sdhdship[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

sdhdship.exe
Size

35.8MB
MD5

4222400da40a4589c15c2e6b2071dcab
SHA1

df4108129378a060c33bd12048a01cbd886791af
SHA256

2a33ec787ac6fd4c86fec2b6f778feea881a3f35ea56c680121f53571c0527da
SHA512

4342555a300ba3a059b274fbe2bf394237741eb592c960986b642095230aec2428cfdef7c35ceb55434b8fb8199b6a7f49c977902e4f996cfd1bcc407665ae5c
SSDEEP

393216:Pt+N1/eeDvz8zjpsrPI5U0uOsB5pHnuIOiGgWWlRyHeL26K:PzpAAI9lY+L26K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
sdhdship.exe

Files

sdhdship.exe
.exe windows:6 windows x64 arch:x64

Password: infected

282202eace67253cc25c6301ed28447b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

winhttp

WinHttpGetIEProxyConfigForCurrentUser

libcurl

curl_multi_cleanup
curl_multi_perform
curl_multi_wait
curl_multi_remove_handle
curl_multi_add_handle
curl_multi_init
curl_easy_getinfo
curl_easy_cleanup
curl_easy_strerror
curl_slist_free_all
curl_global_init_mem
curl_formfree
curl_multi_info_read

advapi32

GetNamedSecurityInfoA
RegQueryValueExW
RegConnectRegistryA
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
LookupAccountSidA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

kernel32

FlsGetValue
FlsAlloc
TlsGetValue
SetThreadPriority
RtlCaptureContext
OutputDebugStringA
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexA
Sleep
GetCurrentProcess
CreateThread
GetCurrentThread
GetCurrentThreadId
GetTickCount
GlobalAlloc
GlobalLock
GlobalUnlock
GetLastError
GlobalFree
GetModuleHandleA
GetUserDefaultLocaleName
GetDiskFreeSpaceExA
GetDriveTypeA
GlobalMemoryStatusEx
GetVersionExA
GetLogicalDriveStringsA
GetTimeZoneInformation
EnterCriticalSection
LeaveCriticalSection
SetErrorMode
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSection
DeleteCriticalSection
GetProcAddress
LoadLibraryW
GetSystemInfo
VirtualAlloc
VirtualFree
SetEvent
ResetEvent
ReleaseSemaphore
CreateEventA
SuspendThread
ResumeThread
SetThreadAffinityMask
CreateSemaphoreA
CreateFileA
GetFileSize
ReadFile
SetFilePointer
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
MultiByteToWideChar
GetStdHandle
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateDirectoryA
DeleteFileA
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FindNextFileA
FlushFileBuffers
GetFileAttributesExA
LocalFileTimeToFileTime
FlsSetValue
SetFileAttributesA
SetFileTime
WriteFile
IsDebuggerPresent
DuplicateHandle
CreatePipe
PeekNamedPipe
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
SetEnvironmentVariableA
GetCurrentProcessId
TerminateProcess
WriteConsoleW
GetExitCodeThread
CreateProcessA
GetSystemTime
GetLocalTime
VirtualQuery
GetModuleFileNameA
LocalFree
SetThreadIdealProcessor
WaitForMultipleObjects
lstrlenW
MoveFileA
GetComputerNameA
FileTimeToSystemTime
GetFullPathNameW
WideCharToMultiByte
GetCommandLineA
LoadLibraryA
CreateEventW
RaiseException
SleepEx
WaitForMultipleObjectsEx
TlsAlloc
TlsSetValue
TlsFree
CreateSemaphoreW
FreeLibrary
CreateDirectoryW
DeleteFileW
FindFirstFileW
FindNextFileW
CreateFileW
FlsFree
GetStartupInfoW
SetFilePointerEx
InitOnceExecuteOnce
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
GetOEMCP
GetACP
InitializeCriticalSectionEx
RemoveDirectoryA
RtlLookupFunctionEntry
RtlUnwindEx
EncodePointer
DecodePointer
HeapFree
RtlPcToFileHeader
HeapAlloc
GetSystemTimeAsFileTime
LoadLibraryExW
ExitProcess
GetModuleHandleExW
AreFileApisANSI
FindFirstFileExW
GetDriveTypeW
GetFullPathNameA
HeapReAlloc
IsProcessorFeaturePresent
MoveFileExW
SetEndOfFile
GetProcessHeap
SetEnvironmentVariableW
GetFileAttributesExW
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetCPInfo
GetTempPathA
GetFileType
SetStdHandle
SetLastError
GetModuleFileNameW
HeapSize
GetFileInformationByHandle
IsValidCodePage
WaitForSingleObjectEx
GetTempPathW
RemoveDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetStringTypeW
OutputDebugStringW
GetTimeFormatEx
GetDateFormatEx
ExitThread
GetThreadPriority
CompareStringEx
GetLocaleInfoEx
LCMapStringEx
IsValidLocaleName
TerminateThread
EnumSystemLocalesEx
FormatMessageW
SystemTimeToFileTime
GetModuleHandleW
GetGeoInfoA
GetUserGeoID

