Game[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Game.exe
Size

4.8MB
MD5

86a7f13d094d06e9dac66c1839aec56a
SHA1

e516d121310105d7b931be402d6d0f37b9474b49
SHA256

1a60f4b267475f973c2501c818fb0f9923ac6491cce2e742aabcc3411b601ec1
SHA512

5dd7962a3f4ac1204ebe5bd5947e61f6c2b8395161e7368dddc082af9bd196f9173498d04b185c6c4fe08545946807cb2c7ed18a296e831170394cc1eddb0331
SSDEEP

98304:5Ymmu+rYq2/EYeWvMnSlbP6atRfo8sfGWiQ0+FZe/TTTTTJhf:amV+zntSFtO8sutQ0+FZsf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Game.exe

Files

Game.exe
.exe windows x86

Password: 17

19cdd38cdb7164d68578b9cd38258d01

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateVolumeTextureFromFileInMemoryEx
D3DXSaveTextureToFileA
D3DXCompileShader
D3DXFloat16To32Array
D3DXLoadSurfaceFromSurface
D3DXQuaternionRotationMatrix
D3DXFloat32To16Array
D3DXMatrixRotationQuaternion
D3DXVec4Transform
D3DXMatrixMultiplyTranspose
D3DXMatrixRotationYawPitchRoll
D3DXVec3TransformNormal
D3DXMatrixRotationAxis
D3DXMatrixMultiply
D3DXMatrixTranspose
D3DXVec3TransformCoord
D3DXMatrixInverse
D3DXMatrixScaling
D3DXCreateCubeTextureFromFileInMemoryEx

dinput8

DirectInput8Create

rpcrt4

UuidFromStringA

ws2_32

gethostbyname
recvfrom
ntohs
sendto
htons
bind
WSAGetLastError
closesocket
socket
setsockopt
ioctlsocket
inet_ntoa
inet_addr
getsockname
select
__WSAFDIsSet
recv
send
WSAStartup
connect

kernel32

GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
RaiseException
SetStdHandle
LCMapStringA
IsValidCodePage
GetStringTypeW
GetStringTypeA
CloseHandle
TlsGetValue
Sleep
SetThreadPriority
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
SetEvent
CreateEventA
GetFileAttributesA
DebugBreak
GetCurrentThreadId
MultiByteToWideChar
FindResourceA
LoadResource
SizeofResource
LockResource
FindFirstFileA
FindNextFileA
FindClose
CreateFileA
WriteFile
GetOverlappedResult
GetFileSize
ReadFile
DeleteFileA
GetLastError
GetModuleHandleA
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
CreateSemaphoreA
ReleaseSemaphore
VirtualFree
VirtualAlloc
QueryPerformanceCounter
TlsSetValue
GetSystemInfo
InterlockedCompareExchange
ResetEvent
GetModuleFileNameW
GetComputerNameA
SetThreadExecutionState
FreeLibrary
FreeConsole
GetLocalTime
HeapAlloc
GetProcessHeap
GetCurrentProcess
GetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
WriteConsoleA
GetSystemDefaultLCID
FindFirstFileW
HeapFree
GetSystemDirectoryW
LoadLibraryW
GlobalMemoryStatusEx
GetDiskFreeSpaceExA
GetModuleFileNameA
FormatMessageA
SetFilePointer
SetLastError
SwitchToThread
GetCommandLineA
GetTickCount
QueryPerformanceFrequency
TlsAlloc
CreateDirectoryA
SetFilePointerEx
SetEndOfFile
CancelIo
ReadFileEx
WriteFileEx
SleepEx
GetFileAttributesExA
CompareFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
OutputDebugStringA
GetThreadPriority
GetExitCodeThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetOEMCP
GetACP
GetCPInfo
HeapSize
IsDebuggerPresent
TerminateProcess
ExitProcess
TlsFree
GetModuleHandleW
GetStdHandle
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetStartupInfoA
FileTimeToSystemTime
GetFullPathNameA
GetDriveTypeA
WideCharToMultiByte
CreateThread
ExitThread
GetCurrentDirectoryA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
GetCurrentProcessId
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateMutexA
ReleaseMutex
GetSystemTimeAsFileTime
ExpandEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
HeapReAlloc
ResumeThread
LCMapStringW

user32

InvalidateRect
ValidateRect
CreateWindowExA
RegisterClassExA
LoadIconA
SetForegroundWindow
SendInput
ShowWindow
SetWindowPos
AdjustWindowRectEx
SetWindowLongA
GetSystemMetrics
SetWindowTextW
DispatchMessageA
TranslateMessage
PeekMessageA
SystemParametersInfoA
LoadStringA
ToUnicodeEx
MapVirtualKeyExW
GetKeyboardLayout
ClipCursor
ClientToScreen
GetClientRect
ScreenToClient
GetCursorPos
SetCursor
GetCursor
PostQuitMessage
DefWindowProcA

gdi32

GetStockObject

advapi32

RegCreateKeyA
CryptReleaseContext
CryptAcquireContextA
CryptGenRandom
RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegSetValueExA

shell32

ShellExecuteA

ole32

CoSetProxyBlanket
CoUninitialize
CoInitializeEx
CoCreateInstance
CoInitialize

oleaut32

SysAllocString
SysFreeString

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PSFD00
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 765KB - Virtual size: 764KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 5.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rld
Size: 267KB - Virtual size: 266KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: 17

19cdd38cdb7164d68578b9cd38258d01

Headers

DLL Characteristics

File Characteristics

Imports

d3d9

d3dx9_43

dinput8

rpcrt4

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

iphlpapi

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

PSFD00 Size: 7KB - Virtual size: 7KB

.rdata Size: 765KB - Virtual size: 764KB

.data Size: 30KB - Virtual size: 5.3MB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.rld Size: 267KB - Virtual size: 266KB

.text
Size: 2.5MB - Virtual size: 2.5MB

PSFD00
Size: 7KB - Virtual size: 7KB

.rdata
Size: 765KB - Virtual size: 764KB

.data
Size: 30KB - Virtual size: 5.3MB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.rld
Size: 267KB - Virtual size: 266KB