34ba0a2af10125edcd946d31a3bfd839578796c9b275346650b8d9a5aa6cb879

Sharing

Copy URL

Twitter E-mail

General

Target

34ba0a2af10125edcd946d31a3bfd839578796c9b275346650b8d9a5aa6cb879
Size

10.3MB
MD5

7352c70f91a0750a100428f144f516f0
SHA1

c477aa49ce621762a7757ed38a6eb7091274e78d
SHA256

34ba0a2af10125edcd946d31a3bfd839578796c9b275346650b8d9a5aa6cb879
SHA512

d7b130052d39b6b4d8221c3da6437cb5ff19ae8cc50f9dd2dc7f2e18576328533315871e40e44ff96e89b1dbde8d5bf0a6fcb20b55a5eb2d0e359e8c9eead5dc
SSDEEP

196608:/J6BeMfGcHVUlELsmzY6ivSNxqVbyp9xmeRbIIb6gYr4XPSIOEJtMulYSL8DFgZ/:BlMrHVUNmzY6nXqJyvxmKj5tpd8TIaH8

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Tactics Ogre Reborn.exe
unpack001/ʼϷ.exe

Files

34ba0a2af10125edcd946d31a3bfd839578796c9b275346650b8d9a5aa6cb879
.zip
Tactics Ogre Reborn.exe
.exe windows:6 windows x64 arch:x64

56251915f52bf09e321c19cec456afe2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

imm32

ImmGetContext
ImmReleaseContext
ImmCreateContext
ImmGetOpenStatus
ImmAssociateContext
ImmSetOpenStatus

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
CM_Get_DevNode_Status
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

hid

HidD_GetPreparsedData
HidD_SetFeature
HidD_GetHidGuid
HidD_GetManufacturerString
HidD_GetProductString
HidD_GetSerialNumberString
HidD_FreePreparsedData
HidP_GetValueCaps
HidD_GetAttributes
HidP_GetCaps
HidD_GetFeature

xinput9_1_0

XInputGetState
XInputSetState

dbghelp

MiniDumpWriteDump
MakeSureDirectoryPathExists

winmm

timeEndPeriod
timeGetTime
timeBeginPeriod
timeGetDevCaps

dinput8

DirectInput8Create

d3d11

D3D11CreateDevice

d3dcompiler_47

D3DReflect

dxgi

CreateDXGIFactory

kernel32

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
SetThreadPriority
GetCurrentThread
GetSystemInfo
IsDebuggerPresent
CreateDirectoryW
FindFirstFileW
FindNextFileW
GetCurrentProcess
GetModuleFileNameW
GetUserDefaultUILanguage
GetTempPathW
FindClose
CreateFileW
GetCurrentThreadId
GetLocalTime
GetCurrentProcessId
GetLastError
OutputDebugStringA
CreateMutexA
WaitForSingleObject
ReleaseMutex
CloseHandle
CreateEventA
SetProcessAffinityMask
ResumeThread
GetExitCodeThread
Sleep
CreateThread
SwitchToThread
GetProcessAffinityMask
QueryPerformanceFrequency
QueryPerformanceCounter
SetEvent
ResetEvent
TlsSetValue
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
lstrlenA
lstrcmpA
LoadLibraryA
GetProcAddress
DeleteCriticalSection
lstrcpynA
FreeLibrary
TlsGetValue
FormatMessageA
FlushFileBuffers
MultiByteToWideChar
WideCharToMultiByte
CreateFileA
GetTickCount
TryEnterCriticalSection
DeleteFiber
RaiseException
InitializeCriticalSectionEx
GetModuleHandleW
IsBadWritePtr
CreateEventW
ReadFile
GetFileSizeEx
WriteFile
SetFileAttributesW
DeleteFileW
MoveFileExW
GetFileTime
LocalFree
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
GetOverlappedResult
CancelIo
GetOverlappedResultEx
ReleaseSemaphore
CreateSemaphoreW
TerminateThread
ConvertFiberToThread
ConvertThreadToFiber
SwitchToFiber
CreateFiber
CreateSemaphoreA
WaitForMultipleObjectsEx