gdi32

SelectObject
DeleteObject
GetKerningPairsW
GetTextMetricsW
CreateFontW
GetGlyphOutlineW
EnumFontFamiliesExW

ole32

CoSetProxyBlanket
CoInitializeEx
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
SysFreeString

psapi

GetModuleFileNameExA

secur32

GetUserNameExA

shlwapi

PathRelativePathToA
SHRegGetUSValueA

user32

GetForegroundWindow
CallWindowProcW
UnregisterDeviceNotification
RegisterDeviceNotificationW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetKeyboardLayout
SetWindowPos
RegisterRawInputDevices
GetRawInputData
GetCursorInfo
SystemParametersInfoA
ClientToScreen
SetCursor
SetCursorPos
GetAsyncKeyState
GetKeyState
TrackMouseEvent
SetWindowLongPtrW
GetWindowLongPtrW
ClipCursor
SetClipboardData
GetWindowInfo
SetCapture
OpenClipboard
ShowCursor
ReleaseCapture
GetClipboardData
MapVirtualKeyA
ToUnicode
GetKeyboardState
GetDC
LoadIconA
LoadCursorA
SetRect
AdjustWindowRectEx
GetWindowRect
GetClientRect
MoveWindow
ShowWindow
CreateWindowExA
RegisterClassExA
PostQuitMessage
DefWindowProcA
PeekMessageA
DispatchMessageA
TranslateMessage
ToUnicodeEx
MessageBoxA
SetWindowTextA
KillTimer
SetTimer
GetDlgItem
EndDialog
DialogBoxIndirectParamA
EmptyClipboard
CloseClipboard

winmm

timeGetTime
timeEndPeriod
timeGetDevCaps
timeBeginPeriod

wsock32

WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
inet_ntoa
getsockopt
getsockname
htonl
htons
inet_addr
listen
ntohl
ntohs
recv
select
send
setsockopt
shutdown
socket
WSAAsyncSelect
ioctlsocket
WSAGetLastError
WSACleanup
gethostname
gethostbyname

iphlpapi

GetAdaptersInfo

msacm32

acmStreamSize
acmStreamConvert
acmStreamPrepareHeader
acmStreamOpen

d3d11

D3D11CreateDevice

d3dcompiler_46

D3DReflect

dinput8

DirectInput8Create

dxgi

CreateDXGIFactory1

xinput9_1_0

XInputGetState
XInputGetCapabilities
XInputSetState

wininet

InternetOpenUrlA
InternetCloseHandle
InternetOpenA
InternetGetConnectedState

steam_api64

SteamAPI_UnregisterCallResult
SteamAPI_SetMiniDumpComment
SteamAPI_RegisterCallResult
SteamUserStats
SteamUser
SteamAPI_UnregisterCallback
SteamAPI_RegisterCallback
SteamAPI_RunCallbacks
SteamApps
SteamUtils
SteamFriends
SteamAPI_Shutdown
SteamAPI_IsSteamRunning
SteamAPI_RestartAppIfNecessary
SteamAPI_WriteMiniDump
SteamAPI_Init
SteamClient

