02e171e81d2fcf09a033ba42e4143190_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

02e171e81d2fcf09a033ba42e4143190_JC.exe
Size

7.1MB
MD5

02e171e81d2fcf09a033ba42e4143190
SHA1

7453998beb649f5b0053ee69f67b5563093ed69b
SHA256

75c2a3f69ef5411793207614c18da4826e14b02f2d27cd59f7f522086674811f
SHA512

e61601f41476576c08838d0442a56a97e8fc7e8bd5390edea4a2d3a5e729d038bf4eafd8ece611befa020b3bd8033527301382fe3593551f5eded0e6ccc53b0f
SSDEEP

196608:7CmhGHSwQEZ9SsirSz5IcDQ4ApzyZF/7DkXtS:iyY8cdi44zcF/7DGtS

Score

1^/10

Malware Config

Signatures

Files

02e171e81d2fcf09a033ba42e4143190_JC.exe
.exe windows:6 windows x64

1c4cf0caf96583a67bfd3362dc27ef75

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2c:5c:52:44:72:98:e1:d5:35:81:17:a7:f7:d4:b8:83
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

08/09/2021, 00:00

Not After

07/09/2024, 23:59

Subject

CN=EarthWork Games Pty Ltd,O=EarthWork Games Pty Ltd,ST=South Australia,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

35:1b:08:ba:2a:a9:99:16:6b:4d:45:21:42:af:c3:a7:60:ce:b5:ec
Signer

Actual PE Digest

35:1b:08:ba:2a:a9:99:16:6b:4d:45:21:42:af:c3:a7:60:ce:b5:ec

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

steam_api64

SteamAPI_Shutdown
SteamInternal_FindOrCreateUserInterface
SteamInternal_CreateInterface
SteamInternal_FindOrCreateGameServerInterface
SteamGameServer_GetHSteamUser
SteamGameServer_RunCallbacks
SteamGameServer_Shutdown
SteamInternal_GameServer_Init
SteamAPI_RegisterCallResult
SteamAPI_UnregisterCallResult
SteamAPI_RegisterCallback
SteamAPI_RunCallbacks
SteamAPI_UnregisterCallback
SteamAPI_Init
SteamAPI_GetHSteamUser
SteamInternal_ContextInit

dbghelp

MiniDumpWriteDump

shlwapi

PathIsDirectoryA
PathIsDirectoryW

ws2_32

recvfrom
listen
accept
ntohs
freeaddrinfo
WSAIoctl
ioctlsocket
htonl
ntohl
sendto
closesocket
bind
send
recv
WSASetLastError
htons
WSAStartup
WSACleanup
socket
__WSAFDIsSet
select
gethostname
gethostbyname
inet_ntoa
inet_addr
getsockopt
getsockname
getpeername
setsockopt
WSAGetLastError
getaddrinfo
connect

fmod

?setAdvancedSettings@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAUFMOD_ADVANCEDSETTINGS@@@Z
?getAdvancedSettings@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAUFMOD_ADVANCEDSETTINGS@@@Z
?set3DSettings@System@FMOD@@QEAA?AW4FMOD_RESULT@@MMM@Z
?createStream@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEBDIPEAUFMOD_CREATESOUNDEXINFO@@PEAPEAVSound@2@@Z
?getMasterChannelGroup@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAVChannelGroup@2@@Z
?setCallback@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@P6A?AW43@PEAUFMOD_CHANNELCONTROL@@W4FMOD_CHANNELCONTROL_TYPE@@W4FMOD_CHANNELCONTROL_CALLBACK_TYPE@@PEAX3@Z@Z
?setUserData@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAX@Z
?getSoftwareFormat@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAHPEAW4FMOD_SPEAKERMODE@@0@Z
?setSoftwareChannels@System@FMOD@@QEAA?AW4FMOD_RESULT@@H@Z
?getRecordPosition@System@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAI@Z
?getDriverInfo@System@FMOD@@QEAA?AW4FMOD_RESULT@@HPEADHPEAUFMOD_GUID@@PEAHPEAW4FMOD_SPEAKERMODE@@2@Z
?isRecording@System@FMOD@@QEAA?AW4FMOD_RESULT@@HPEA_N@Z
?lock@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@IIPEAPEAX0PEAI1@Z
?unlock@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAX0II@Z
?addDSP@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAVDSP@2@@Z
?removeDSP@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAVDSP@2@@Z
?getDriver@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH@Z
?createDSP@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEBUFMOD_DSP_DESCRIPTION@@PEAPEAVDSP@2@@Z
?setOutput@System@FMOD@@QEAA?AW4FMOD_RESULT@@W4FMOD_OUTPUTTYPE@@@Z
?getNumDrivers@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH@Z
?setDriver@System@FMOD@@QEAA?AW4FMOD_RESULT@@H@Z
?getChannelsPlaying@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH0@Z
?getUserData@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAX@Z
?getPosition@Channel@FMOD@@QEAA?AW4FMOD_RESULT@@PEAII@Z
?getCurrentSound@Channel@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAVSound@2@@Z
?getLength@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAII@Z
?set3DListenerAttributes@System@FMOD@@QEAA?AW4FMOD_RESULT@@HPEBUFMOD_VECTOR@@000@Z
?setMode@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@I@Z
?createSound@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEBDIPEAUFMOD_CREATESOUNDEXINFO@@PEAPEAVSound@2@@Z
?set3DMinMaxDistance@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@MM@Z
?release@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?playSound@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAVSound@2@PEAVChannelGroup@2@_NPEAPEAVChannel@2@@Z
?setVolume@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@M@Z
?setPriority@Channel@FMOD@@QEAA?AW4FMOD_RESULT@@H@Z
?set3DAttributes@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEBUFMOD_VECTOR@@0@Z
?setPaused@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@_N@Z
?getIndex@Channel@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH@Z
?getChannel@System@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAPEAVChannel@2@@Z
?isPlaying@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEA_N@Z
?stop@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?set3DCustomRolloff@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAUFMOD_VECTOR@@H@Z
?setVolumeRamp@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@_N@Z
?setPosition@Channel@FMOD@@QEAA?AW4FMOD_RESULT@@II@Z

fmodstudio

?update@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?setParameterByName@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@PEBDM_N@Z
?setListenerAttributes@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@HPEBUFMOD_3D_ATTRIBUTES@@PEBUFMOD_VECTOR@@@Z
?getEvent@System@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEBDPEAPEAVEventDescription@23@@Z
?isOneshot@EventDescription@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEA_N@Z
?createInstance@EventDescription@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAPEAVEventInstance@23@@Z
?unload@Bank@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?getChannelGroup@Bus@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAPEAVChannelGroup@3@@Z
?unlockChannelGroup@Bus@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?lockChannelGroup@Bus@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?setVolume@Bus@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@M@Z
?getPlaybackState@EventInstance@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAW4FMOD_STUDIO_PLAYBACK_STATE@@@Z
?loadBankMemory@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@PEBDHW4FMOD_STUDIO_LOAD_MEMORY_MODE@@IPEAPEAVBank@23@@Z
?loadBankFile@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@PEBDIPEAPEAVBank@23@@Z
?getParameterByName@System@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEBDPEAM1@Z
?getBus@System@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEBDPEAPEAVBus@23@@Z
?getCoreSystem@System@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAPEAV13@@Z
?flushCommands@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?release@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?initialize@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@HIIPEAX@Z
?getAdvancedSettings@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@PEAUFMOD_STUDIO_ADVANCEDSETTINGS@@@Z
?set3DAttributes@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@PEBUFMOD_3D_ATTRIBUTES@@@Z
?start@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?release@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?setParameterByName@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@PEBDM_N@Z
?setPaused@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@_N@Z
?setVolume@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@M@Z
?setAdvancedSettings@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@PEAUFMOD_STUDIO_ADVANCEDSETTINGS@@@Z
?create@System@Studio@FMOD@@SA?AW4FMOD_RESULT@@PEAPEAV123@I@Z
?stop@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@W4FMOD_STUDIO_STOP_MODE@@@Z
?getID@EventDescription@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAUFMOD_GUID@@@Z
?getLength@EventDescription@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAH@Z
?loadSampleData@EventDescription@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ

devil

ilTexImage
ilEnable
ilGetKeptDXTCData
ilGetInteger
ilGetError
ilLoadL
ilOriginFunc
ilBindImage
ilDeleteImage
ilGenImage
ilInit
ilSave
ilSetInteger
ilConvertImage
ilGetData

ilu

iluErrorString
iluGetImageInfo
iluFlipImage
iluScale
iluGetInteger
iluInit

ilut

ilutGLScreen
ilutGLTexImage
ilutGLBindTexImage
ilutGLBindMipmaps
ilutGLBuildMipmaps
ilutGetInteger
ilutDisable
ilutRenderer
ilutInit
ilutEnable

advapi32

CryptDestroyHash
GetUserNameA
CryptGenRandom
CryptAcquireContextA
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptReleaseContext
CryptHashData
CryptCreateHash
CryptGetHashParam

crypt32

CertFreeCertificateContext

wldap32

ord30
ord301
ord200
ord79
ord35
ord33
ord32
ord143
ord46
ord211
ord60
ord50
ord41
ord22
ord26
ord27

normaliz

IdnToAscii

kernel32

VerifyVersionInfoA
LoadLibraryA
GetSystemDirectoryA
ExpandEnvironmentStringsA
lstrcmpA
VerSetConditionMask
SleepEx
SetHandleInformation
WriteConsoleW
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetEnvironmentVariableA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
OutputDebugStringW
FlushFileBuffers
SetStdHandle
GetTimeZoneInformation
MoveFileExW
HeapReAlloc
CreatePipe
CreateProcessW
ReleaseSRWLockShared
AcquireSRWLockShared
LoadLibraryW
RtlUnwind
DuplicateHandle
CreateDirectoryW
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
SetFilePointerEx
ReadFile
HeapAlloc
HeapFree
GetModuleFileNameW
WriteFile
GetStdHandle
SetEndOfFile
PeekNamedPipe
GetFileType
GetFileInformationByHandle
CreateFileW
GetTempPathW
GetFileAttributesExW
GetCommandLineA
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLocalTime
CreateFileA
DeleteFileA
GetFileSizeEx
CloseHandle
CreateDirectoryA
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
GetFileAttributesA
GetFileAttributesW
GetFileTime
GetLastError
GlobalUnlock
GlobalLock
lstrlenW
MoveFileA
FileTimeToSystemTime
MultiByteToWideChar
WideCharToMultiByte
CreateToolhelp32Snapshot
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventA
CreateSemaphoreA
GetModuleFileNameA
CopyFileA
CreateMutexA
ReleaseMutex
GetCurrentProcess
GetProcessId
GetCurrentThreadId
GetProcessHeap
HeapSetInformation
SetThreadAffinityMask
GetCurrentThread
Module32First
Module32Next
RemoveDirectoryA
GetModuleHandleA
Sleep
GlobalMemoryStatusEx
GetModuleHandleW
GetProcAddress
OutputDebugStringA
SetThreadPriority
GetDateFormatA
GetTimeFormatA
CompareFileTime
GetShortPathNameW
TerminateThread
GetSystemInfo
WaitForMultipleObjects
GetExitCodeProcess
SystemTimeToTzSpecificLocalTime
GetUserDefaultLCID
GetLocaleInfoA
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
WaitForSingleObjectEx
SwitchToThread
GetExitCodeThread
FormatMessageA
GetStringTypeW
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetTickCount64
EncodePointer
DecodePointer
CompareStringEx
GetCPInfo
LCMapStringEx
GetLocaleInfoEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
CreateEventW
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetDriveTypeW
GetFullPathNameW
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
DeleteFileW
RemoveDirectoryW
CreateThread
ExitThread

user32

SetWindowTextA
SendMessageA
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
DefWindowProcA
PeekMessageA
GetMessageA
DispatchMessageA
RegisterClassA
CreateWindowExA
GetWindowLongPtrA
SystemParametersInfoA
ClipCursor
PostQuitMessage
GetClientRect
DefWindowProcW
SetFocus
FlashWindowEx
GetClipboardData
GetWindowThreadProcessId
SetWindowPos
LoadCursorA
LoadIconA
SetProcessDPIAware
MessageBoxW
CreateWindowExW
SetForegroundWindow
FindWindowW
MessageBoxA
DestroyWindow
EnumDisplayMonitors
EnumDisplaySettingsExA
GetWindowRect
GetSystemMetrics
GetDC
EnumDisplaySettingsA
CloseClipboard
OpenClipboard
BringWindowToTop
PtInRect
WindowFromPoint
ScreenToClient
ClientToScreen
GetCursorPos
ReleaseDC
ChangeDisplaySettingsExA
AdjustWindowRectEx
EnumWindows
RegisterClassExW
GetKeyState
ShowCursor
GetActiveWindow
SetCursorPos
ShowWindow
GetMonitorInfoA

gdi32

SwapBuffers
ChoosePixelFormat
DescribePixelFormat
SetPixelFormat
GetDeviceCaps

shell32

ShellExecuteW
ShellExecuteExA
ShellExecuteA
SHFileOperationW

opengl32

glGenTextures
glPopClientAttrib
glPushClientAttrib
glPushAttrib
glPopAttrib
glViewport
glVertex3fv
glVertex3f
glVertex2fv
glVertex2f
glTranslatef
glTexSubImage2D
glTexParameteri
glTexParameterf
glTexImage2D
glTexEnvf
glTexCoord2fv
glTexCoord2f
glShadeModel
glScissor
glScalef
glRotatef
wglGetCurrentDC
glReadBuffer
glPushMatrix
glPopMatrix
glPolygonMode
glPixelStorei
glOrtho
glNewList
glMultMatrixf
glMatrixMode
glLoadMatrixf
glLoadIdentity
glLineWidth
glHint
glGetString
glGetIntegerv
glGetFloatv
glGenLists
glFlush
glEndList
glEnd
glEnable
glDisable
glDepthFunc
glDeleteTextures
glDeleteLists
glReadPixels
glColorMask
glColor4fv
glColor4f
glClearColor
glClear
glCallList
glBlendFunc
glBindTexture
glBegin
glAlphaFunc
wglMakeCurrent
wglGetProcAddress
wglGetCurrentContext
wglCreateContext

dinput8

DirectInput8Create

winmm

waveInClose
waveInStop

imm32

ImmAssociateContext
ImmGetContext

Sections

.text
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 90KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bind
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c4cf0caf96583a67bfd3362dc27ef75

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

2c:5c:52:44:72:98:e1:d5:35:81:17:a7:f7:d4:b8:83Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

35:1b:08:ba:2a:a9:99:16:6b:4d:45:21:42:af:c3:a7:60:ce:b5:ecSigner

Headers

DLL Characteristics

File Characteristics

Imports

steam_api64

dbghelp

shlwapi

ws2_32

fmod

fmodstudio

devil

ilu

ilut

advapi32

crypt32

wldap32

normaliz

kernel32

user32

gdi32

shell32

opengl32

dinput8

winmm

imm32

Sections

.text Size: 5.4MB - Virtual size: 5.4MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 90KB - Virtual size: 162KB

.pdata Size: 201KB - Virtual size: 200KB

_RDATA Size: 9KB - Virtual size: 8KB

.rsrc Size: 130KB - Virtual size: 130KB

.reloc Size: 21KB - Virtual size: 21KB

.bind Size: 202KB - Virtual size: 202KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

2c:5c:52:44:72:98:e1:d5:35:81:17:a7:f7:d4:b8:83
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

35:1b:08:ba:2a:a9:99:16:6b:4d:45:21:42:af:c3:a7:60:ce:b5:ec
Signer

.text
Size: 5.4MB - Virtual size: 5.4MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 90KB - Virtual size: 162KB

.pdata
Size: 201KB - Virtual size: 200KB

_RDATA
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 130KB - Virtual size: 130KB

.reloc
Size: 21KB - Virtual size: 21KB

.bind
Size: 202KB - Virtual size: 202KB