user32

LoadImageA
RegisterTouchWindow
LoadCursorA
DestroyWindow
PostMessageA
CharNextA
GetKeyboardLayoutNameA
RegisterDeviceNotificationA
GetTouchInputInfo
CloseTouchInputHandle
wsprintfW
GetCursorPos
PtInRect
ScreenToClient
GetKeyboardLayout
GetKeyboardType
ShowCursor
MessageBoxW
GetClassNameA
SwapMouseButton
ReleaseDC
IsZoomed
SendMessageA
GetMonitorInfoA
SetWindowPlacement
SetWindowLongA
GetWindowInfo
ShowWindow
ClipCursor
SetCursor
SetCursorPos
keybd_event
GetAsyncKeyState
MapWindowPoints
SetFocus
DefWindowProcW
PostMessageW
IsWindowVisible
CreateWindowExW
UnregisterClassW
DispatchMessageW
PeekMessageW
RegisterClassW
AdjustWindowRect
LoadCursorW
SetRect
SetWindowTextA
IsWindow
IsMenu
CallWindowProcA
WindowFromDC
GetForegroundWindow
RegisterClassA
DefWindowProcA
DestroyMenu
CreateWindowExA
IntersectRect
GetUpdateRect
TranslateMessage
GetClassInfoA
SystemParametersInfoA
GetClientRect
GetDlgItem
PostQuitMessage
GetParent
SetWindowLongPtrA
BeginPaint
EndPaint
MessageBoxA
AdjustWindowRectEx
EnumDisplayDevicesA
GetWindowRect
GetDC
SetWindowPos
MonitorFromRect
MonitorFromWindow
EnumDisplayMonitors
GetSystemMetrics
GetWindowPlacement
ClientToScreen

gdi32

GetDeviceCaps
SaveDC
DeleteDC
RestoreDC
GetStockObject

shell32

SHGetKnownFolderPath
SHCreateDirectoryExW
ExtractIconW

ole32

CoInitializeEx
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoTaskMemFree
PropVariantClear
CoInitialize

oleaut32

SysFreeString
SysAllocString
VariantClear

msvcp140

_Thrd_join
_Cnd_init
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Throw_Cpp_error@std@@YAXH@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
_Xtime_get_ticks
_Cnd_broadcast
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
_Cnd_destroy_in_situ
_Cnd_wait
_Cnd_init_in_situ
_Cnd_signal
_Mtx_unlock
_Mtx_init_in_situ
_Mtx_lock
_Mtx_destroy_in_situ
?_Throw_C_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Cnd_destroy
_Thrd_sleep
_Mtx_init
_Thrd_start
_Thrd_id
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
_Mtx_destroy
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Xout_of_range@std@@YAXPEBD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ

shlwapi

PathIsDirectoryW
PathRemoveFileSpecW

vcruntime140

__RTDynamicCast
_CxxThrowException
wcschr
memcmp
memchr
memset
memmove
memcpy
longjmp
__intrinsic_setjmp
strrchr
strchr
__std_exception_copy
__std_exception_destroy
strstr
__std_terminate
_purecall
__C_specific_handler
__CxxFrameHandler3
wcsstr

api-ms-win-crt-heap-l1-1-0

calloc
malloc
free
realloc
_set_new_mode

api-ms-win-crt-stdio-l1-1-0

_get_osfhandle
_fwrite_nolock
_fclose_nolock
_fileno
_fread_nolock
feof
_ftell_nolock
_fflush_nolock
__acrt_iob_func
__stdio_common_vfprintf
fread
fseek
__stdio_common_vswscanf
ftell
__stdio_common_vsprintf_s
_set_fmode
__stdio_common_vswprintf_s
__stdio_common_vsnprintf_s
fopen
__stdio_common_vsscanf
__stdio_common_vswprintf
_fseek_nolock
fclose
fgets
__stdio_common_vsprintf
_fsopen
__p__commode

api-ms-win-crt-convert-l1-1-0

wcstol
atof
strtol
atoi

api-ms-win-crt-runtime-l1-1-0

exit
_invalid_parameter_noinfo_noreturn
terminate
quick_exit
_c_exit
_initialize_onexit_table
_exit
_register_onexit_function
_initterm_e
_initterm
_crt_atexit
_get_wide_winmain_command_line
_register_thread_local_exe_atexit_callback
_beginthreadex
_cexit
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_get_errno
_invalid_parameter_noinfo
_beginthread
_get_doserrno
_endthread
_seh_filter_exe
_errno

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath_s
_rmdir
remove
_access
rename
_stat64i32
_wremove

api-ms-win-crt-string-l1-1-0

tolower
wcscpy_s
strncpy
toupper
strncmp
strcpy_s
iswcntrl
memcpy_s
strcmp
strncpy_s
wcsncpy_s
strncat
strnlen
wcscat_s
isspace
isdigit

api-ms-win-crt-multibyte-l1-1-0

_mbschr

api-ms-win-crt-utility-l1-1-0

rand
srand
qsort

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

fmodf
asinf
_finite
_isnan
logf
modff
ldexp
atan
__setusermatherr
ceil
cos
exp
log10f
floorf
expf
floor
roundf
powf
sin
sinf
tanf
acosf
sqrt
cosf
log
truncf
acos
atan2f
sqrtf
ceilf
pow

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

steam_api64

SteamAPI_UnregisterCallback
SteamAPI_RegisterCallback
SteamAPI_Shutdown
SteamAPI_Init
SteamAPI_RestartAppIfNecessary
SteamAPI_RunCallbacks
SteamAPI_GetHSteamUser
SteamInternal_ContextInit
SteamInternal_FindOrCreateUserInterface

Exports

Exports

AmdPowerXpressRequestHighPerformance
LZ4_compress
LZ4_compressBound
LZ4_compress_continue
LZ4_compress_default
LZ4_compress_destSize
LZ4_compress_fast
LZ4_compress_fast_continue
LZ4_compress_fast_extState
LZ4_compress_limitedOutput
LZ4_compress_limitedOutput_continue
LZ4_compress_limitedOutput_withState
LZ4_compress_withState
LZ4_create
LZ4_createStream
LZ4_createStreamDecode
LZ4_decoderRingBufferSize
LZ4_decompress_fast
LZ4_decompress_fast_continue
LZ4_decompress_fast_usingDict
LZ4_decompress_fast_withPrefix64k
LZ4_decompress_safe
LZ4_decompress_safe_continue
LZ4_decompress_safe_partial
LZ4_decompress_safe_usingDict
LZ4_decompress_safe_withPrefix64k
LZ4_freeStream
LZ4_freeStreamDecode
LZ4_initStream
LZ4_loadDict
LZ4_resetStream
LZ4_resetStreamState
LZ4_resetStream_fast
LZ4_saveDict
LZ4_setStreamDecode
LZ4_sizeofState
LZ4_sizeofStreamState
LZ4_slideInputBuffer
LZ4_uncompress
LZ4_uncompress_unknownOutputSize
LZ4_versionNumber
LZ4_versionString
NvOptimusEnablement

Sections

.text
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 290KB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 302KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ʼϷ.exe
.exe windows:5 windows x86 arch:x86

cb5b427f5ad0c7c3a7316b8eeeb56086

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileW
CreateFileA
WriteFile
SetFilePointer
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
CreateDirectoryW
SetFilePointerEx
GetFileSizeEx
SetFileAttributesW
GetModuleHandleW
VirtualAllocEx
VirtualFreeEx
VirtualProtectEx
VirtualQueryEx
ReadProcessMemory
WriteProcessMemory
LoadLibraryW
IsBadReadPtr
GetCurrentThreadId
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetTempPathW
GetFullPathNameW
GetCommandLineW
GetModuleFileNameW
GetCurrentDirectoryW
GetDiskFreeSpaceExW
CopyFileW
MoveFileExW
DeleteFileW
RemoveDirectoryW
CreateProcessW
OpenProcess
GetModuleHandleExW
GetExitCodeProcess
ExitProcess
GetCurrentProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
CreateMutexW
SetEnvironmentVariableW
GetEnvironmentVariableW
GetUserDefaultLCID
GetSystemDefaultLCID
GetCurrentProcessId
CreateEventW
OpenEventW
SetEvent
SignalObjectAndWait
ResetEvent
TerminateThread
SuspendThread
ResumeThread
OpenFileMappingW
OutputDebugStringW
lstrcmpiA
lstrcmpiW
EndUpdateResourceW
UpdateResourceW
BeginUpdateResourceW
CreateThread
GetProcessId
WideCharToMultiByte
QueryDosDeviceW
GetLogicalDriveStringsW
GlobalUnlock
GlobalLock
MultiByteToWideChar
OutputDebugStringA
FindClose
HeapAlloc
FindFirstFileW
lstrcmpA
GlobalMemoryStatusEx
GetSystemInfo
GetNativeSystemInfo
GetVersionExW
GetACP
GetModuleHandleA
LockResource
LoadResource
SizeofResource
FindResourceW
LoadLibraryExW
GetModuleFileNameA
LocalFree
SetEnvironmentVariableA
CompareStringW
GetDriveTypeW
GetTimeZoneInformation
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
SetEndOfFile
GetStringTypeW
FlushFileBuffers
GetFullPathNameA
GetConsoleMode
GetConsoleCP
SetStdHandle
IsValidCodePage
GetOEMCP
InitializeCriticalSectionAndSpinCount
SetHandleCount
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetLocaleInfoW
IsProcessorFeaturePresent
GetCPInfo
LCMapStringW
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetFileAttributesW
FindFirstFileExA
GetDriveTypeA
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
HeapReAlloc
ExitThread
GetSystemTimeAsFileTime
WriteConsoleW
RaiseException
RtlUnwind
DecodePointer
GetProcessHeap
HeapFree
IsBadWritePtr
SleepEx
VirtualFree
VirtualProtect
VirtualAlloc
GetTickCount
LoadLibraryA
GetProcAddress
FreeLibrary
GetStdHandle
GetFileType
WaitForMultipleObjects
PeekNamedPipe
ReadFile
FormatMessageW
Sleep
SetLastError
EnterCriticalSection
LeaveCriticalSection
EncodePointer
InitializeCriticalSection
DeleteCriticalSection
ExpandEnvironmentStringsW
WaitForSingleObject
CloseHandle
GetLastError
FindNextFileW

user32

GetDC
GetWindowRect
GetClientRect
PostMessageW
GetCursorPos
GetSystemMetrics
FindWindowW
GetForegroundWindow
LoadImageW
LoadIconW
DestroyIcon
EnumDisplaySettingsW
EnumDisplayDevicesW
keybd_event
ReleaseCapture
SwitchToThisWindow
SetForegroundWindow
SetWindowPos
AttachThreadInput
GetWindowThreadProcessId
wsprintfW
ExitWindowsEx
GetDesktopWindow
UpdateLayeredWindow
SendMessageW
GetParent
ShowWindow
GetWindow
GetAncestor
MoveWindow
SetWindowTextW
GetWindowLongW
SetWindowLongW
IsZoomed
IsIconic
SetFocus
SetCapture
DestroyWindow
DefWindowProcW
SetTimer
CreateWindowExW
CloseClipboard
GetClipboardData
OpenClipboard
ScreenToClient
EndPaint
BeginPaint
ReleaseDC
GetMonitorInfoW
EnumDisplayMonitors
UnregisterClassW
PostQuitMessage
DispatchMessageW
TranslateMessage
PeekMessageW
RegisterClassExW