twitchsdk_64_release

ord11
ord13
ord49
ord20
ord19
ord10
ord34
ord12
ord1
ord5
ord36
ord14
ord15

bink2w64

BinkShouldSkip
BinkControlBackgroundIO
BinkGetRealtime
BinkSetIOSize
BinkSetSoundSystem
BinkSetVolume
BinkWait
BinkNextFrame
BinkRegisterFrameBuffers
BinkGetFrameBuffersInfo
BinkGetError
BinkOpen
BinkGoto
BinkPause
BinkOpenDirectSound
BinkClose
BinkDoFrame

crypt32

CertOpenStore
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain
CertCreateCertificateContext
CertFreeCertificateContext
CertAddEncodedCertificateToStore

Exports

Exports

??0BufferedFile@Scaleform@@IEAA@XZ
??0BufferedFile@Scaleform@@QEAA@PEAVFile@1@@Z
??0Event@Scaleform@@QEAA@_N0@Z
??0Mutex@Scaleform@@QEAA@_N0@Z
??0Semaphore@Scaleform@@QEAA@H_N@Z
??0SysAllocPagedMalloc@Scaleform@@QEAA@_K@Z
??0SysAllocStatic@Scaleform@@QEAA@PEAX_K010101@Z
??0SysAllocStatic@Scaleform@@QEAA@_K@Z
??0SysAllocWinAPI@Scaleform@@QEAA@_K0@Z
??0SysFile@Scaleform@@QEAA@AEBVString@1@HH@Z
??0SysFile@Scaleform@@QEAA@XZ
??0System@Scaleform@@QEAA@AEBUHeapDesc@MemoryHeap@1@PEAVSysAllocBase@1@@Z
??0System@Scaleform@@QEAA@PEAVSysAllocBase@1@@Z
??0Thread@Scaleform@@QEAA@AEBUCreateParams@01@@Z
??0Thread@Scaleform@@QEAA@P6AHPEAV01@PEAX@Z1_KHW4ThreadState@01@@Z
??0Thread@Scaleform@@QEAA@_KH@Z
??0WaitCondition@Scaleform@@QEAA@XZ
??1AcquireInterface@Scaleform@@UEAA@XZ
??1BufferedFile@Scaleform@@UEAA@XZ
??1DefaultAcquireInterface@Scaleform@@UEAA@XZ
??1Event@Scaleform@@UEAA@XZ
??1Loader@GFx@Scaleform@@UEAA@XZ
??1Mutex@Scaleform@@UEAA@XZ
??1RefCountImplCore@Scaleform@@UEAA@XZ
??1RefCountNTSImplCore@Scaleform@@UEAA@XZ
??1RefCountWeakSupportImpl@Scaleform@@UEAA@XZ
??1Semaphore@Scaleform@@UEAA@XZ
??1System@Scaleform@@QEAA@XZ
??1Thread@Scaleform@@UEAA@XZ
??1WaitCondition@Scaleform@@QEAA@XZ
??ESemaphore@Scaleform@@QEAAHH@Z
??FSemaphore@Scaleform@@QEAAHH@Z
??YSemaphore@Scaleform@@QEAAHH@Z
??ZSemaphore@Scaleform@@QEAAHH@Z
??_FEvent@Scaleform@@QEAAXXZ
??_FMutex@Scaleform@@QEAAXXZ
??_FSemaphore@Scaleform@@QEAAXXZ
??_FSysAllocPagedMalloc@Scaleform@@QEAAXXZ
??_FSysAllocStatic@Scaleform@@QEAAXXZ
??_FSysAllocWinAPI@Scaleform@@QEAAXXZ
??_FSystem@Scaleform@@QEAAXXZ
??_FThread@Scaleform@@QEAAXXZ
?Acquire@Waitable@Scaleform@@QEAA_NI@Z
?AcquireMultipleObjects@AcquireInterface@Scaleform@@SA_NPEAPEAVWaitable@2@II@Z
?AcquireOneOfMultipleObjects@AcquireInterface@Scaleform@@SAHPEAPEAVWaitable@2@II@Z
?AddMemSegment@SysAllocStatic@Scaleform@@QEAAXPEAX_K@Z
?AddRef@RefCountImpl@Scaleform@@QEAAXXZ
?AddWaitHandler@Waitable@Scaleform@@QEAA_NP6AXPEAX@Z0@Z
