RemotePlayWhatever[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

RemotePlayWhatever.exe
Size

4.1MB
MD5

01a6bd2a5f97de2e14cb591e2e8b0604
SHA1

c19a51cf53db28b428f8f8bc3ad2a4c330f3f0bc
SHA256

d8ab940cce73b0a86e6fa5727fdbec03e85a838ec8b6afdb701f8145b0a22944
SHA512

fd02f96ac4d8c3244641240d95fc99844688b61eaa77205bdd4d0ca49e629e13651adc6e39f2379e25ee16e2c072190ae3f7f8cefc7d09043b96da66188da02c
SSDEEP

49152:LNR/mpme9L86WBS2nT3as1FkwBLTWKFq7NGrqCQp8dW8xUB8e/uqMv6Yf94PUCni:xtmoeL86WI2uWFhIOqK3VGPU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
RemotePlayWhatever.exe

Files

RemotePlayWhatever.exe
.exe windows x86

40cb3ef844c927d0ecdb8683ba455a9c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

opensteamapi

OpenAPI_LoadLibrary
SteamAPI_RegisterCallback
SteamAPI_UnregisterCallback
Steam_RunCallbacks
SteamInternal_CreateInterface

comctl32

ImageList_GetIconSize
ImageList_GetImageInfo
ImageList_SetBkColor
ImageList_Add
ImageList_GetImageCount
ImageList_Draw
ImageList_Destroy
ImageList_Create
ord16
ord17
ImageList_Replace

oleacc

LresultFromObject

uxtheme

CloseThemeData
DrawThemeBackground
GetThemeBackgroundContentRect
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
IsThemeActive
IsAppThemed
GetThemeMargins
GetThemeFont
GetThemePartSize
GetThemeInt
GetThemeSysColor
GetThemeSysFont
SetWindowTheme
GetThemeBackgroundExtent
GetCurrentThemeName
IsThemePartDefined
OpenThemeData
GetThemeColor

rpcrt4

UuidToStringW
RpcStringFreeW

shlwapi

SHAutoComplete

kernel32

GetLongPathNameW
GetTempFileNameW
ExpandEnvironmentStringsW
WaitForMultipleObjects
QueryPerformanceCounter
QueryPerformanceFrequency
GetDriveTypeW
GetLogicalDriveStringsW
GetACP
IsBadReadPtr
IsBadStringPtrA
FindFirstFileW
FindClose
CopyFileW
GetFileType
GetFileAttributesW
CreateFileW
CreateEventW
SetEvent
GetProcAddress
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsAlloc
GetCurrentThread
OutputDebugStringW
GetModuleHandleW
GetTempPathW
GetCPInfo
IsValidCodePage
FindResourceW
SizeofResource
LockResource
LoadResource
GetModuleFileNameW
GetNativeSystemInfo
GetVersionExW
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
Sleep
WaitForSingleObject
CloseHandle
IsDebuggerPresent
GetEnvironmentVariableW
WideCharToMultiByte
MultiByteToWideChar
FormatMessageW
SetErrorMode
LoadLibraryW
FreeLibrary
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GlobalFree
GlobalHandle
GlobalLock
GlobalUnlock
GlobalSize
GlobalAlloc
InitializeSListHead
GetCurrentThreadId
ExitProcess
SetLastError
GetLastError
MulDiv
ReadConsoleOutputCharacterA
SetConsoleCursorPosition
GetConsoleScreenBufferInfo
FillConsoleOutputCharacterW
WriteConsoleW
WriteConsoleA
AttachConsole
FreeConsole
GetStdHandle
LocalFree
GetCommandLineW
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
SetCurrentDirectoryW

