DARKSOULS[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

DARKSOULS.exe
Size

16.8MB
MD5

8a8b016efdac6e6cc266846856be83b4
SHA1

93a26aefdc7230eff18c64d79c860b118150aa0a
SHA256

903a946273bfe123fe5c85740c3613374e2cf538564bb661db371c6cb5a421ff
SHA512

e99728168e38bd3c41d95200c03944370b25f4d2ca348847944dcfac3b14ac1b90a7969007e4e75838c311bc6a3507797a760385f9335b4fc5a86cefe59f0c8d
SSDEEP

196608:QJqLQT7pVs/aI5Ihk3b/VbAf6pcpH/8JJmtzVTsU/Yk1K8m9NxscCEfjsEpGu4HK:QJeQXpG/95P3jV8fjpjsU/11KNlHCo

Score

1^/10

Malware Config

Signatures

Files

DARKSOULS.exe
.exe windows x86

f8ffefa7dc7da3e41c4a8be3c370c5f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

fmodex

?getNumChannels@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?getChannel@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@HPAPAVChannel@2@@Z
?getSoftwareFormat@System@FMOD@@QAG?AW4FMOD_RESULT@@PAHPAW4FMOD_SOUND_FORMAT@@00PAW4FMOD_DSP_RESAMPLER@@0@Z
?setSpeakerLevels@Channel@FMOD@@QAG?AW4FMOD_RESULT@@W4FMOD_SPEAKER@@PAMH@Z
?release@Sound@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?getNumGroups@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?getInfo@DSP@FMOD@@QAG?AW4FMOD_RESULT@@PADPAIPAH22@Z
?setLevels@DSPConnection@FMOD@@QAG?AW4FMOD_RESULT@@W4FMOD_SPEAKER@@PAMH@Z
?createSound@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDIPAUFMOD_CREATESOUNDEXINFO@@PAPAVSound@2@@Z
?setVolume@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?setFileSystem@System@FMOD@@QAG?AW4FMOD_RESULT@@P6G?AW43@PBDHPAIPAPAX2@ZP6G?AW43@PAX4@ZP6G?AW43@44I14@ZP6G?AW43@4I4@ZH@Z
?getDSPHead@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@PAPAVDSP@2@@Z
?getOutput@DSP@FMOD@@QAG?AW4FMOD_RESULT@@HPAPAV12@PAPAVDSPConnection@2@@Z
?setMix@DSPConnection@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?addInput@DSP@FMOD@@QAG?AW4FMOD_RESULT@@PAV12@PAPAVDSPConnection@2@@Z
?getNumInputs@DSP@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?getInput@DSP@FMOD@@QAG?AW4FMOD_RESULT@@HPAPAV12@PAPAVDSPConnection@2@@Z
?setAdvancedSettings@System@FMOD@@QAG?AW4FMOD_RESULT@@PAUFMOD_ADVANCEDSETTINGS@@@Z
?getDriverCaps@System@FMOD@@QAG?AW4FMOD_RESULT@@HPAIPAH1PAW4FMOD_SPEAKERMODE@@@Z
?setDSPBufferSize@System@FMOD@@QAG?AW4FMOD_RESULT@@IH@Z
?getMasterChannelGroup@System@FMOD@@QAG?AW4FMOD_RESULT@@PAPAVChannelGroup@2@@Z
?createChannelGroup@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDPAPAVChannelGroup@2@@Z
?addGroup@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@PAV12@@Z
?release@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@XZ
_FMOD_Debug_SetLevel@4
_FMOD_Memory_Initialize@24
?getOutputHandle@System@FMOD@@QAG?AW4FMOD_RESULT@@PAPAX@Z
?setSpeakerMode@System@FMOD@@QAG?AW4FMOD_RESULT@@W4FMOD_SPEAKERMODE@@@Z
?disconnectAll@DSP@FMOD@@QAG?AW4FMOD_RESULT@@_N0@Z
?disconnectFrom@DSP@FMOD@@QAG?AW4FMOD_RESULT@@PAV12@@Z
?setStreamBufferSize@System@FMOD@@QAG?AW4FMOD_RESULT@@II@Z