?Append@?$Matrix2x4@M@Render@Scaleform@@QEAAAEAV123@AEBV123@@Z
?Append@?$Matrix2x4@N@Render@Scaleform@@QEAAAEAV123@AEBV123@@Z
?Append_NonOpt@?$Matrix2x4@N@Render@Scaleform@@QEAAAEAV123@AEBV123@@Z
?Blend@Color@Render@Scaleform@@SA?AV123@V123@0M@Z
?BytesAvailable@BufferedFile@Scaleform@@UEAAHXZ
?CallWaitHandlers@HandlerArray@Waitable@Scaleform@@QEAAXXZ
?CallWaitHandlers@Waitable@Scaleform@@QEAAXXZ
?CanAcquire@AcquireInterface@Scaleform@@UEAA_NXZ
?CanAcquire@Event@Scaleform@@UEAA_NXZ
?CanAcquire@Mutex@Scaleform@@UEAA_NXZ
?CanAcquire@Semaphore@Scaleform@@UEAA_NXZ
?ChangeSize@BufferedFile@Scaleform@@UEAA_NH@Z
?Close@BufferedFile@Scaleform@@UEAA_NXZ
?Close@SysFile@Scaleform@@UEAA_NXZ
?ConvertHSIToRGB@Color@Render@Scaleform@@SAXNNNPEAN00@Z
?ConvertRGBToHSI@Color@Render@Scaleform@@SAXNNNPEAN00@Z
?CopyFromStream@BufferedFile@Scaleform@@UEAAHPEAVFile@2@H@Z
?CreateWaitableIncrement@Semaphore@Scaleform@@QEAAPEAVWaitable@2@H@Z
?Destroy@System@GFx@Scaleform@@SAXXZ
?Destroy@System@Scaleform@@SAXXZ
?DoLock@Mutex@Scaleform@@QEAAXXZ
?EncloseTransform@?$Matrix2x4@M@Render@Scaleform@@QEBAXPEAV?$Rect@M@23@AEBV423@@Z
?EncloseTransform@?$Matrix3x4@M@Render@Scaleform@@QEBA?AV?$Rect@M@23@AEBV423@@Z
?EncloseTransform@?$Matrix3x4@M@Render@Scaleform@@QEBAXPEAV?$Rect@M@23@AEBV423@@Z
?EncloseTransformHomogeneous@?$Matrix4x4@M@Render@Scaleform@@QEBAXPEAV?$Rect@M@23@AEBV423@@Z
?Exit@Thread@Scaleform@@UEAAXH@Z
?FinishAllThreads@Thread@Scaleform@@SAXXZ
?Flush@BufferedFile@Scaleform@@UEAA_NXZ
?FlushBuffer@BufferedFile@Scaleform@@IEAAXXZ
?GetAcquireInterface@Event@Scaleform@@UEAAPEAVAcquireInterface@2@XZ
?GetAcquireInterface@Mutex@Scaleform@@UEAAPEAVAcquireInterface@2@XZ
?GetAcquireInterface@Semaphore@Scaleform@@UEAAPEAVAcquireInterface@2@XZ
?GetAcquireInterface@Waitable@Scaleform@@UEAAPEAVAcquireInterface@2@XZ
?GetBitSet@SysAllocWinAPI@Scaleform@@QEBAPEBK_K@Z
?GetCPUCount@Thread@Scaleform@@SAHXZ
?GetDefaultAcquireInterface@DefaultAcquireInterface@Scaleform@@SAPEAV12@XZ
?GetDeterminant@?$Matrix2x4@M@Render@Scaleform@@QEBAMXZ
?GetErrorCode@SysFile@Scaleform@@UEAAHXZ
?GetExitFlag@Thread@Scaleform@@QEBA_NXZ
?GetFileStat@SysFile@Scaleform@@SA_NPEAUFileStat@2@AEBVString@2@@Z
?GetHSI@Color@Render@Scaleform@@QEBAXPEAH00@Z
?GetHSI@Color@Render@Scaleform@@QEBAXPEAM00@Z
?GetHSV@Color@Render@Scaleform@@QEBAXPEAH00@Z
?GetHSV@Color@Render@Scaleform@@QEBAXPEAM00@Z
?GetLength@BufferedFile@Scaleform@@UEAAHXZ
?GetMaxScale@?$Matrix2x4@M@Render@Scaleform@@QEBAMXZ
