GameBarPresenceWriter[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

GameBarPresenceWriter.exe
Size

252KB
MD5

c2f52b2e6c6205e3a024acae0895b321
SHA1

12915dd6cfde6b8109047369e6c7c1cae89c62e3
SHA256

66d23a9d1618b772b29e5816021edd6b26ef38d265dbc87a73a538b76a339753
SHA512

4596f5d4480fbe5d1562bb27c69c15458ac7dbd5a80d26cb5d0319e5c113368e8fb8b2818a8da47005a4dab72632fe0a7fe505853076da571a056999524b814a
SSDEEP

6144:/0KbCw12NfWqodQWJtjkk7mGZJ9B9au06DBy0tp8:pEfWqodQWtjQa9au06Dltp8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
GameBarPresenceWriter.exe

Files

GameBarPresenceWriter.exe
.exe windows:10 windows x86

d35968b2bd94590ba3c0b4f90d8af4a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegGetValueW
RegCreateKeyExW
RegCloseKey
RegNotifyChangeKeyValue
MakeAbsoluteSD
ConvertStringSecurityDescriptorToSecurityDescriptorW
EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

kernel32

GetModuleFileNameA
HeapFree
EnterCriticalSection
GetModuleHandleExW
LeaveCriticalSection
InitializeCriticalSectionEx
GetCurrentThreadId
FormatMessageW
OutputDebugStringW
RaiseException
HeapAlloc
GetProcAddress
DeleteCriticalSection
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
SetLastError
CreateEventExW
WaitForThreadpoolTimerCallbacks
CloseThreadpoolWait
GetLastError
WaitForThreadpoolWaitCallbacks
ReleaseSRWLockExclusive
CloseThreadpoolTimer
AcquireSRWLockExclusive
CreateThreadpoolWait
CloseHandle
SetThreadpoolTimer
SetThreadpoolWait
CreateThreadpoolTimer
ParseApplicationUserModelId
InitOnceExecuteOnce
CreateSemaphoreExW
ReleaseSemaphore
EncodePointer
WaitForSingleObject
ReleaseMutex
CreateEventW
Sleep
SetEvent
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
DecodePointer
CreateMutexExW
LocalFree
AcquireSRWLockShared
GetCurrentProcessId

api-ms-win-crt-runtime-l1-1-0

_initterm_e
exit
_exit
_errno
__p___argc
__p___wargv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_get_initial_wide_environment
_initialize_wide_environment
_invalid_parameter_noinfo
_configure_wide_argv
_set_app_type
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_seh_filter_exe
_controlfp_s
terminate
abort
_initterm
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__acrt_iob_func
__p__commode
__stdio_common_vsnprintf_s
__stdio_common_vswprintf
_set_fmode
__stdio_common_vfwprintf

api-ms-win-crt-heap-l1-1-0

_malloc_base
_callnewh
free
_realloc_base
_set_new_mode
malloc
_calloc_base
calloc
_free_base

ole32

CoReleaseServerProcess
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoCreateInstance
CoInitializeSecurity
CoResumeClassObjects
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemAlloc
CoAddRefServerProcess

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsStringHasEmbeddedNull
WindowsDeleteString
WindowsCreateStringReference
WindowsDuplicateString
WindowsGetStringRawBuffer
WindowsIsStringEmpty

api-ms-win-core-winrt-l1-1-0

RoRegisterActivationFactories
RoUninitialize
RoGetActivationFactory
RoInitialize
RoRevokeActivationFactories
RoActivateInstance

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-featurestaging-l1-1-0

SubscribeFeatureStateChangeNotification
GetFeatureEnabledState
RecordFeatureUsage
UnsubscribeFeatureStateChangeNotification

ntdll

RtlUnwind

api-ms-win-power-setting-l1-1-0

PowerSettingRegisterNotification
PowerSettingUnregisterNotification

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
WakeConditionVariable
SleepConditionVariableSRW
InitializeConditionVariable

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
TryAcquireSRWLockExclusive

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-localization-l1-2-0

GetCPInfo
LCMapStringEx
GetLocaleInfoEx

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-fibers-l1-1-0

FlsAlloc
FlsFree
FlsSetValue
FlsGetValue

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
__pctype_func
___mb_cur_max_func
___lc_locale_name_func
setlocale
_unlock_locales
_lock_locales
___lc_collate_cp_func
localeconv
_configthreadlocale

api-ms-win-crt-string-l1-1-0

strcspn
strcpy_s
wcsnlen
__strncnt
isspace
tolower
islower
isupper
_wcsdup

api-ms-win-crt-convert-l1-1-0

strtof
strtod

api-ms-win-crt-math-l1-1-0

frexp
_CIpow
ldexp
ceil

api-ms-win-crt-time-l1-1-0

_Getmonths
_Gettnames
_W_Gettnames
_Wcsftime
_Getdays
_W_Getdays
_W_Getmonths
_Strftime

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
CompareStringEx

Sections

.text
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d35968b2bd94590ba3c0b4f90d8af4a6

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

ole32

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-featurestaging-l1-1-0

ntdll

api-ms-win-power-setting-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-fibers-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-core-string-l1-1-0

Sections

.text Size: 216KB - Virtual size: 216KB

.data Size: 13KB - Virtual size: 15KB

.idata Size: 7KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 216KB - Virtual size: 216KB

.data
Size: 13KB - Virtual size: 15KB

.idata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 12KB