fmod_event

?set3DAttributes@Event@FMOD@@QAG?AW4FMOD_RESULT@@PBUFMOD_VECTOR@@00@Z
?getInfo@EventParameter@FMOD@@QAG?AW4FMOD_RESULT@@PAHPAPAD@Z
?getParameterByIndex@Event@FMOD@@QAG?AW4FMOD_RESULT@@HPAPAVEventParameter@2@@Z
?getNumParameters@Event@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?setCallback@Event@FMOD@@QAG?AW4FMOD_RESULT@@P6G?AW43@PAUFMOD_EVENT@@W4FMOD_EVENT_CALLBACKTYPE@@PAX22@Z2@Z
?getCategory@Event@FMOD@@QAG?AW4FMOD_RESULT@@PAPAVEventCategory@2@@Z
?getPropertyByIndex@Event@FMOD@@QAG?AW4FMOD_RESULT@@HPAX_N@Z
?getProperty@Event@FMOD@@QAG?AW4FMOD_RESULT@@PBDPAX_N@Z
?getChannelGroup@Event@FMOD@@QAG?AW4FMOD_RESULT@@PAPAVChannelGroup@2@@Z
?setVolume@Event@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?setPropertyByIndex@Event@FMOD@@QAG?AW4FMOD_RESULT@@HPAX_N@Z
?setPitch@Event@FMOD@@QAG?AW4FMOD_RESULT@@MW4FMOD_EVENT_PITCHUNITS@@@Z
?getParameter@Event@FMOD@@QAG?AW4FMOD_RESULT@@PBDPAPAVEventParameter@2@@Z
?setValue@EventParameter@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?getValue@EventParameter@FMOD@@QAG?AW4FMOD_RESULT@@PAM@Z
?getInfo@Event@FMOD@@QAG?AW4FMOD_RESULT@@PAHPAPADPAUFMOD_EVENT_INFO@@@Z
?start@Event@FMOD@@QAG?AW4FMOD_RESULT@@XZ
_FMOD_EventSystem_Create@4
?getPaused@Event@FMOD@@QAG?AW4FMOD_RESULT@@PA_N@Z
?stop@Event@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?setPaused@Event@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?setMute@Event@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?getState@Event@FMOD@@QAG?AW4FMOD_RESULT@@PAI@Z
?getParentGroup@Event@FMOD@@QAG?AW4FMOD_RESULT@@PAPAVEventGroup@2@@Z

ws2_32

listen
gethostname
__WSAFDIsSet
accept
bind
gethostbyaddr
getservbyport
WSASetLastError
WSAStartup
ioctlsocket
WSACleanup
WSACloseEvent
inet_ntoa
shutdown
getsockopt
getsockname
WSAEventSelect
WSACreateEvent
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
recvfrom
WSASetEvent
sendto
select
WSAAsyncSelect
htons
inet_addr
gethostbyname
getservbyname
setsockopt
connect
send
recv
htonl
WSAGetLastError
socket
ntohs
closesocket

winmm

timeSetEvent
timeGetTime
timeEndPeriod
timeBeginPeriod
timeKillEvent

d3dx9_43

D3DXCompileShader
D3DXCreateTextureFromFileInMemory
D3DXCreateCubeTextureFromFileInMemoryEx
D3DXCreateTexture
D3DXCreateCubeTexture
D3DXCreateTextureFromFileInMemoryEx

d3d9

Direct3DCreate9

dinput8

DirectInput8Create

xinput1_3

ord3
ord2

steam_api

SteamUserStats
SteamAPI_RestartAppIfNecessary
SteamAPI_Init
SteamAPI_RunCallbacks
SteamUtils
SteamUser
SteamAPI_RegisterCallback
SteamAPI_UnregisterCallback
SteamFriends
SteamMatchmaking
SteamAPI_UnregisterCallResult
SteamAPI_RegisterCallResult
SteamRemoteStorage
SteamClient
SteamNetworking