?GetRotation@?$Matrix2x4@M@Render@Scaleform@@QEBAMXZ
?GetRotationDouble@?$Matrix2x4@M@Render@Scaleform@@QEBANXZ
?GetScale@?$Matrix2x4@M@Render@Scaleform@@QEBAMXZ
?GetThreadState@Thread@Scaleform@@QEBA?AW4ThreadState@12@XZ
?GetXScale@?$Matrix2x4@M@Render@Scaleform@@QEBAMXZ
?GetXScaleDouble@?$Matrix2x4@M@Render@Scaleform@@QEBANXZ
?GetYScale@?$Matrix2x4@M@Render@Scaleform@@QEBAMXZ
?GetYScaleDouble@?$Matrix2x4@M@Render@Scaleform@@QEBANXZ
?HasMemoryLeaks@System@Scaleform@@2_NA
?Init@System@GFx@Scaleform@@SAXAEBUHeapDesc@MemoryHeap@3@PEAVSysAllocBase@3@@Z
?Init@System@GFx@Scaleform@@SAXPEAVSysAllocBase@3@@Z
?Init@System@Scaleform@@SAXAEBUHeapDesc@MemoryHeap@2@PEAVSysAllocBase@2@@Z
?Init@System@Scaleform@@SAXPEAVSysAllocBase@2@@Z
?IsFinished@Thread@Scaleform@@QEBA_NXZ
?IsLockedByAnotherThread@Mutex@Scaleform@@QEAA_NXZ
?IsSignaled@Event@Scaleform@@UEBA_NXZ
?IsSignaled@Mutex@Scaleform@@UEBA_NXZ
?IsSignaled@Semaphore@Scaleform@@UEBA_NXZ
?IsSignaled@Waitable@Scaleform@@UEBA_NXZ
?IsSuspended@Thread@Scaleform@@QEBA_NXZ
?IsValid@?$Matrix2x4@M@Render@Scaleform@@QEBA_NXZ
?IsValid@?$Matrix3x4@M@Render@Scaleform@@QEBA_NXZ
?IsValid@SysFile@Scaleform@@UEAA_NXZ
?LGetLength@BufferedFile@Scaleform@@UEAA_JXZ
?LSeek@BufferedFile@Scaleform@@UEAA_J_JH@Z
?LTell@BufferedFile@Scaleform@@UEAA_JXZ
?LoadBuffer@BufferedFile@Scaleform@@IEAAXXZ
?MSleep@Thread@Scaleform@@SA_NI@Z
?MultiplyMatrix@?$Matrix3x4@M@Render@Scaleform@@QEAAXAEBV123@0@Z
?MultiplyMatrix@?$Matrix3x4@M@Render@Scaleform@@QEAAXAEBV123@AEBV?$Matrix2x4@M@23@@Z
?MultiplyMatrix@?$Matrix3x4@M@Render@Scaleform@@QEAAXAEBV?$Matrix2x4@M@23@AEBV123@@Z
?MultiplyMatrix@?$Matrix4x4@M@Render@Scaleform@@QEAAXAEBV123@0@Z
?MultiplyMatrix@?$Matrix4x4@M@Render@Scaleform@@QEAAXAEBV123@AEBV?$Matrix2x4@M@23@@Z
?MultiplyMatrix@?$Matrix4x4@M@Render@Scaleform@@QEAAXAEBV123@AEBV?$Matrix3x4@M@23@@Z
?MultiplyMatrix@?$Matrix4x4@M@Render@Scaleform@@QEAAXAEBV?$Matrix2x4@M@23@AEBV123@@Z
?MultiplyMatrix@?$Matrix4x4@M@Render@Scaleform@@QEAAXAEBV?$Matrix3x4@M@23@AEBV123@@Z
?MultiplyMatrix@?$Matrix4x4@N@Render@Scaleform@@QEAAXAEBV123@0@Z
?MultiplyMatrix_NonOpt@?$Matrix4x4@N@Render@Scaleform@@QEAAXAEBV123@0@Z
?Notify@WaitCondition@Scaleform@@QEAAXXZ
?NotifyAll@WaitCondition@Scaleform@@QEAAXXZ
?ObtainSemaphore@Semaphore@Scaleform@@QEAA_NHI@Z
?OnExit@Thread@Scaleform@@UEAAXXZ
?Open@SysFile@Scaleform@@QEAA_NAEBVString@2@HH@Z
?OrthoOffCenterLH@?$Matrix4x4@M@Render@Scaleform@@QEAAXMMMMMM@Z
?OrthoOffCenterRH@?$Matrix4x4@M@Render@Scaleform@@QEAAXMMMMMM@Z
?PerspectiveOffCenterLH@?$Matrix4x4@M@Render@Scaleform@@QEAAXMMMMMMM@Z
?PerspectiveOffCenterRH@?$Matrix4x4@M@Render@Scaleform@@QEAAXMMMMMMM@Z
?Prepend@?$Matrix2x4@M@Render@Scaleform@@QEAAAEAV123@AEBV123@@Z
?PulseEvent@Event@Scaleform@@QEAAXXZ
?Read@BufferedFile@Scaleform@@UEAAHPEAEH@Z
?Release@HandlerArray@Waitable@Scaleform@@QEAAXXZ
?Release@RefCountImpl@Scaleform@@QEAAXXZ
?Release@RefCountNTSImpl@Scaleform@@QEBAXXZ
?ReleaseSemaphore@Semaphore@Scaleform@@QEAA_NH@Z
?RemoveWaitHandler@Waitable@Scaleform@@QEAA_NP6AXPEAX@Z0@Z
?ResetEvent@Event@Scaleform@@QEAAXXZ
?Resume@Thread@Scaleform@@QEAA_NXZ
?Run@Thread@Scaleform@@UEAAHXZ
?Seek@BufferedFile@Scaleform@@UEAAHHH@Z
?SetBufferMode@BufferedFile@Scaleform@@IEAA_NW4BufferModeType@12@@Z
?SetEvent@Event@Scaleform@@QEAAXXZ
?SetExitFlag@Thread@Scaleform@@QEAAX_N@Z
?SetHSI@Color@Render@Scaleform@@QEAAXHHH@Z
?SetHSI@Color@Render@Scaleform@@QEAAXMMM@Z
?SetHSV@Color@Render@Scaleform@@QEAAXHHH@Z
?SetHSV@Color@Render@Scaleform@@QEAAXMMM@Z
?SetIdentity@?$Matrix2x4@M@Render@Scaleform@@QEAAXXZ
?SetIdentity@?$Matrix2x4@N@Render@Scaleform@@QEAAXXZ
?SetIdentity@?$Matrix3x4@M@Render@Scaleform@@QEAAXXZ
?SetIdentity@?$Matrix4x4@M@Render@Scaleform@@QEAAXXZ
?SetIdentity@?$Matrix4x4@N@Render@Scaleform@@QEAAXXZ
?SetInverse@?$Matrix2x4@M@Render@Scaleform@@QEAAXAEBV123@@Z
?SetInverse@?$Matrix2x4@N@Render@Scaleform@@QEAAXAEBV123@@Z
?SetLerp@?$Matrix2x4@M@Render@Scaleform@@QEAAXAEBV123@0M@Z
?SetZero@?$Matrix2x4@M@Render@Scaleform@@QEAAXXZ
?SkipBytes@BufferedFile@Scaleform@@UEAAHH@Z
?Sleep@Thread@Scaleform@@SA_NI@Z
?Start@Thread@Scaleform@@UEAA_NW4ThreadState@12@@Z
?Suspend@Thread@Scaleform@@QEAA_NXZ
?Tell@BufferedFile@Scaleform@@UEAAHXZ
?Transform@?$Matrix2x4@M@Render@Scaleform@@QEBAXPEAV?$Point@M@23@AEBV423@@Z
?Transform@?$Matrix3x4@M@Render@Scaleform@@QEBA?AV?$Point@M@23@AEBV423@@Z
?Transform@?$Matrix3x4@M@Render@Scaleform@@QEBAXPEAV?$Point@M@23@AEBV423@@Z
?TransformByInverse@?$Matrix2x4@M@Render@Scaleform@@QEBAXPEAV?$Point@M@23@AEBV423@@Z
?Transpose@?$Matrix4x4@M@Render@Scaleform@@QEAAXXZ
?Transpose@?$Matrix4x4@N@Render@Scaleform@@QEAAXXZ
?TryAcquire@AcquireInterface@Scaleform@@UEAA_NXZ
?TryAcquire@Event@Scaleform@@UEAA_NXZ
?TryAcquire@Mutex@Scaleform@@UEAA_NXZ
?TryAcquire@Semaphore@Scaleform@@UEAA_NXZ
?TryAcquireCancel@AcquireInterface@Scaleform@@UEAA_NXZ
?TryAcquireCancel@Event@Scaleform@@UEAA_NXZ
?TryAcquireCancel@Mutex@Scaleform@@UEAA_NXZ
?TryAcquireCancel@Semaphore@Scaleform@@UEAA_NXZ
?TryAcquireCommit@AcquireInterface@Scaleform@@UEAA_NXZ
?TryAcquireCommit@Event@Scaleform@@UEAA_NXZ
?TryAcquireCommit@Mutex@Scaleform@@UEAA_NXZ
?TryAcquireCommit@Semaphore@Scaleform@@UEAA_NXZ
?TryLock@Mutex@Scaleform@@QEAA_NXZ
?Unlock@Mutex@Scaleform@@QEAAXXZ
?View@?$Matrix3x4@M@Render@Scaleform@@QEAAXAEBV?$Point3@M@23@00@Z
?View@?$Matrix3x4@N@Render@Scaleform@@QEAAXAEBV?$Point3@N@23@00@Z
?View@?$Matrix4x4@N@Render@Scaleform@@QEAAXAEBV?$Point3@N@23@00@Z
?ViewLH@?$Matrix3x4@M@Render@Scaleform@@QEAAXAEBV?$Point3@M@23@00@Z
?ViewRH@?$Matrix3x4@M@Render@Scaleform@@QEAAXAEBV?$Point3@M@23@00@Z
?ViewRH@?$Matrix4x4@N@Render@Scaleform@@QEAAXAEBV?$Point3@N@23@00@Z
?Wait@Event@Scaleform@@QEAA_NI@Z
?Wait@WaitCondition@Scaleform@@QEAA_NPEAVMutex@2@I@Z
?Wait@Waitable@Scaleform@@QEAA_NI@Z
?Write@BufferedFile@Scaleform@@UEAAHPEBEH@Z
?antlr3TokenStreamNew@@YAPEAUANTLR3_TOKEN_STREAM_struct@@XZ
ANTLR3_TREE_ADAPTORDebugNew
ANTLR3_TREE_ADAPTORNew
UELLexerNew
UELLexerNewSSD
UELParserNew
UELParserNewSSD
antlr3ArboretumNew
antlr3BaseRecognizerNew
antlr3BaseTreeAdaptorInit
antlr3BaseTreeNew
antlr3BitsetCopy
antlr3BitsetList
antlr3BitsetLoad
antlr3BitsetNew
antlr3BitsetOf
antlr3BitsetSetAPI
antlr3CommonTokenDebugStreamSourceNew
antlr3CommonTokenNew
antlr3CommonTokenStreamNew
antlr3CommonTokenStreamSourceNew
antlr3CommonTreeNew
antlr3CommonTreeNewFromToken
antlr3CommonTreeNodeStreamNew
antlr3CommonTreeNodeStreamNewStream
antlr3CommonTreeNodeStreamNewTree
antlr3DebugListenerNew
antlr3EnumNew
antlr3ExceptionNew
antlr3Fclose
antlr3FileStreamNew
antlr3Fopen
antlr3Fread
antlr3Fsize
antlr3Hash
antlr3HashTableNew
antlr3IntStreamNew
antlr3IntTrieNew
antlr3LexerNew
antlr3LexerNewStream
antlr3ListNew
antlr3MTExceptionNew
antlr3MTNExceptionNew
antlr3ParserNew
antlr3ParserNewStream
antlr3ParserNewStreamDbg
antlr3RecognitionExceptionNew
antlr3RewriteRuleNODEStreamNewAE
antlr3RewriteRuleNODEStreamNewAEE
antlr3RewriteRuleNODEStreamNewAEV
antlr3RewriteRuleSubtreeStreamNewAE
antlr3RewriteRuleSubtreeStreamNewAEE
antlr3RewriteRuleSubtreeStreamNewAEV
antlr3RewriteRuleTOKENStreamNewAE
antlr3RewriteRuleTOKENStreamNewAEE
antlr3RewriteRuleTOKENStreamNewAEV
antlr3SetCTAPI
antlr3SetTokenAPI
antlr3SetVectorApi
antlr3StackNew
antlr3StringFactoryNew
antlr3StringStreamNew
antlr3TokenFactoryNew
antlr3TopoNew
antlr3TreeNodeStreamNew
antlr3TreeParserNewStream
antlr3VectorFactoryNew
antlr3VectorNew
antlr3c8toAntlrc
antlr3dfapredict
antlr3dfaspecialStateTransition
antlr3dfaspecialTransition
antlr3read8Bit
fillBufferExt

