_GENERAL
?TryLock@CThreadMutex@@QAE_NXZ
?GetName@CThread@@QAEPBDXZ
?Join@CThread@@QAE_NI@Z
Plat_localtime
Platform_gmtime
Plat_RelativeTickFrequency
Plat_RelativeTicks
g_dwClockSpeed
?LockForRead@CThreadSpinRWLock@@QBEXXZ
StoreTempValue
GetTempValue
g_ClockSpeed
?ConMsg@@YAXPBDZZ
Plat_GetOSVersion
Plat_GetTime
Plat_WindowToScreenCoords
CreateSimpleThread
ReleaseThreadHandle
Plat_IsInBenchmarkMode
Plat_GetTimeString
Plat_MSTime
Plat_timegm
??0CThreadLocalBase@GenericThreadLocals@@QAE@XZ
??1CThreadLocalBase@GenericThreadLocals@@QAE@XZ
?Set@CThreadLocalBase@GenericThreadLocals@@QAEXPAX@Z
MemFreeScratch
MemAllocScratch
ConDMsg
?LoggingSystem_Log@@YA?AW4LoggingResponse_t@@HW4LoggingSeverity_t@@VColor@@PBDZZ
LoggingSystem_AddTagToCurrentChannel
?Wait@CThreadEvent@@QAE_NI@Z
WriteMiniDump
GetCPUInformation
Plat_GetLocalTime
GetCPUFrequencyResults
g_PerfStats
Plat_FloatTime

rpcrt4

UuidCreate
UuidFromStringA
UuidToStringA
RpcStringFreeA

v8

??0Utf8Value@String@v8@@QAE@V?$Local@VValue@v8@@@2@@Z
??1Utf8Value@String@v8@@QAE@XZ
?SlowGetInternalField@Object@v8@@AAE?AV?$Local@VValue@v8@@@2@H@Z
?CreateHandle@HandleScope@v8@@CAPAPAVObject@internal@2@PAVHeapObject@42@PAV342@@Z
?Value@External@v8@@QBEPAXXZ
?Enter@Isolate@v8@@QAEXXZ
?Exit@Isolate@v8@@QAEXXZ
??0HandleScope@v8@@QAE@PAVIsolate@1@@Z
??1HandleScope@v8@@QAE@XZ
?Set@Template@v8@@QAEXV?$Local@VName@v8@@@2@V?$Local@VData@v8@@@2@W4PropertyAttribute@2@@Z
?New@FunctionTemplate@v8@@SA?AV?$Local@VFunctionTemplate@v8@@@2@PAVIsolate@2@P6AXABV?$FunctionCallbackInfo@VValue@v8@@@2@@ZV?$Local@VValue@v8@@@2@V?$Local@VSignature@v8@@@2@HW4ConstructorBehavior@2@@Z
?NewFromUtf8@String@v8@@SA?AV?$Local@VString@v8@@@2@PAVIsolate@2@PBDW4NewStringType@12@H@Z
?SetAccessor@ObjectTemplate@v8@@QAEXV?$Local@VString@v8@@@2@P6AX0ABV?$PropertyCallbackInfo@VValue@v8@@@2@@ZP6AX0V?$Local@VValue@v8@@@2@ABV?$PropertyCallbackInfo@X@2@@Z3W4AccessControl@2@W4PropertyAttribute@2@V?$Local@VAccessorSignature@v8@@@2@@Z
?GetCurrentContext@Isolate@v8@@QAE?AV?$Local@VContext@v8@@@2@XZ
?GetCurrent@Isolate@v8@@SAPAV12@XZ
