FMod Launcher[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

FMod Launcher.exe
Size

15.9MB
MD5

906d5f7f032ba2b824cb8521b2299771
SHA1

4038f47e753bb4a033968a19488ba320fb3737ad
SHA256

2746a886657eaf91290d096a6101ce3f3efdc00bc36d3b0ae4b0d694da177bb7
SHA512

ffb2256a8cd7c4dea1376fd353e1f3616722ed9d6d4e7c148fb73154a2d6c5701535fb74370035a0448a4f1def688d9d0197a41b70b3f1045280b6445bd03318
SSDEEP

196608:gq69szY3ITrSRpNKeTffWvzPFmEiGQwu0kEfEHLNtUPx0rCGPkQf:rzY3ITr0PK84zPFmEiGSCfErJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FMod Launcher.exe

Files

FMod Launcher.exe
.exe windows x64

a0874d7693a9bff6f332a674b37660ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlLookupFunctionEntry
NtQueryInformationProcess
NtDeviceIoControlFile
RtlNtStatusToDosError
RtlCaptureContext
NtCreateFile
NtCancelIoFileEx
RtlGetNtVersionNumbers
RtlVirtualUnwind
RtlUnwind
RtlPcToFileHeader
RtlUnwindEx
NtQuerySystemInformation
RtlGetVersion

kernel32

GetCurrentThreadId
DeleteCriticalSection
InitializeSListHead
CloseHandle
AcquireSRWLockExclusive
GetDriveTypeW
GetVolumeInformationW
DeviceIoControl
ResetEvent
GetSystemInfo
SleepConditionVariableSRW
GetCurrentProcessId
GetModuleHandleA
GetProcAddress
GetModuleHandleW
GetUserDefaultUILanguage
LCIDToLocaleName
GetTempPathW
LoadLibraryW
GetSystemTimeAsFileTime
TlsSetValue
TlsGetValue
CreateThread
WriteConsoleW
ReleaseSRWLockExclusive
IsDebuggerPresent
CreateProcessW
GetWindowsDirectoryW
lstrlenW
GetSystemDirectoryW
CreateNamedPipeW
GetFullPathNameW
ExitProcess
GlobalLock
GlobalUnlock
GlobalAlloc
GetConsoleMode
CancelIo
CreateEventW
CopyFileExW
InitializeCriticalSectionAndSpinCount
CreateSymbolicLinkW
RemoveDirectoryW
DeleteFileW
LeaveCriticalSection
GetFileInformationByHandleEx
FindNextFileW
CreateMutexA
WaitForSingleObjectEx
HeapReAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
WakeConditionVariable
WakeAllConditionVariable
WaitForMultipleObjects
GetProcessId
TerminateProcess
ReadFileEx
SleepEx
WriteFileEx
GetStdHandle
CreateDirectoryW
SetFilePointerEx
GetCommandLineW
SetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentDirectoryW
GetCurrentThread
SwitchToThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
CompareStringOrdinal
EnterCriticalSection
CreateFileW
FindClose
ReleaseMutex
FreeEnvironmentStringsW
GetFinalPathNameByHandleW
LoadLibraryA
SetLastError
SetFileInformationByHandle
MoveFileExW
SetFileAttributesW
GetFileInformationByHandle
UnhandledExceptionFilter
GetDiskFreeSpaceExW
SetUnhandledExceptionFilter
GetFileAttributesW
GetModuleFileNameW
OutputDebugStringA
OutputDebugStringW
IsProcessorFeaturePresent
RaiseException
LoadLibraryExW
FreeLibrary
GetEnvironmentVariableW
EncodePointer
SetFileTime
TlsAlloc
GetLogicalDrives
GlobalMemoryStatusEx
GetTickCount64
FindFirstFileW
TlsFree
SetEvent
WaitForSingleObject
ReleaseSRWLockShared
AcquireSRWLockShared
TryAcquireSRWLockExclusive
GetProcessHeap
ReadProcessMemory
VirtualQueryEx
LocalFree
HeapFree
SetHandleInformation
GetExitCodeProcess
GetProcessIoCounters
GetSystemTimes
GetProcessTimes
OpenProcess
HeapAlloc
CreateHardLinkW
GetLastError
DuplicateHandle
GetCurrentProcess
CreatePipe
Sleep
CreateIoCompletionPort
GetQueuedCompletionStatusEx
FormatMessageW
PostQueuedCompletionStatus
ReadFile
GetOverlappedResult
SetFileCompletionNotificationModes