gdi32

SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteObject
DeleteDC
BitBlt

comdlg32

GetSaveFileNameW
ChooseFontW
GetOpenFileNameW

advapi32

RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW
RegQueryInfoKeyW
RegCreateKeyExW

shell32

Shell_NotifyIconW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteExW
SHBrowseForFolderW
DragFinish
DragQueryFileW
DragAcceptFiles
ExtractIconW
SHFileOperationW
ExtractIconExW
ShellExecuteA
ShellExecuteW

ole32

CoInitializeEx
OleUninitialize
OleInitialize
StgCreateDocfile
OleCreate
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize

oleaut32

SysAllocString
SysFreeString
VariantChangeType
VariantClear
VariantCopy
VariantInit

imm32

ImmSetCandidateWindow
ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

shlwapi

SHDeleteKeyW

winmm

PlaySoundW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

WSAGetLastError
closesocket
connect
setsockopt
getpeername
getsockopt
htons
ntohs
bind
getsockname
recvfrom
sendto
send
select
__WSAFDIsSet
ioctlsocket
listen
accept
WSAStartup
WSACleanup
gethostname
getaddrinfo
freeaddrinfo
WSASetLastError
recv
socket

wldap32

ord127
ord147
ord167
ord79
ord301
ord41
ord142
ord27
ord133
ord26
ord118
ord14
ord145
ord216
ord208
ord46

dinput8

DirectInput8Create

psapi

GetProcessImageFileNameW
GetModuleFileNameExW
GetModuleBaseNameW

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiGetClassImageList
SetupDiGetClassImageIndex
SetupDiDestroyClassImageList
SetupDiGetClassDevsW
SetupDiGetClassDescriptionW

Exports

Exports

FormAdd
curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_version
curl_version_info

Sections

.text
Size: 559KB - Virtual size: 559KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56251915f52bf09e321c19cec456afe2

Headers

DLL Characteristics

File Characteristics

Imports

imm32

setupapi

hid

xinput9_1_0

dbghelp

winmm

dinput8

d3d11

d3dcompiler_47

dxgi

kernel32

user32

gdi32

shell32

ole32

oleaut32

msvcp140

shlwapi

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

steam_api64

Exports

Exports

Sections

.text Size: 6.3MB - Virtual size: 6.3MB

.rdata Size: 6.2MB - Virtual size: 6.2MB

.data Size: 290KB - Virtual size: 3.4MB

.pdata Size: 302KB - Virtual size: 301KB

_RDATA Size: 5KB - Virtual size: 4KB

.rsrc Size: 320KB - Virtual size: 320KB

.reloc Size: 43KB - Virtual size: 43KB

cb5b427f5ad0c7c3a7316b8eeeb56086

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

imm32

shlwapi

winmm

version

ws2_32

wldap32

dinput8

psapi

setupapi

Exports

Exports

Sections

.text Size: 559KB - Virtual size: 559KB

.rdata Size: 94KB - Virtual size: 94KB

.data Size: 8KB - Virtual size: 21KB

.rsrc Size: 5.7MB - Virtual size: 5.7MB

.text
Size: 6.3MB - Virtual size: 6.3MB

.rdata
Size: 6.2MB - Virtual size: 6.2MB

.data
Size: 290KB - Virtual size: 3.4MB

.pdata
Size: 302KB - Virtual size: 301KB

_RDATA
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 320KB - Virtual size: 320KB

.reloc
Size: 43KB - Virtual size: 43KB

.text
Size: 559KB - Virtual size: 559KB

.rdata
Size: 94KB - Virtual size: 94KB

.data
Size: 8KB - Virtual size: 21KB

.rsrc
Size: 5.7MB - Virtual size: 5.7MB

.reloc
Size: 39KB - Virtual size: 39KB