?ToString@Value@v8@@QBE?AV?$MaybeLocal@VString@v8@@@2@V?$Local@VContext@v8@@@2@@Z
?GetName@Function@v8@@QBE?AV?$Local@VValue@v8@@@2@XZ
?ThrowException@Isolate@v8@@QAE?AV?$Local@VValue@v8@@@2@V32@@Z
??0TryCatch@v8@@QAE@XZ
??1TryCatch@v8@@QAE@XZ
?HasCaught@TryCatch@v8@@QBE_NXZ
?DisposeGlobal@V8@v8@@CAXPAPAVObject@internal@2@@Z
?CreateHandle@HandleScope@v8@@KAPAPAVObject@internal@2@PAVIsolate@42@PAV342@@Z
?GlobalizeReference@V8@v8@@CAPAPAVObject@internal@2@PAVIsolate@42@PAPAV342@@Z
?Get@Object@v8@@QAE?AV?$Local@VValue@v8@@@2@V32@@Z
?New@Integer@v8@@SA?AV?$Local@VInteger@v8@@@2@PAVIsolate@2@H@Z
?New@Number@v8@@SA?AV?$Local@VNumber@v8@@@2@PAVIsolate@2@N@Z
?New@Object@v8@@SA?AV?$Local@VObject@v8@@@2@PAVIsolate@2@@Z
?Set@Object@v8@@QAE_NV?$Local@VValue@v8@@@2@0@Z
?IsArray@Value@v8@@QBE_NXZ
?Length@Array@v8@@QBEIXZ
?NumberValue@Value@v8@@QBENXZ
?Get@Object@v8@@QAE?AV?$Local@VValue@v8@@@2@I@Z
?IsObject@Value@v8@@QBE_NXZ
?New@Array@v8@@SA?AV?$Local@VArray@v8@@@2@PAVIsolate@2@H@Z
?Set@Object@v8@@QAE_NIV?$Local@VValue@v8@@@2@@Z
?IsBoolean@Value@v8@@QBE_NXZ
?BooleanValue@Value@v8@@QBE_NXZ
?IsInt32@Value@v8@@QBE_NXZ
?Int32Value@Value@v8@@QBEHXZ
?IsNumber@Value@v8@@QBE_NXZ
?GetPropertyNames@Object@v8@@QAE?AV?$Local@VArray@v8@@@2@XZ
?TypeOf@Value@v8@@QAE?AV?$Local@VString@v8@@@2@PAVIsolate@2@@Z
?New@Context@v8@@SA?AV?$Local@VContext@v8@@@2@PAVIsolate@2@PAVExtensionConfiguration@2@V?$MaybeLocal@VObjectTemplate@v8@@@2@V?$MaybeLocal@VValue@v8@@@2@@Z
?Enter@Context@v8@@QAEXXZ
?Exit@Context@v8@@QAEXXZ
?IsUint32@Value@v8@@QBE_NXZ
?NewFromTwoByte@String@v8@@SA?AV?$Local@VString@v8@@@2@PAVIsolate@2@PBGW4NewStringType@12@H@Z
?Value@Number@v8@@QBENXZ
?ToNumber@Value@v8@@QBE?AV?$MaybeLocal@VNumber@v8@@@2@V?$Local@VContext@v8@@@2@@Z
?InternalFieldCount@Object@v8@@QAEHXZ
?ToBoolean@Value@v8@@QBE?AV?$MaybeLocal@VBoolean@v8@@@2@V?$Local@VContext@v8@@@2@@Z
?Value@Boolean@v8@@QBE_NXZ
?GetIsolate@Object@v8@@QAEPAVIsolate@2@XZ
?Uint32Value@Value@v8@@QBEIXZ
?IsFunction@Value@v8@@QBE_NXZ
?ToObject@Value@v8@@QBE?AV?$MaybeLocal@VObject@v8@@@2@V?$Local@VContext@v8@@@2@@Z
?GetCallingContext@Isolate@v8@@QAE?AV?$Local@VContext@v8@@@2@XZ

video

CreateVideoPlayer
DeleteVideoPlayer

vstdlib

Coroutine_Continue
Coroutine_Create
?RandomInt@CUniformRandomStream@@UAEHHH@Z
V_UnicodeToUTF8
CreateNewThreadPool
?RandomFloat@CUniformRandomStream@@UAEMMM@Z
?SetSeed@CUniformRandomStream@@UAEXH@Z
Coroutine_YieldToMain
?RandomFloat@CGaussianRandomStream@@QAEMMM@Z
??0CUniformRandomStream@@QAE@XZ
?AttachToStream@CGaussianRandomStream@@QAEXPAVIUniformRandomStream@@@Z
??0CGaussianRandomStream@@QAE@PAVIUniformRandomStream@@@Z
KeyValuesSystem
g_pThreadPool
RandomFloat
RandomSeed
RandomInt
DestroyThreadPool

kernel32

TlsAlloc
GetLastError
InitializeCriticalSectionAndSpinCount
TlsSetValue
GetStdHandle
SetEndOfFile
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExA
GetFileAttributesExW
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
GetConsoleCP
ReadConsoleW
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
GetModuleHandleExW
ExitProcess
GetTempPathW
GetTimeZoneInformation
TzSpecificLocalTimeToSystemTime
GetCurrentDirectoryW
SetEnvironmentVariableA
PeekNamedPipe
GetFullPathNameA
GetFullPathNameW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
RtlUnwind
RaiseException
InterlockedFlushSList
InterlockedPushEntrySList
GetProcAddress
FreeLibrary
TlsGetValue
TlsFree
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeSListHead
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetModuleHandleW
CreateEventW
DecodePointer
EncodePointer
GetStringTypeW
GetLongPathNameA
GetShortPathNameA
GetSystemInfo
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetDateFormatA
GetTimeFormatA
GetProcessHeap
LoadLibraryExA
VirtualAlloc
VirtualFree
QueryPerformanceFrequency
QueryPerformanceCounter
VirtualQuery
GetCurrentThread
GetCurrentProcessId
GetModuleHandleExA
GlobalMemoryStatusEx
GetSystemTimeAsFileTime
FindNextFileA
FindFirstFileA
WaitForSingleObject
SetLastError
FileTimeToDosDateTime
GetFileSize
GetLocalTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileInformationByHandle
DosDateTimeToFileTime
CreateDirectoryA
GetFileType
LoadLibraryExW
FindFirstFileW
FindNextFileW
SystemTimeToFileTime
DuplicateHandle
GetCurrentDirectoryA
SetFilePointer
SetFileTime
GetCurrentProcess
ReadFile
Sleep
CreateFileMappingA
CreateFileA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
DeleteFileA
CopyFileA
GetModuleHandleA
GetModuleFileNameA
FlushFileBuffers
SetFilePointerEx
CloseHandle
DeleteFileW
SetFileAttributesW
GetFileAttributesW
CreateFileW
FindClose
RemoveDirectoryW
WriteFile
GetCurrentThreadId

shell32

ShellExecuteA

ws2_32

ntohs

Exports

Exports

CreateInterface

Sections

.text
Size: 11.2MB - Virtual size: 11.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 654KB - Virtual size: 70.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
version_2.6_2023/dаtа/Packaged/core.pbo
version_2.6_2023/dаtа/Resource.dll
version_2.6_2023/dаtа/x32-x64.dll
version_2.6_2023/uр_lоader.exe
.exe windows x86

Password: 2023

1b3911321150a9662fa1b0f22689c572

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
lstrlenA
LocalAlloc
LoadLibraryA
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
WriteConsoleW
SetStdHandle
IsProcessorFeaturePresent
DecodePointer
GetCommandLineA
RaiseException
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringW
GetStringTypeW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapSize
WriteFile
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

shell32

ord524
ord239

ole32

CoInitialize

user32

CharUpperBuffW

Sections

.text
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.GQ#
Size: - Virtual size: 7.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pM;
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yfR
Size: 10.5MB - Virtual size: 10.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 449KB - Virtual size: 449KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 2023

161b23bb0797951ff064681e98760812

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4Certificate

Extended Key Usages

Key Usages

0d:ca:da:d1:7e:e9:b9:af:87:37:eb:2e:89:61:bd:57:03:bc:2a:d1:8a:38:fe:c6:26:62:50:fa:1d:38:f5:9fSigner

Signature Validations

Verification

16/12/2022, 22:07 Valid: true

Chain 1

Chain 2

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

gdi32

parsifal

steam_api

tier0

rpcrt4

v8

video

vstdlib

kernel32

shell32

ws2_32

Exports

Exports

Sections

.text Size: 11.2MB - Virtual size: 11.2MB

.rdata Size: 2.4MB - Virtual size: 2.4MB

.data Size: 654KB - Virtual size: 70.0MB

.gfids Size: 2KB - Virtual size: 1KB

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 7KB - Virtual size: 7KB

.reloc Size: 1.3MB - Virtual size: 1.3MB

Password: 2023

1b3911321150a9662fa1b0f22689c572

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

ole32

user32

Sections

.text Size: - Virtual size: 120KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 1KB

.GQ# Size: - Virtual size: 7.9MB

.pM; Size: 1024B - Virtual size: 880B

.yfR Size: 10.5MB - Virtual size: 10.5MB

.rsrc Size: 449KB - Virtual size: 449KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4
Certificate

0d:ca:da:d1:7e:e9:b9:af:87:37:eb:2e:89:61:bd:57:03:bc:2a:d1:8a:38:fe:c6:26:62:50:fa:1d:38:f5:9f
Signer

16/12/2022, 22:07
Valid: true

.text
Size: 11.2MB - Virtual size: 11.2MB

.rdata
Size: 2.4MB - Virtual size: 2.4MB

.data
Size: 654KB - Virtual size: 70.0MB

.gfids
Size: 2KB - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 7KB - Virtual size: 7KB

.reloc
Size: 1.3MB - Virtual size: 1.3MB

.text
Size: - Virtual size: 120KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 1KB

.GQ#
Size: - Virtual size: 7.9MB

.pM;
Size: 1024B - Virtual size: 880B

.yfR
Size: 10.5MB - Virtual size: 10.5MB

.rsrc
Size: 449KB - Virtual size: 449KB