user32

DdeConnect
DdeDisconnect
DdePostAdvise
DdeNameService
DdeClientTransaction
DdeCreateDataHandle
DdeGetData
DdeFreeDataHandle
DdeGetLastError
DdeCreateStringHandleW
DdeQueryStringW
DdeFreeStringHandle
GetClipboardFormatNameW
RegisterClipboardFormatW
FindWindowExW
SetMenu
PostMessageW
RegisterWindowMessageW
DrawFocusRect
DrawTextW
SetForegroundWindow
EnableMenuItem
GetSystemMenu
DrawMenuBar
GetDialogBaseUnits
CreateDialogIndirectParamW
IsZoomed
BringWindowToTop
IsIconic
FlashWindowEx
SetLayeredWindowAttributes
GetWindowPlacement
SetWindowRgn
GetDlgItem
CreateDialogParamW
SystemParametersInfoW
GetScrollInfo
SetScrollInfo
IsDialogMessageW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
SetParent
GetParent
SetWindowLongW
GetWindowLongW
PtInRect
InflateRect
FillRect
GetSysColor
ChildWindowFromPointEx
WindowFromPoint
MapWindowPoints
ScreenToClient
GetCursorPos
DdeInitializeW
SetCursorPos
GetWindowRect
GetClientRect
KillTimer
EnableScrollBar
ScrollWindow
RedrawWindow
InvalidateRect
GetUpdateRgn
CheckMenuItem
GetMenuItemInfoW
TrackPopupMenu
GetMenuItemCount
GetSystemMetrics
IsWindowEnabled
EnableWindow
ReleaseCapture
SetCapture
GetCapture
MapVirtualKeyW
VkKeyScanW
GetAsyncKeyState
GetFocus
GetActiveWindow
SetFocus
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPos
MoveWindow
AnimateWindow
ShowWindow
DestroyWindow
IsWindow
CreateWindowExW
CallWindowProcW
PostQuitMessage
DefWindowProcW
SendMessageW
GetMessageTime
GetMessagePos
UnregisterHotKey
RegisterHotKey
PeekMessageW
DispatchMessageW
TranslateMessage
ReleaseDC
GetDC
LoadCursorW
GetProcessDefaultLayout
MessageBoxW
GetKeyState
UnregisterClassW
RegisterClassW
ChildWindowFromPoint
DrawFrameControl
DdeUninitialize
SetCursor
SetTimer
DrawEdge
IsClipboardFormatAvailable
HideCaret
keybd_event
IsMenu
GetComboBoxInfo
OffsetRect
MsgWaitForMultipleObjects
wsprintfW
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
MonitorFromPoint
EnumDisplaySettingsW
ChangeDisplaySettingsExW
CheckMenuRadioItem
GetSysColorBrush
SetWindowTextW
GetMenuItemID
CopyRect
DrawStateW
GetDesktopWindow
UnionRect
EndPaint
BeginPaint
GetWindowDC
SetMenuItemInfoW
InsertMenuItemW
SetMenuInfo
RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
GetSubMenu
UpdateWindow
DestroyMenu
CreatePopupMenu
CreateMenu
GetMenuState
IsRectEmpty
SetRectEmpty
ValidateRgn
TranslateAcceleratorW
DestroyAcceleratorTable
CreateAcceleratorTableW
DestroyCursor
DrawIconEx
GetDoubleClickTime
ValidateRect
PostThreadMessageW
GetMessageW
GetClassNameW
SetRect
MessageBeep
GetWindowTextLengthW
GetWindowTextW
CreateIconIndirect
DestroyIcon
GetIconInfo
LoadImageW
LoadIconW
LoadBitmapW
GetCaretBlinkTime
ClientToScreen

gdi32

SelectObject
GetOutlineTextMetricsW
GetDeviceCaps
DeleteObject
CreateRectRgn
GetTextMetricsW
CreateCompatibleDC
ExcludeClipRect
EndPage
StartPage
EndDoc
StartDocW
SetAbortProc
EnumFontFamiliesExW
GetSystemPaletteEntries
PlayEnhMetaFile
RealizePalette
SelectPalette
SetBrushOrgEx
GdiFlush
ExtCreateRegion
GetRegionData
OffsetRgn
SetBkColor
SetBkMode
SetTextColor
GetObjectW
GetStockObject
BitBlt
CreateBitmap
CreateBitmapIndirect
CreateCompatibleBitmap
DeleteDC
GetBkColor
LineTo
MoveToEx
ExtTextOutW
Arc
Ellipse
ExtFloodFill
GetClipBox
GetGraphicsMode
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
MaskBlt
Pie
PolyPolygon
Rectangle
RoundRect
SelectClipRgn
ExtSelectClipRgn
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPixel
SetPolyFillMode
StretchBlt
StretchDIBits
SetROP2
SetStretchBltMode
GetWorldTransform
SetWorldTransform
ModifyWorldTransform
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetWindowExtEx
SetWindowOrgEx
CombineRgn
EqualRgn
GetRgnBox
PtInRegion
RectInRegion
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetTextExtentPoint32W
CreateHatchBrush
CreatePatternBrush
CreateSolidBrush
CreateRectRgnIndirect
GetCharABCWidthsW
GetTextExtentExPointW
CreateICW
CreatePen
ExtCreatePen
CreateDIBitmap
GetDIBits
CreateDIBSection
GetDIBColorTable
SetDIBColorTable
CreateDCW
SetViewportOrgEx
CreateFontIndirectW
CloseEnhMetaFile
CreateEnhMetaFileW
DeleteEnhMetaFile
GetEnhMetaFileW
GetEnhMetaFileHeader

winspool.drv

ClosePrinter
OpenPrinterW
GetPrinterW
DocumentPropertiesW

shell32

ord6
SHGetFileInfoW
ExtractIconExW
ExtractIconW
DragAcceptFiles
DragFinish
DragQueryPoint
DragQueryFileW
CommandLineToArgvW
SHGetFolderPathW

ole32

ReleaseStgMedium
OleInitialize
OleFlushClipboard
OleUninitialize
CoLockObjectExternal
CoCreateInstance
RegisterDragDrop
RevokeDragDrop
CoTaskMemAlloc
CoTaskMemFree
OleSetClipboard
OleGetClipboard
OleIsCurrentClipboard

comdlg32

PageSetupDlgW
PrintDlgW
GetSaveFileNameW
GetOpenFileNameW
ChooseFontW
CommDlgExtendedError

advapi32

GetUserNameW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegEnumKeyW
RegDeleteValueW
RegEnumValueW

msvcp140

?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrToBool@@YA_NPBX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ

msimg32

AlphaBlend
GradientFill

vcruntime140

longjmp
_except_handler4_common
__current_exception_context
__current_exception
_set_se_translator
wcsstr
_setjmp3
__CxxLongjmpUnwind
strchr
strstr
wcschr
__std_type_info_compare
__RTtypeid
_purecall
__CxxFrameHandler3
__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memcpy
memmove
memset

api-ms-win-crt-runtime-l1-1-0

_cexit
_initterm
_controlfp_s
_crt_atexit
exit
_exit
_errno
_seh_filter_exe
_set_app_type
_initterm_e
abort
_register_onexit_function
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
terminate
_register_thread_local_exe_atexit_callback
_c_exit
_get_narrow_winmain_command_line
_configure_narrow_argv
_initialize_narrow_environment

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
_set_new_mode
realloc
free
calloc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
_set_fmode
_fileno
_get_osfhandle
__p__commode
_wsopen_dispatch
fwrite
__acrt_iob_func
_open_osfhandle
__stdio_common_vswscanf
__stdio_common_vsscanf
__stdio_common_vfprintf
__stdio_common_vswprintf
__stdio_common_vswprintf_p
fflush
fclose
fread
_ftelli64
_close
_read
_write
_lseeki64
_telli64
feof
_fseeki64
__stdio_common_vfwprintf
_wfopen
clearerr
ferror

api-ms-win-crt-string-l1-1-0

_wcsicmp
wcsncpy
iswxdigit
iswspace
iswdigit
iswalpha
iswalnum
strncpy
_strdup
tolower
isspace
iswprint
toupper
towupper
strncmp
wcspbrk
towlower

api-ms-win-crt-math-l1-1-0

_fdopen
ceil
_CIfmod
_CIatan2
_libm_sse2_acos_precise
_libm_sse2_pow_precise
_libm_sse2_tan_precise
__setusermatherr
_libm_sse2_sin_precise
_libm_sse2_cos_precise
lroundf
_libm_sse2_sqrt_precise
floor
lround

api-ms-win-crt-convert-l1-1-0

wcstod
_wtoi
_wcstod_l
wcstoul
strtoll
wcstol
_wtol
atof
_wcstoi64
_wcstoui64
strtol

api-ms-win-crt-time-l1-1-0

wcsftime
_tzset
_time64
_mktime64
_localtime64
_gmtime64
_get_timezone

api-ms-win-crt-utility-l1-1-0

bsearch
qsort

api-ms-win-crt-environment-l1-1-0

getenv
_wgetcwd
_wgetenv

api-ms-win-crt-filesystem-l1-1-0

_wremove
_wrename

api-ms-win-crt-locale-l1-1-0

_create_locale
_free_locale
setlocale
_configthreadlocale

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 246KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40cb3ef844c927d0ecdb8683ba455a9c

Headers

DLL Characteristics

File Characteristics

Imports

opensteamapi

comctl32

oleacc

uxtheme

rpcrt4

shlwapi

kernel32

user32

gdi32

winspool.drv

shell32

ole32

comdlg32

advapi32

msvcp140

msimg32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 48KB - Virtual size: 220KB

.rsrc Size: 166KB - Virtual size: 165KB

.reloc Size: 246KB - Virtual size: 246KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 48KB - Virtual size: 220KB

.rsrc
Size: 166KB - Virtual size: 165KB

.reloc
Size: 246KB - Virtual size: 246KB