Sections

.text
Size: 22.2MB - Virtual size: 22.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10.0MB - Virtual size: 10.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.0MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 117B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 647KB - Virtual size: 646KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 504KB - Virtual size: 503KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

282202eace67253cc25c6301ed28447b

Headers

DLL Characteristics

File Characteristics

Imports

winhttp

libcurl

advapi32

kernel32

gdi32

ole32

oleaut32

psapi

secur32

shlwapi

user32

winmm

wsock32

iphlpapi

msacm32

d3d11

d3dcompiler_46

dinput8

dxgi

xinput9_1_0

wininet

steam_api64

twitchsdk_64_release

bink2w64

crypt32

Exports

Exports

Sections

.text Size: 22.2MB - Virtual size: 22.2MB

.rdata Size: 10.0MB - Virtual size: 10.0MB

.data Size: 1.0MB - Virtual size: 4.7MB

.pdata Size: 1.4MB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 117B

_RDATA Size: 33KB - Virtual size: 32KB

.rsrc Size: 647KB - Virtual size: 646KB

.reloc Size: 504KB - Virtual size: 503KB

.text
Size: 22.2MB - Virtual size: 22.2MB

.rdata
Size: 10.0MB - Virtual size: 10.0MB

.data
Size: 1.0MB - Virtual size: 4.7MB

.pdata
Size: 1.4MB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 117B

_RDATA
Size: 33KB - Virtual size: 32KB

.rsrc
Size: 647KB - Virtual size: 646KB

.reloc
Size: 504KB - Virtual size: 503KB