iw6sp64_ship[.]exe

Resubmissions

26/08/2023, 05:53

230826-glg8laad51 3

26/08/2023, 05:52

230826-gkxlwsad5y 3

Sharing

Copy URL Twitter E-mail

General

Target

iw6sp64_ship.exe
Size

10.1MB
MD5

ab93c35ff20fa888f71c24ff896f942e
SHA1

076f8149c7f08ec1d5dabf5d9e5d6e996aa2618e
SHA256

112db8e52ccb761989294a9c4c125abae0fa0608ffb3ccc4669e2dd7a99cb5af
SHA512

ded0924dd6f10a5469c1d46aefa817c37e96cc03e9c509652ed25726b25a3d553faf9b9dca6b8e46c5e29d0a4b74f54b6c32307b61c1d953078cd364f7c105db
SSDEEP

196608:2GUSUdDGa6oXsvZ5ut51+BvVP23r5wIW:2d/dDGa6Sb1+BdP23WI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
iw6sp64_ship.exe

Files

iw6sp64_ship.exe
.exe windows x64

119fff86056d8234d3c2bfae716a9497

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

winmm

timeBeginPeriod
timeGetTime
timeEndPeriod

steam_api64

SteamUserStats
SteamUtils
SteamUser
SteamAPI_Init
SteamAPI_Shutdown
SteamApps
SteamNetworking
SteamRemoteStorage
SteamAPI_RunCallbacks
SteamAPI_UnregisterCallback
SteamAPI_GetSteamInstallPath
SteamAPI_RestartAppIfNecessary
SteamMatchmaking
SteamFriends
SteamAPI_RegisterCallResult
SteamAPI_RegisterCallback
SteamAPI_UnregisterCallResult

bink2w64

BinkSetMemory
BinkOpenXAudio2
BinkSetSoundSystem
BinkSetError
BinkSetSoundTrack
BinkGetRealtime
BinkControlBackgroundIO
BinkSetSpeakerVolumes
BinkGetKeyFrame
BinkGoto
BinkPause
BinkClose
BinkWait
BinkNextFrame
BinkDoFrame
BinkRegisterFrameBuffers
BinkGetFrameBuffersInfo
BinkOpen
BinkGetError
BinkSetIOSize

d3d11

D3D11CreateDevice

dxgi

CreateDXGIFactory

powrprof

CallNtPowerInformation

kernel32

GetVersion
SetEndOfFile
GetCurrentDirectoryW
GetFullPathNameW
CreateFileW
WriteConsoleW
GetFileAttributesExW
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetVersionExW
FlushConsoleInputBuffer
InitializeCriticalSectionAndSpinCount
FreeLibrary
GetProcAddress
LoadLibraryA
SetDllDirectoryA
ReleaseMutex
WaitForSingleObject
GetCurrentThreadId
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
GetSystemInfo
ReadFileEx
GetLastError
SleepEx
CloseHandle
DuplicateHandle
RaiseException
SetEvent
ResetEvent
CreateEventA
GetCurrentProcess
CreateThread
GetCurrentThread
SetThreadPriority
GetThreadPriority
SuspendThread
ResumeThread
GetProcessAffinityMask
SetThreadAffinityMask
CreateEventExA
WaitForMultipleObjects
GetFileAttributesA
VirtualAlloc
VirtualFree
CreateMutexA
CreateFileA
GetCurrentDirectoryA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetModuleFileNameA
GetModuleHandleA
GetVersionExA
GlobalMemoryStatus
SetProcessAffinityMask
ReadFile
SetErrorMode
GetCurrentProcessId
SetPriorityClass
OpenProcess
FormatMessageA
GetLocaleInfoA
GetUserDefaultLCID
CreateToolhelp32Snapshot
Module32First
Module32Next
MultiByteToWideChar
GetSystemTime
SystemTimeToFileTime
MulDiv
SetThreadExecutionState
GlobalMemoryStatusEx
LocalFree
HeapSize
GetModuleFileNameW
GetStdHandle
GetProcessHeap
SetLastError
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
IsProcessorFeaturePresent
IsDebuggerPresent
PeekNamedPipe
GetFileType
GetFileInformationByHandle
FileTimeToLocalFileTime
RtlPcToFileHeader
GetCommandLineA
RtlCaptureContext
HeapReAlloc
RtlLookupFunctionEntry
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindNextFileA
FindFirstFileExA
FindClose
WideCharToMultiByte
GetSystemTimeAsFileTime
RtlUnwindEx
GetTempPathA
CreateProcessA
AreFileApisANSI
GetModuleHandleExW
ExitProcess
DecodePointer
EncodePointer
HeapAlloc
HeapFree
GetTickCount
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LoadLibraryExW
SetConsoleCtrlHandler
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointer
SetFilePointerEx
GetExitCodeProcess
CreatePipe
DeleteFileW
MoveFileExW
GetTimeZoneInformation
CreateDirectoryW
DeleteCriticalSection
WriteFile
ReadConsoleInputA
SetConsoleMode
DeleteFileA
FindFirstFileExW
GetDriveTypeW
LoadLibraryW
OutputDebugStringW
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetEnvironmentVariableW
SetEnvironmentVariableA