user32

GetWindowLongPtrW
SetWindowPlacement
SetWindowDisplayAffinity
GetMenu
MonitorFromPoint
EnumDisplayMonitors
UnregisterHotKey
ToUnicodeEx
GetKeyState
MapVirtualKeyExW
GetKeyboardLayout
GetRawInputData
IsProcessDPIAware
EnableMenuItem
SetClipboardData
RegisterClipboardFormatW
EmptyClipboard
GetWindowPlacement
CloseClipboard
GetClipboardData
OpenClipboard
CreateAcceleratorTableW
SetCapture
SetWindowLongPtrW
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
DestroyAcceleratorTable
DestroyIcon
RegisterClassExW
RegisterWindowMessageA
SetMenuItemInfoW
EnumChildWindows
CheckMenuItem
CreateMenu
SetWindowPos
InvalidateRgn
AppendMenuW
ShowWindow
SendInput
PostQuitMessage
GetWindowRect
AdjustWindowRectEx
ShowCursor
GetClipCursor
PeekMessageW
ClipCursor
PostThreadMessageW
PostMessageW
LoadCursorW
IsWindowVisible
DispatchMessageW
SetCursor
SendMessageW
SetWindowLongW
GetSystemMenu
SetWindowTextW
SetForegroundWindow
GetKeyboardState
GetAsyncKeyState
ChangeDisplaySettingsExW
FlashWindowEx
DefWindowProcW
VkKeyScanW
SystemParametersInfoA
TranslateMessage
TranslateAcceleratorW
GetAncestor
GetMessageW
RedrawWindow
CreateIcon
RegisterHotKey
MessageBoxW
GetMessageA
DispatchMessageA
MapVirtualKeyW
DestroyWindow
RegisterTouchWindow
GetSystemMetrics
IsWindow
CreateWindowExW
GetForegroundWindow
GetActiveWindow
SetCursorPos
ReleaseCapture
SetMenu
GetMonitorInfoW
MonitorFromWindow
GetCursorPos
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
ClientToScreen
GetClientRect
GetWindowLongW
TrackMouseEvent
MonitorFromRect
GetDC
GetUpdateRect
ValidateRect

comctl32

RemoveWindowSubclass
SetWindowSubclass
DefSubclassProc

ws2_32

getaddrinfo
select
WSAGetLastError
freeaddrinfo
WSACleanup
WSAStartup
closesocket
getsockname
getpeername
WSASocketW
bind
connect
ioctlsocket
getsockopt
shutdown
recv
send
WSASend
setsockopt
WSAIoctl

dwmapi

DwmExtendFrameIntoClientArea
DwmEnableBlurBehindWindow

ole32

CoInitializeEx
CoCreateInstance
RegisterDragDrop
OleInitialize
CoUninitialize
CoInitializeSecurity
CreateStreamOnHGlobal
RevokeDragDrop
CoTaskMemFree
CoSetProxyBlanket
CoTaskMemAlloc

gdi32

GetDeviceCaps
CreateRectRgn
DeleteObject

secur32

FreeCredentialsHandle
ApplyControlToken
QueryContextAttributesW
LsaFreeReturnBuffer
AcquireCredentialsHandleA
AcceptSecurityContext
InitializeSecurityContextW
DecryptMessage
FreeContextBuffer
EncryptMessage
LsaEnumerateLogonSessions
DeleteSecurityContext
LsaGetLogonSessionData

crypt32

CertDuplicateStore
CertCloseStore
CertOpenStore
CertAddCertificateContextToStore
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertEnumCertificatesInStore
CertFreeCertificateChain
CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertFreeCertificateContext

advapi32

EventSetInformation
EventRegister
OpenProcessToken
EventUnregister
RegCloseKey
CopySid
GetLengthSid
IsValidSid
RegGetValueW
RegQueryValueExW
RegOpenKeyExW
GetTokenInformation
EventWriteTransfer
LookupAccountSidW

shell32

DragFinish
CommandLineToArgvW
SHCreateItemFromParsingName
DragQueryFileW
SHGetKnownFolderPath
ShellExecuteW

oleaut32

GetErrorInfo
SysFreeString
SetErrorInfo
SysAllocString
SysStringLen
VariantClear

pdh

PdhCollectQueryData
PdhAddEnglishCounterW
PdhOpenQueryA
PdhRemoveCounter
PdhCloseQuery
PdhGetFormattedCounterValue

iphlpapi

GetAdaptersAddresses
GetIfEntry2
GetIfTable2
FreeMibTable

powrprof

CallNtPowerInformation

netapi32

NetUserGetLocalGroups
NetUserEnum
NetUserGetInfo
NetApiBufferFree

uxtheme

SetWindowTheme

bcrypt

BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptGenRandom

psapi

GetPerformanceInfo
GetModuleFileNameExW

api-ms-win-crt-math-l1-1-0

__setusermatherr
floor
round
trunc

api-ms-win-crt-string-l1-1-0

wcsncmp
_wcsicmp
strcpy_s
wcslen

api-ms-win-crt-heap-l1-1-0

free
calloc
_callnewh
_set_new_mode
malloc

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-runtime-l1-1-0

_cexit
__p___argv
__p___argc
_exit
exit
_register_onexit_function
_initialize_onexit_table
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_crt_atexit
_configure_narrow_argv
terminate
_set_app_type
_seh_filter_exe
abort
_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8.7MB - Virtual size: 8.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 400KB - Virtual size: 399KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a0874d7693a9bff6f332a674b37660ad

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

comctl32

ws2_32

dwmapi

ole32

gdi32

secur32

crypt32

advapi32

shell32

oleaut32

pdh

iphlpapi

powrprof

netapi32

uxtheme

bcrypt

psapi

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 6.7MB - Virtual size: 6.7MB

.rdata Size: 8.7MB - Virtual size: 8.7MB

.data Size: 13KB - Virtual size: 16KB

.pdata Size: 400KB - Virtual size: 399KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 13KB - Virtual size: 13KB

.reloc Size: 35KB - Virtual size: 34KB

.text
Size: 6.7MB - Virtual size: 6.7MB

.rdata
Size: 8.7MB - Virtual size: 8.7MB

.data
Size: 13KB - Virtual size: 16KB

.pdata
Size: 400KB - Virtual size: 399KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 13KB - Virtual size: 13KB

.reloc
Size: 35KB - Virtual size: 34KB