Forts[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Forts.exe
Size

6.9MB
MD5

a8fcc03080db0f0c10864f09a65e50cf
SHA1

fed17d57b4b680833290140234ec1fe600569c8b
SHA256

2219121197598ae9ea76fc45157136e8c4162681c2730aae5a5a98e099e8d2c4
SHA512

07dfe8ea1304f77a6c653a7ed4d712e6699890a7f1f093b3e0195eaf2d4225cc555f3ca38a194e9194b1b84bfc1e0451af90f8e7866213a2da33882a3af16fa3
SSDEEP

196608:Nx01EszSYmpgo3+lo7UNZMfdVQ3UfSlWfC49FYH:HQj9mmot7iZMI3UqYCmFg

Score

1^/10

Malware Config

Signatures

Files

Forts.exe
.exe windows:6 windows x64

bfa8f67622640ecc4b1b749e452063a2

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2c:5c:52:44:72:98:e1:d5:35:81:17:a7:f7:d4:b8:83
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

08/09/2021, 00:00

Not After

07/09/2024, 23:59

Subject

CN=EarthWork Games Pty Ltd,O=EarthWork Games Pty Ltd,ST=South Australia,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

77:5a:04:01:71:37:8d:c0:9e:a7:6d:e1:6b:e1:71:f3:c4:19:76:68
Signer

Actual PE Digest

77:5a:04:01:71:37:8d:c0:9e:a7:6d:e1:6b:e1:71:f3:c4:19:76:68

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

steam_api64

SteamAPI_Shutdown
SteamGameServer_RunCallbacks
SteamGameServer_Shutdown
SteamInternal_GameServer_Init
SteamAPI_RegisterCallResult
SteamAPI_UnregisterCallResult
SteamAPI_RegisterCallback
SteamAPI_UnregisterCallback
SteamAPI_RunCallbacks
SteamGameServer_GetHSteamUser
SteamInternal_FindOrCreateGameServerInterface
SteamInternal_CreateInterface
SteamInternal_FindOrCreateUserInterface
SteamAPI_Init
SteamAPI_GetHSteamUser
SteamInternal_ContextInit

dbghelp

MiniDumpWriteDump

shlwapi

PathIsDirectoryA
PathIsDirectoryW

ws2_32

recvfrom
listen
accept
freeaddrinfo
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
socket
htonl
ntohl
sendto
WSACleanup
send
WSAStartup
gethostname
gethostbyname
inet_ntoa
WSAGetLastError
getaddrinfo
ioctlsocket
recv
WSASetLastError
select
__WSAFDIsSet
inet_addr

fmod

?getChannelsPlaying@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH0@Z
?setOutput@System@FMOD@@QEAA?AW4FMOD_RESULT@@W4FMOD_OUTPUTTYPE@@@Z
?getNumDrivers@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH@Z
?getDriverInfo@System@FMOD@@QEAA?AW4FMOD_RESULT@@HPEADHPEAUFMOD_GUID@@PEAHPEAW4FMOD_SPEAKERMODE@@2@Z
?setDriver@System@FMOD@@QEAA?AW4FMOD_RESULT@@H@Z
?getDriver@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH@Z
?setSoftwareChannels@System@FMOD@@QEAA?AW4FMOD_RESULT@@H@Z
?setAdvancedSettings@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAUFMOD_ADVANCEDSETTINGS@@@Z
?getAdvancedSettings@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAUFMOD_ADVANCEDSETTINGS@@@Z
?set3DSettings@System@FMOD@@QEAA?AW4FMOD_RESULT@@MMM@Z
?createStream@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEBDIPEAUFMOD_CREATESOUNDEXINFO@@PEAPEAVSound@2@@Z
?getMasterChannelGroup@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAVChannelGroup@2@@Z
?getUserData@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAX@Z
?setCallback@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@P6A?AW43@PEAUFMOD_CHANNELCONTROL@@W4FMOD_CHANNELCONTROL_TYPE@@W4FMOD_CHANNELCONTROL_CALLBACK_TYPE@@PEAX3@Z@Z
?setUserData@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAX@Z
?getSoftwareFormat@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAHPEAW4FMOD_SPEAKERMODE@@0@Z
?createDSP@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEBUFMOD_DSP_DESCRIPTION@@PEAPEAVDSP@2@@Z
?getRecordPosition@System@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAI@Z
?isRecording@System@FMOD@@QEAA?AW4FMOD_RESULT@@HPEA_N@Z
?lock@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@IIPEAPEAX0PEAI1@Z
?unlock@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAX0II@Z
?addDSP@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAVDSP@2@@Z
?removeDSP@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAVDSP@2@@Z
?getPosition@Channel@FMOD@@QEAA?AW4FMOD_RESULT@@PEAII@Z
?getCurrentSound@Channel@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAVSound@2@@Z
?getLength@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAII@Z
?set3DListenerAttributes@System@FMOD@@QEAA?AW4FMOD_RESULT@@HPEBUFMOD_VECTOR@@000@Z
?setMode@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@I@Z
?createSound@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEBDIPEAUFMOD_CREATESOUNDEXINFO@@PEAPEAVSound@2@@Z
?set3DMinMaxDistance@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@MM@Z
?release@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?playSound@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAVSound@2@PEAVChannelGroup@2@_NPEAPEAVChannel@2@@Z
?setVolume@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@M@Z
?setPriority@Channel@FMOD@@QEAA?AW4FMOD_RESULT@@H@Z
?set3DAttributes@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEBUFMOD_VECTOR@@0@Z
?setPaused@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@_N@Z
?setVolumeRamp@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@_N@Z
?getIndex@Channel@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH@Z
?getChannel@System@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAPEAVChannel@2@@Z
?isPlaying@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEA_N@Z
?stop@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?set3DCustomRolloff@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAUFMOD_VECTOR@@H@Z
?setPosition@Channel@FMOD@@QEAA?AW4FMOD_RESULT@@II@Z

fmodstudio

?unload@Bank@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?getChannelGroup@Bus@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAPEAVChannelGroup@3@@Z
?unlockChannelGroup@Bus@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?lockChannelGroup@Bus@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?setVolume@Bus@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@M@Z
?getPlaybackState@EventInstance@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAW4FMOD_STUDIO_PLAYBACK_STATE@@@Z
?loadBankMemory@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@PEBDHW4FMOD_STUDIO_LOAD_MEMORY_MODE@@IPEAPEAVBank@23@@Z
?loadBankFile@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@PEBDIPEAPEAVBank@23@@Z
?getParameterByName@System@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEBDPEAM1@Z
?getBus@System@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEBDPEAPEAVBus@23@@Z
?getCoreSystem@System@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAPEAV13@@Z
?flushCommands@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?release@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?initialize@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@HIIPEAX@Z
?getAdvancedSettings@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@PEAUFMOD_STUDIO_ADVANCEDSETTINGS@@@Z
?setAdvancedSettings@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@PEAUFMOD_STUDIO_ADVANCEDSETTINGS@@@Z
?create@System@Studio@FMOD@@SA?AW4FMOD_RESULT@@PEAPEAV123@I@Z
?isOneshot@EventDescription@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEA_N@Z
?getEvent@System@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEBDPEAPEAVEventDescription@23@@Z
?setListenerAttributes@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@HPEBUFMOD_3D_ATTRIBUTES@@PEBUFMOD_VECTOR@@@Z
?loadSampleData@EventDescription@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?createInstance@EventDescription@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAPEAVEventInstance@23@@Z
?set3DAttributes@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@PEBUFMOD_3D_ATTRIBUTES@@@Z
?start@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?release@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?setParameterByName@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@PEBDM_N@Z
?getLength@EventDescription@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAH@Z
?getID@EventDescription@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAUFMOD_GUID@@@Z
?setParameterByName@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@PEBDM_N@Z
?update@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?setVolume@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@M@Z
?stop@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@W4FMOD_STUDIO_STOP_MODE@@@Z
?setPaused@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@_N@Z

devil

ilOriginFunc
ilSetInteger
ilGetInteger
ilSave
ilLoadL
ilGetError
ilBindImage
ilEnable
ilDeleteImage
ilGenImage
ilInit

ilu

iluErrorString
iluInit
iluScale
iluFlipImage
iluGetInteger

ilut

ilutInit
ilutEnable
ilutGLBindTexImage
ilutGLTexImage
ilutGLScreen
ilutGetInteger
ilutGLBindMipmaps
ilutGLBuildMipmaps
ilutDisable
ilutRenderer

advapi32

GetUserNameA
CryptGenRandom
CryptGetHashParam
CryptAcquireContextA
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptReleaseContext

crypt32

CertFreeCertificateContext

wldap32

ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord60
ord211
ord46
ord143

normaliz

IdnToAscii

kernel32

GetEnvironmentVariableA
VerSetConditionMask
SleepEx
WriteConsoleW
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
lstrcmpA
GetOEMCP
GetACP
LoadLibraryA
VerifyVersionInfoA
FindFirstFileExW
OutputDebugStringW
FlushFileBuffers
SetStdHandle
GetTimeZoneInformation
MoveFileExW
HeapReAlloc
CreateDirectoryW
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
IsValidCodePage
ExpandEnvironmentStringsA
SetHandleInformation
CreatePipe
CreateProcessW
LoadLibraryW
RtlUnwind
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
SetFilePointerEx
ReadFile
HeapAlloc
HeapFree
GetModuleFileNameW
WriteFile
GetStdHandle
SetEndOfFile
PeekNamedPipe
GetFileType
GetFileInformationByHandle
CreateFileW
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
RemoveDirectoryW
DeleteFileW
DuplicateHandle
GetTempPathW
GetFileAttributesExW
GetSystemDirectoryA
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEnvironmentVariableW
GetFullPathNameW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLocalTime
CreateFileA
DeleteFileA
GetFileSizeEx
CloseHandle
CreateDirectoryA
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
GetFileAttributesA
GetFileAttributesW
GetFileTime
GetLastError
GlobalUnlock
GlobalLock
lstrlenW
MoveFileA
FileTimeToSystemTime
MultiByteToWideChar
WideCharToMultiByte
CreateToolhelp32Snapshot
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventA
CreateSemaphoreA
GetModuleFileNameA
CopyFileA
CreateMutexA
ReleaseMutex
GetCurrentProcess
GetProcessId
GetCurrentThreadId
GetProcessHeap
HeapSetInformation
SetThreadAffinityMask
GetCurrentThread
Module32First
Module32Next
RemoveDirectoryA
GetModuleHandleA
Sleep
GlobalMemoryStatusEx
GetModuleHandleW
GetProcAddress
OutputDebugStringA
SetThreadPriority
GetDateFormatA
GetTimeFormatA
CompareFileTime
GetShortPathNameW
TerminateThread
GetSystemInfo
WaitForMultipleObjects
GetExitCodeProcess
SystemTimeToTzSpecificLocalTime
GetUserDefaultLCID
GetLocaleInfoA
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
WaitForSingleObjectEx
SwitchToThread
GetExitCodeThread
FormatMessageA
GetStringTypeW
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetTickCount64
EncodePointer
DecodePointer
CompareStringEx
GetCPInfo
LCMapStringEx
GetLocaleInfoEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
CreateEventW
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetDriveTypeW

user32

MessageBoxW
SetProcessDPIAware
LoadIconA
LoadCursorA
RegisterClassExW
AdjustWindowRectEx
CreateWindowExW
SetWindowPos
SetWindowTextA
SendMessageA
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
DefWindowProcA
PeekMessageA
GetMessageA
DispatchMessageA
RegisterClassA
CreateWindowExA
GetWindowLongPtrA
SystemParametersInfoA
ShowWindow
PostQuitMessage
GetClientRect
DefWindowProcW
SetFocus
FlashWindowEx
GetClipboardData
ReleaseDC
ChangeDisplaySettingsExA
SetForegroundWindow
FindWindowW
MessageBoxA
DestroyWindow
EnumDisplayMonitors
GetDC
EnumDisplaySettingsA
CloseClipboard
OpenClipboard
EnumDisplaySettingsExA
GetWindowRect
GetWindowThreadProcessId
EnumWindows
BringWindowToTop
PtInRect
WindowFromPoint
ScreenToClient
ClientToScreen
GetCursorPos
SetCursorPos
GetActiveWindow
ShowCursor
GetKeyState
ClipCursor
GetSystemMetrics
GetMonitorInfoA

gdi32

SetPixelFormat
DescribePixelFormat
ChoosePixelFormat
SwapBuffers
GetDeviceCaps

shell32

ShellExecuteA
ShellExecuteExA
ShellExecuteW
SHFileOperationW

opengl32

glPopAttrib
glPushAttrib
glGenTextures
glPushClientAttrib
glPopClientAttrib
glViewport
glVertex3fv
glVertex3f
glVertex2fv
glVertex2f
glTranslatef
glTexSubImage2D
glTexParameteri
glTexParameterf
glTexImage2D
glTexEnvf
glTexCoord2fv
glTexCoord2f
glShadeModel
glScissor
glScalef
glRotatef
glReadPixels
glReadBuffer
glPushMatrix
glPopMatrix
wglGetCurrentDC
glPixelStorei
glOrtho
glNewList
glMultMatrixf
glMatrixMode
glLoadMatrixf
glLoadIdentity
glLineWidth
glHint
glGetString
glGetIntegerv
glGetFloatv
glGenLists
glFlush
glEndList
glEnd
glEnable
glDisable
glDepthFunc
glDeleteTextures
glDeleteLists
glColorMask
glColor4fv
glColor4f
glClearColor
glClear
glCallList
glBlendFunc
glBindTexture
glPolygonMode
glBegin
glAlphaFunc
wglMakeCurrent
wglGetProcAddress
wglGetCurrentContext
wglCreateContext

dinput8

DirectInput8Create

winmm

waveInStop
waveInClose

imm32

ImmGetContext
ImmAssociateContext

Sections

.text
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 90KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bind
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bfa8f67622640ecc4b1b749e452063a2

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

2c:5c:52:44:72:98:e1:d5:35:81:17:a7:f7:d4:b8:83Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

77:5a:04:01:71:37:8d:c0:9e:a7:6d:e1:6b:e1:71:f3:c4:19:76:68Signer

Headers

DLL Characteristics

File Characteristics

Imports

steam_api64

dbghelp

shlwapi

ws2_32

fmod

fmodstudio

devil

ilu

ilut

advapi32

crypt32

wldap32

normaliz

kernel32

user32

gdi32

shell32

opengl32

dinput8

winmm

imm32

Sections

.text Size: 5.3MB - Virtual size: 5.3MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 90KB - Virtual size: 161KB

.pdata Size: 193KB - Virtual size: 193KB

_RDATA Size: 9KB - Virtual size: 8KB

.rsrc Size: 130KB - Virtual size: 130KB

.reloc Size: 21KB - Virtual size: 20KB

.bind Size: 201KB - Virtual size: 201KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

2c:5c:52:44:72:98:e1:d5:35:81:17:a7:f7:d4:b8:83
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

77:5a:04:01:71:37:8d:c0:9e:a7:6d:e1:6b:e1:71:f3:c4:19:76:68
Signer

.text
Size: 5.3MB - Virtual size: 5.3MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 90KB - Virtual size: 161KB

.pdata
Size: 193KB - Virtual size: 193KB

_RDATA
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 130KB - Virtual size: 130KB

.reloc
Size: 21KB - Virtual size: 20KB

.bind
Size: 201KB - Virtual size: 201KB