user32

GetMonitorInfoA
MonitorFromWindow
SystemParametersInfoA
MapVirtualKeyA
MoveWindow
RegisterWindowMessageA
SetWindowLongPtrA
SetWindowTextA
CloseWindow
CallWindowProcA
SendMessageW
LoadImageA
AdjustWindowRect
UpdateWindow
SetWindowPos
DestroyWindow
CreateWindowExA
RegisterClassA
DefWindowProcA
SendMessageA
MessageBoxW
IsWindow
AdjustWindowRectEx
MonitorFromPoint
LoadIconA
LoadCursorA
MessageBoxA
GetActiveWindow
EnumDisplayMonitors
ShowWindow
RegisterClassExA
PeekMessageA
DispatchMessageA
TranslateMessage
GetMessageA
LoadStringA
ScreenToClient
GetCursorPos
SetCursorPos
ShowCursor
GetForegroundWindow
SetFocus
PostMessageA
GetSystemMetrics
ChangeDisplaySettingsA
EnumThreadWindows
GetDesktopWindow
SetWindowLongA
GetWindowLongA
GetWindowTextA
ReleaseDC
GetDC
PostQuitMessage
ClientToScreen
ClipCursor
GetWindowRect
GetClientRect
GetUserObjectInformationW
GetProcessWindowStation

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetObjectW
BitBlt
CreateDCW
DeleteObject
DeleteDC
CreateFontA
CreateSolidBrush
SetDeviceGammaRamp
GetDeviceCaps
GetBitmapBits

advapi32

RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegQueryValueExA
CryptAcquireContextA
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CryptReleaseContext

shell32

ShellExecuteA

ole32

CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitializeEx

xinput1_3

ord2
ord3
ord4

ws2_32

sendto
recvfrom
connect
gethostbyname
inet_addr
WSAGetLastError
socket
shutdown
setsockopt
gethostname
select
recv
ntohl
htons
ioctlsocket
closesocket
bind
__WSAFDIsSet
inet_ntoa
ntohs
send
WSASetLastError
getsockname

psapi

GetModuleBaseNameA
EnumProcessModulesEx

Sections

.text
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.interpr
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 245KB - Virtual size: 99.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 334KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 97B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

119fff86056d8234d3c2bfae716a9497

Headers

DLL Characteristics

File Characteristics

Imports

winmm

steam_api64

bink2w64

d3d11

dxgi

powrprof

kernel32

user32

gdi32

advapi32

shell32

ole32

xinput1_3

ws2_32

psapi

Sections

.text Size: 6.9MB - Virtual size: 6.9MB

.interpr Size: 48KB - Virtual size: 47KB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 245KB - Virtual size: 99.4MB

.pdata Size: 334KB - Virtual size: 334KB

.tls Size: 512B - Virtual size: 97B

_RDATA Size: 3KB - Virtual size: 3KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 6.9MB - Virtual size: 6.9MB

.interpr
Size: 48KB - Virtual size: 47KB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 245KB - Virtual size: 99.4MB

.pdata
Size: 334KB - Virtual size: 334KB

.tls
Size: 512B - Virtual size: 97B

_RDATA
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB