SteamRun[.]png

Sharing

Copy URL Twitter E-mail

General

Target

SteamRun.png
Size

1.5MB
MD5

c07d4cf49cd55e9108e3d0887eb95dbd
SHA1

383efb6ad7adb0f8dba185fa028274c585e8862b
SHA256

cad7d14e063e87ca634a8e6a54af69bf9a72ca50cc5e22616de597e949fcafc7
SHA512

b226cf14d5999e0026d74e6f75ff14da00fb17c74bb93ddac0cfdf830ede2af4ffd55859bf2a67b7f3c3a387eda545eb122006070950431922d00545dd392653
SSDEEP

24576:xbcnXI47qyDxJQGu2ZPcmx7UAfhPYP9A0fDvg+xnkCiiTVm7+FTDMPaPidx86zek:lcXI47qyDxJuJUUA9Yq0bdZiDYTDWaPW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SteamRun.png

Files

SteamRun.png
.exe windows:6 windows x86

6f55d3ef4223c6596816735744213aaf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
UnhandledExceptionFilter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
CreateDirectoryA
WideCharToMultiByte
CreateProcessW
CloseHandle
Process32FirstW
Process32NextW
SetUnhandledExceptionFilter
GetFileAttributesA
GetLastError
CreateToolhelp32Snapshot
OpenProcess
GetCurrentThreadId
FlushConsoleInputBuffer
GlobalMemoryStatus
LoadLibraryA
SystemTimeToFileTime
GetSystemTime
GetModuleHandleA
WriteFile
VerifyVersionInfoW
GetSystemDirectoryW
LoadLibraryW
VerSetConditionMask
ExpandEnvironmentStringsA
PeekNamedPipe
ReadFile
GetStdHandle
GetFileType
WaitForMultipleObjects
GetProcAddress
FreeLibrary
WaitForSingleObject
SleepEx
Sleep
InitializeCriticalSection
GetTickCount
SetLastError
GetCPInfo
CompareStringEx
GetStringTypeW
LCMapStringEx
GetLocaleInfoEx
DecodePointer
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
FormatMessageA
MultiByteToWideChar
TerminateProcess

advapi32

ReportEventA
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
DeregisterEventSource
RegisterEventSourceA

shell32

SHGetFolderPathA

vcruntime140

strstr
strchr
strrchr
__std_terminate
wcsstr
_CxxThrowException
memchr
__uncaught_exception
memmove
memcpy
__std_exception_copy
_except_handler4_common
memset
__current_exception_context
__current_exception
__std_exception_destroy
_purecall
__CxxFrameHandler3
memcmp

api-ms-win-crt-stdio-l1-1-0

_set_fmode
fgetc
_fsopen
_close
_write
_read
fseek
fgets
fopen
__stdio_common_vfprintf
fputs
__stdio_common_vsscanf
__p__commode
_setmode
_fileno
ferror
feof
_wfopen
ftell
fputc
_open
fflush
_get_stream_buffer_pointers
_lseeki64
_fseeki64
fread
fsetpos
fclose
ungetc
__stdio_common_vsprintf
setvbuf
fgetpos
fwrite
__stdio_common_vsprintf_s
__acrt_iob_func

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
malloc
calloc
realloc
free

api-ms-win-crt-string-l1-1-0

isxdigit
isdigit
strcspn
isalnum
wcspbrk
isalpha
toupper
_strdup
isupper
_strnicmp
strcmp
_stricmp
isprint
isgraph
strncmp
strncpy
wcsnlen
__strncnt
tolower
isspace
_wcsdup
islower
strpbrk

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_stat64
_stat64i32
_lock_file
_unlock_file

api-ms-win-crt-locale-l1-1-0

setlocale
localeconv
_configthreadlocale
___lc_locale_name_func
__pctype_func
___lc_codepage_func
_unlock_locales
___mb_cur_max_func
___lc_collate_cp_func
_lock_locales

api-ms-win-crt-math-l1-1-0

frexp
__setusermatherr

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
signal
_set_app_type
raise
_seh_filter_exe
_invalid_parameter_noinfo_noreturn
_getpid
_configure_narrow_argv
__sys_nerr
strerror
abort
_errno
terminate
_controlfp_s
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_beginthreadex

api-ms-win-crt-convert-l1-1-0

strtoll
strtoul
atoi
strtod
strtof
strtol

api-ms-win-crt-time-l1-1-0

_W_Getmonths
_W_Getdays
_Getmonths
_Getdays
_W_Gettnames
_Strftime
_time64
_gmtime64
_Gettnames
_Wcsftime

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-conio-l1-1-0

_getch

ws2_32

connect
WSAStartup
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
closesocket
socket
bind
WSAIoctl
getaddrinfo
gethostbyname
getservbyname
freeaddrinfo
accept
listen
recvfrom
sendto
ioctlsocket
gethostname
shutdown
htonl
WSACleanup
WSAGetLastError
__WSAFDIsSet
send
select
recv
WSASetLastError

wldap32

ord41
ord14
ord46
ord127
ord208
ord145
ord301
ord26
ord167
ord27
ord118
ord142
ord79
ord133
ord147
ord216

user32

MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 322KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f55d3ef4223c6596816735744213aaf

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-conio-l1-1-0

ws2_32

wldap32

user32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 322KB - Virtual size: 322KB

.data Size: 38KB - Virtual size: 48KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 54KB - Virtual size: 53KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 322KB - Virtual size: 322KB

.data
Size: 38KB - Virtual size: 48KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 54KB - Virtual size: 53KB