Game[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Game.exe
Size

5.1MB
MD5

55d248d518936925e941b4a546027215
SHA1

395d9db9b746baaf3d6a74535449797d4e46280e
SHA256

27f4daad63cd2329043348c1173c6978a75f5bb307d0bee32c720332750edf39
SHA512

20929cc3bfb05cc6af6c2345cccedcb176c2260158fbd9856a6b35dc7108a260e52debba2520412a32a7dd61c762ca57fbe6dffc983c2bb91f9c4c2b58fc6c26
SSDEEP

98304:2j7SbBZmbbBLLMW3r7LtPjGCtK/TTTTT4Vd:2j7TtPMW3r7LtPjG+V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Game.exe

Files

Game.exe
.exe windows x86

19cdd38cdb7164d68578b9cd38258d01

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateVolumeTextureFromFileInMemoryEx
D3DXSaveTextureToFileA
D3DXCompileShader
D3DXFloat16To32Array
D3DXLoadSurfaceFromSurface
D3DXQuaternionRotationMatrix
D3DXFloat32To16Array
D3DXMatrixRotationQuaternion
D3DXVec4Transform
D3DXMatrixMultiplyTranspose
D3DXMatrixRotationYawPitchRoll
D3DXVec3TransformNormal
D3DXMatrixRotationAxis
D3DXMatrixMultiply
D3DXMatrixTranspose
D3DXVec3TransformCoord
D3DXMatrixInverse
D3DXMatrixScaling
D3DXCreateCubeTextureFromFileInMemoryEx

dinput8

DirectInput8Create

rpcrt4

UuidFromStringA

ws2_32

gethostbyname
recvfrom
ntohs
sendto
htons
bind
WSAGetLastError
closesocket
socket
setsockopt
ioctlsocket
inet_ntoa
inet_addr
getsockname
select
__WSAFDIsSet
recv
send
WSAStartup
connect

kernel32

GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
RaiseException
SetStdHandle
LCMapStringA
IsValidCodePage
GetStringTypeW
GetStringTypeA
CloseHandle
TlsGetValue
Sleep
SetThreadPriority
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
SetEvent
CreateEventA
GetFileAttributesA
DebugBreak
GetCurrentThreadId
MultiByteToWideChar
FindResourceA
LoadResource
SizeofResource
LockResource
FindFirstFileA
FindNextFileA
FindClose
CreateFileA
WriteFile
GetOverlappedResult
GetFileSize
ReadFile
DeleteFileA
GetLastError
GetModuleHandleA
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
CreateSemaphoreA
ReleaseSemaphore
VirtualFree
VirtualAlloc
QueryPerformanceCounter
TlsSetValue
GetSystemInfo
InterlockedCompareExchange
ResetEvent
GetModuleFileNameW
GetComputerNameA
SetThreadExecutionState
FreeLibrary
FreeConsole
GetLocalTime
HeapAlloc
GetProcessHeap
GetCurrentProcess
GetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
WriteConsoleA
GetSystemDefaultLCID
FindFirstFileW
HeapFree
GetSystemDirectoryW
LoadLibraryW
GlobalMemoryStatusEx
GetDiskFreeSpaceExA
GetModuleFileNameA
FormatMessageA
SetFilePointer
SetLastError
SwitchToThread
GetCommandLineA
GetTickCount
QueryPerformanceFrequency
TlsAlloc
CreateDirectoryA
SetFilePointerEx
SetEndOfFile
CancelIo
ReadFileEx
WriteFileEx
SleepEx
GetFileAttributesExA
CompareFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
OutputDebugStringA
GetThreadPriority
GetExitCodeThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetOEMCP
GetACP
GetCPInfo
HeapSize
IsDebuggerPresent
TerminateProcess
ExitProcess
TlsFree
GetModuleHandleW
GetStdHandle
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetStartupInfoA
FileTimeToSystemTime
GetFullPathNameA
GetDriveTypeA
WideCharToMultiByte
CreateThread
ExitThread
GetCurrentDirectoryA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
GetCurrentProcessId
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateMutexA
ReleaseMutex
GetSystemTimeAsFileTime
ExpandEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
HeapReAlloc
ResumeThread
LCMapStringW

user32

InvalidateRect
ValidateRect
CreateWindowExA
RegisterClassExA
LoadIconA
SetForegroundWindow
SendInput
ShowWindow
SetWindowPos
AdjustWindowRectEx
SetWindowLongA
GetSystemMetrics
SetWindowTextW
DispatchMessageA
TranslateMessage
PeekMessageA
SystemParametersInfoA
LoadStringA
ToUnicodeEx
MapVirtualKeyExW
GetKeyboardLayout
ClipCursor
ClientToScreen
GetClientRect
ScreenToClient
GetCursorPos
SetCursor
GetCursor
PostQuitMessage
DefWindowProcA

gdi32

GetStockObject

advapi32

RegCreateKeyA
CryptReleaseContext
CryptAcquireContextA
CryptGenRandom
RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegSetValueExA

shell32

ShellExecuteA

ole32

CoSetProxyBlanket
CoUninitialize
CoInitializeEx
CoCreateInstance
CoInitialize

oleaut32

SysAllocString
SysFreeString

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PSFD00
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 765KB - Virtual size: 764KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 5.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bind
Size: 395KB - Virtual size: 395KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19cdd38cdb7164d68578b9cd38258d01

Headers

DLL Characteristics

File Characteristics

Imports

d3d9

d3dx9_43

dinput8

rpcrt4

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

iphlpapi

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

PSFD00 Size: 7KB - Virtual size: 7KB

.rdata Size: 765KB - Virtual size: 764KB

.data Size: 30KB - Virtual size: 5.3MB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 125KB - Virtual size: 125KB

.bind Size: 395KB - Virtual size: 395KB

.text
Size: 2.5MB - Virtual size: 2.5MB

PSFD00
Size: 7KB - Virtual size: 7KB

.rdata
Size: 765KB - Virtual size: 764KB

.data
Size: 30KB - Virtual size: 5.3MB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 125KB - Virtual size: 125KB

.bind
Size: 395KB - Virtual size: 395KB