kernel32

WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
GetProcessHeap
VirtualQuery
CompareStringW
CompareStringA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
SetStdHandle
GetModuleHandleA
GetCurrentProcessId
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapReAlloc
HeapCreate
GetExitCodeProcess
GetStdHandle
HeapSize
SetLastError
IsValidCodePage
GetOEMCP
GetACP
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
GetSystemDirectoryA
DebugBreak
HeapAlloc
GetDateFormatA
GetTimeFormatA
MoveFileA
DeleteFileA
GetSystemTimeAsFileTime
ExitThread
GetStartupInfoA
GetCommandLineA
HeapFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
ExitProcess
RtlUnwind
MultiByteToWideChar
WideCharToMultiByte
CreateProcessA
SetEnvironmentVariableA
InterlockedExchangeAdd
GetFileAttributesA
FindFirstFileA
FindNextFileA
GetFullPathNameA
GetExitCodeThread
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
CreateSemaphoreA
SetThreadIdealProcessor
LoadLibraryA
CreateThread
GetTickCount
GetThreadPriority
GetProcAddress
VirtualAlloc
GetCurrentProcess
VirtualFree
GetSystemInfo
SetErrorMode
LoadLibraryW
FreeLibrary
WaitForMultipleObjects
MulDiv
lstrcmpW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
MoveFileW
RemoveDirectoryW
DeleteFileW
FormatMessageW
CreateFileW
GetFileInformationByHandle
CreateDirectoryW
GetOverlappedResult
SetEndOfFile
GetDriveTypeW
GetModuleFileNameW
FindFirstFileW
FindNextFileW
FindClose
GetUserDefaultLangID
OutputDebugStringA
OutputDebugStringW
GetPrivateProfileIntW
WritePrivateProfileSectionW
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
GetSystemDefaultLangID
GetSystemDefaultLCID
SetThreadPriority
GetCurrentThread
GetCommandLineW
InterlockedExchange
InterlockedCompareExchange
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
Sleep
GetModuleHandleW
FileTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
GetLocalTime
CreateEventW
CloseHandle
ResetEvent
SetEvent
WaitForSingleObject
CreateMutexW
ReleaseMutex
RaiseException
ResumeThread
SuspendThread
TerminateThread
QueryPerformanceCounter
QueryPerformanceFrequency
CreateFileA
ReadFile
WriteFile
GetLastError
SetFilePointer
GetTempFileNameW
GetTempPathW
GetFullPathNameW
CreateSemaphoreW
ReleaseSemaphore

user32

RegisterWindowMessageW
MsgWaitForMultipleObjects
GetQueueStatus
PostThreadMessageW
MessageBoxW
GetAsyncKeyState
GetKeyboardState
PostMessageW
GetForegroundWindow
InvalidateRect
SetWindowPos
MoveWindow
SetWindowLongW
AdjustWindowRect
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
UpdateWindow
ShowWindow
CreateWindowExW
RegisterClassExW
LoadCursorW
LoadIconW
GetDesktopWindow
GetWindowRect
DefWindowProcW
SendInput
GetMessageExtraInfo
SetTimer
GetClientRect
ScreenToClient
GetCursorPos
wsprintfW
PostQuitMessage
ClientToScreen

advapi32

GetUserNameW

shell32

CommandLineToArgvW
SHGetFolderPathW

ole32

CoTaskMemFree
CoFreeUnusedLibraries
CoTaskMemAlloc
CoInitialize
CoInitializeEx
CoUninitialize
CoCreateInstance
CoSetProxyBlanket

oleaut32

SysAllocString
SysFreeString

Sections

.text
Size: 12.8MB - Virtual size: 12.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 467KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8ffefa7dc7da3e41c4a8be3c370c5f6

Headers

DLL Characteristics

File Characteristics

Imports

fmodex

fmod_event

ws2_32

winmm

d3dx9_43

d3d9

dinput8

xinput1_3

steam_api

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 12.8MB - Virtual size: 12.8MB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 467KB - Virtual size: 1.4MB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

.text
Size: 12.8MB - Virtual size: 12.8MB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 467KB - Virtual size: 1.4MB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB