1[.]rar | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

1.rar
Size

3.8MB
MD5

f56b983e699b770b40e9dee9838348e0
SHA1

70dfcc2643a76a11630bb9de378df27cfb9b6b95
SHA256

7c33bfa06690cc9b48028033435918fd38bc9c7610daae044b2267ff3a12478c
SHA512

6b84f129b464fd227181f9964d52d38ee422c1f3162c0f6e5d98781f308d558df378292eb62280831a5dde8bdc94c288c37c3c1a4e1ca1f34f0d3a8d71a65fdd
SSDEEP

98304:Nvd99V7CpMaY/8tTGFMTQ9Psm2hmCD1W2FnyUW7MbBD0dMTjU:NT7CjkFMU9Pt8WGWgF3I

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1/Re4.exe
unpack001/1/dinput8.dll
unpack001/1/steamclient64.dll

Files

1.rar
.rar
1/Re4.exe
.exe windows:6 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 213KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.enigma1
Size: 2.4MB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enigma2
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
1/dinput8.dll
.dll windows:6 windows x64

2568c8bd2d435e221e1880190bcab582

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

d3d11

D3D11CreateDeviceAndSwapChain

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

kernel32

ExitProcess
CreateThread
GetSystemDirectoryW
LoadLibraryW
Sleep
VirtualAlloc
FreeLibrary
OutputDebugStringA
GetModuleFileNameA
AllocConsole
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemInfo
VirtualProtect
VirtualFree
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WriteConsoleW
GetFileAttributesA
GetDynamicTimeZoneInformation
GetStdHandle
WriteFile
GetConsoleMode
WriteConsoleA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetLastError
LoadLibraryExA
FormatMessageA
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
VirtualQuery
HeapCreate
HeapAlloc
HeapReAlloc
GetCurrentThreadId
OpenThread
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
GetModuleHandleW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
RaiseException
GetModuleFileNameW
GetModuleHandleExA
RtlUnwind
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
CreatePipe
GetExitCodeProcess
DeleteFileW
GetTimeZoneInformation
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
CreateProcessW
DuplicateHandle
ReadFile
GetFileType
SetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
GetCurrentProcessId
GetCurrentProcess
SetUnhandledExceptionFilter
CloseHandle
SetLastError
InterlockedFlushSList
CreateFileA
IsBadReadPtr
LoadLibraryA
GetProcAddress
ExitThread
LoadLibraryExW
TlsFree
TlsSetValue
GetModuleHandleA
HeapSize
HeapFree
SetEndOfFile
TlsGetValue
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
LocalFree
GetLocaleInfoEx
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFinalPathNameByHandleW
GetFullPathNameW
SetFileInformationByHandle
GetTempPathW
AreFileApisANSI
MoveFileExW
GetFileInformationByHandleEx
WakeAllConditionVariable
SleepConditionVariableSRW
IsProcessorFeaturePresent
WaitForSingleObjectEx
GetExitCodeThread
ReleaseSRWLockShared
AcquireSRWLockShared
RtlPcToFileHeader
InitializeCriticalSectionEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
GetStringTypeW
InitializeCriticalSectionAndSpinCount
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
InitializeSListHead
TerminateProcess
RtlUnwindEx
TlsAlloc

user32

GetDesktopWindow
DefWindowProcA
UnregisterClassA
RegisterClassExA
CreateWindowExA
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
LoadCursorA
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
GetClientRect
GetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
GetKeyState
IsChild
VkKeyScanA
SetWindowLongPtrA
GetRawInputData
GetWindowLongPtrA
CallWindowProcA
PostMessageA
MessageBoxA
DestroyWindow

shell32

SHGetSpecialFolderPathA

comdlg32

GetOpenFileNameA

d3dcompiler_47

D3DCompile

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

shlwapi

PathRemoveFileSpecW

Exports

Exports

DirectInput8Create
direct_input8_create

Sections

.text
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 127KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1/steam_settings/DLC.txt
1/steam_settings/force_language.txt
1/steam_settings/supported_languages.txt
1/steamclient64.dll
.dll windows:6 windows x64

902a5422d6e0609ff46121a70fb95ee0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

winmm

PlaySoundA

iphlpapi

GetAdaptersInfo

ws2_32

WSASetLastError
getsockopt
htonl
bind
accept
closesocket
connect
inet_ntop
inet_pton
freeaddrinfo
InetPtonW
WSAConnect
getaddrinfo
ioctlsocket
WSAStartup
socket
setsockopt
sendto
send
recvfrom
recv
ntohs
ntohl
listen
htons

advapi32

SystemFunction036

shell32

SHGetFolderPathW
CommandLineToArgvW

xinput9_1_0

XInputGetState
XInputSetState

user32

OpenClipboard
SetWindowLongPtrA
GetWindowLongPtrA
CallWindowProcA
WindowFromDC
DestroyWindow
CreateWindowExW
RegisterClassExW
UnregisterClassW
DefWindowProcA
ClipCursor
GetClipCursor
GetWindowRect
SetProcessDPIAware
MonitorFromWindow
LoadCursorA
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
GetClientRect
ReleaseDC
GetDC
GetForegroundWindow
GetKeyState
TrackMouseEvent
EmptyClipboard
GetClipboardData
CloseClipboard
SetClipboardData

kernel32

ReleaseSemaphore
GetVersionExW
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
WriteConsoleW
SetEndOfFile
HeapSize
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
MoveFileExW
GetTimeZoneInformation
SetStdHandle
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
InterlockedPopEntrySList
GetTimeFormatW
GetDateFormatW
GetStdHandle
HeapReAlloc
FreeLibraryAndExitThread
ExitThread
CreateThread
HeapFree
HeapAlloc
GetFullPathNameW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
ReadFile
InterlockedFlushSList
InterlockedPushEntrySList
GetEnvironmentVariableA
GetEnvironmentVariableW
OutputDebugStringA
CloseHandle
GetLastError
SetLastError
WaitForSingleObject
ExitProcess
TerminateProcess
GetExitCodeProcess
ResumeThread
CreateProcessA
CreateProcessW
OpenProcess
VirtualAllocEx
VirtualProtectEx
VirtualQueryEx
ReadProcessMemory
WriteProcessMemory
IsWow64Process
MultiByteToWideChar
GetCurrentProcess
VirtualProtect
VirtualFree
IsValidLocale
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExA
LoadLibraryExW
DebugBreak
GetCurrentThread
GetCurrentThreadId
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
GetFileSize
SetFilePointer
WriteFile
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
WideCharToMultiByte
CreateEventA
GetModuleHandleA
LoadLibraryA
VerSetConditionMask
QueryPerformanceCounter
QueryPerformanceFrequency
GetCommandLineW
GetProcessId
GetTickCount64
GetModuleFileNameW
GetModuleHandleExW
LocalFree
Module32FirstW
Module32NextW
LoadLibraryW
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
SetEnvironmentVariableW
Sleep
GetSystemDirectoryW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
TryEnterCriticalSection
DuplicateHandle
GetExitCodeThread
RtlPcToFileHeader
EncodePointer
DecodePointer
RaiseException
QueueUserWorkItem
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
QueryDepthSList
UnregisterWaitEx
VirtualQuery
CreateToolhelp32Snapshot
RtlUnwindEx

gdi32

DeleteObject
CreateRectRgn
GetDeviceCaps

dwmapi

DwmIsCompositionEnabled
DwmGetColorizationColor
DwmEnableBlurBehindWindow

Exports

Exports

Breakpad_SteamMiniDumpInit
Breakpad_SteamSetAppID
Breakpad_SteamSetSteamID
Breakpad_SteamWriteMiniDumpSetComment
Breakpad_SteamWriteMiniDumpUsingExceptionInfoWithBuildId
CreateInterface
Steam_BConnected
Steam_BGetCallback
Steam_BLoggedOn
Steam_BReleaseSteamPipe
Steam_ConnectToGlobalUser
Steam_CreateGlobalUser
Steam_CreateLocalUser
Steam_CreateSteamPipe
Steam_FreeLastCallback
Steam_GSBLoggedOn
Steam_GSBSecure
Steam_GSGetSteam2GetEncryptionKeyToSendToNewClient
Steam_GSGetSteamID
Steam_GSLogOff
Steam_GSLogOn
Steam_GSRemoveUserConnect
Steam_GSSendSteam2UserConnect
Steam_GSSendSteam3UserConnect
Steam_GSSendUserDisconnect
Steam_GSSendUserStatusResponse
Steam_GSSetServerType
Steam_GSSetSpawnCount
Steam_GSUpdateStatus
Steam_GetAPICallResult
Steam_GetGSHandle
Steam_InitiateGameConnection
Steam_LogOff
Steam_LogOn
Steam_ReleaseThreadLocalMemory
Steam_ReleaseUser
Steam_SetLocalIPBinding
Steam_TerminateGameConnection

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 699KB - Virtual size: 699KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 45B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 63KB - Virtual size: 63KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 2KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 176B

.reloc Size: 4KB - Virtual size: 3KB

.rsrc Size: 213KB - Virtual size: 212KB

.enigma1 Size: 2.4MB - Virtual size: 4KB

.enigma2 Size: 300KB - Virtual size: 300KB

2568c8bd2d435e221e1880190bcab582

Headers

DLL Characteristics

File Characteristics

Imports

d3d11

advapi32

kernel32

user32

shell32

comdlg32

d3dcompiler_47

imm32

shlwapi

Exports

Exports

Sections

.text Size: 5.5MB - Virtual size: 5.5MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 127KB - Virtual size: 261KB

.pdata Size: 231KB - Virtual size: 231KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 34KB - Virtual size: 34KB

902a5422d6e0609ff46121a70fb95ee0

Headers

DLL Characteristics

File Characteristics

Imports

winmm

iphlpapi

ws2_32

advapi32

shell32

xinput9_1_0

user32

kernel32

gdi32

dwmapi

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 699KB - Virtual size: 699KB

.data Size: 116KB - Virtual size: 174KB

.pdata Size: 107KB - Virtual size: 106KB

.detourc Size: 26KB - Virtual size: 26KB

.detourd Size: 512B - Virtual size: 72B

.tls Size: 512B - Virtual size: 45B

.gfids Size: 2KB - Virtual size: 2KB

.reloc Size: 23KB - Virtual size: 23KB

.text
Size: 63KB - Virtual size: 63KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 2KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 176B

.reloc
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 213KB - Virtual size: 212KB

.enigma1
Size: 2.4MB - Virtual size: 4KB

.enigma2
Size: 300KB - Virtual size: 300KB

.text
Size: 5.5MB - Virtual size: 5.5MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 127KB - Virtual size: 261KB

.pdata
Size: 231KB - Virtual size: 231KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 34KB - Virtual size: 34KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 699KB - Virtual size: 699KB

.data
Size: 116KB - Virtual size: 174KB

.pdata
Size: 107KB - Virtual size: 106KB

.detourc
Size: 26KB - Virtual size: 26KB

.detourd
Size: 512B - Virtual size: 72B

.tls
Size: 512B - Virtual size: 45B

.gfids
Size: 2KB - Virtual size: 2KB

.reloc
Size: 23KB - Virtual size: 23KB