GAME[.]exe | Triage

Resubmissions

19-01-2024 16:06

240119-tkk93saaa2 3

Sharing

Copy URL

Twitter E-mail

General

Target

GAME.exe
Size

17.3MB
MD5

bef354b738bca1c04843f2e9c3be3b0f
SHA1

071da1dc84b87c643b9a88052c28d72c37c8da7b
SHA256

7b33201b2c440fc4fbfc5454a805fb6c7590823108e030cf81e51917913f308a
SHA512

e319f18b0f9df3a37bc473a48e0e5ba726f81dcac72d4b62a13444fc9c4a63c2bae142fed485b0d3329af7eac3289c2ada9ed48c5c57bf2b5bee93646f5c762b
SSDEEP

393216:bJxaSv2KRErV/sp+bwTMuzcTs+er3NW3O4uDKzhTqIHqxVhop/da03KgVq1OW:K4oDKyq1r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
GAME.exe

Files

GAME.exe
.exe windows:5 windows x86 arch:x86

fe4592683c1521ad3cfa6cf32a7a418a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

hid

HidD_GetPreparsedData
HidD_GetProductString
HidD_GetManufacturerString
HidD_GetSerialNumberString
HidD_GetIndexedString
HidP_GetButtonCaps
HidP_GetValueCaps
HidP_GetCaps
HidD_FreePreparsedData
HidP_GetData
HidP_MaxDataListLength
HidD_GetHidGuid

kernel32

InterlockedIncrement
InterlockedDecrement
GetFullPathNameW
GetCurrentProcessId
GetCurrentProcess
GetCurrentThread
GetWindowsDirectoryW
FormatMessageA
SystemTimeToFileTime
GetLocalTime
GetTimeZoneInformation
LocalFree
GetSystemInfo
CreateFileW
InitializeCriticalSection
ResetEvent
GetTickCount
ReadFile
SetFilePointerEx
WriteFile
SetEndOfFile
GetFileAttributesExW
SetFileAttributesW
GetFileAttributesW
MoveFileExW
FindClose
FindNextFileW
FindFirstFileW
FindFirstFileExW
SetFilePointer
ReplaceFileW
GetTempFileNameW
LoadLibraryExW
CreateEventW
GlobalUnlock
GlobalLock
GlobalAlloc
RemoveDirectoryW
SetFileTime
GetSystemTime
GetDiskFreeSpaceExA
GetModuleFileNameW
lstrcpynA
lstrcpyA
lstrcpynW
GetCommandLineW
ExpandEnvironmentStringsW
ResumeThread
GetThreadContext
SuspendThread
OutputDebugStringA
GetEnvironmentVariableA
GetFileAttributesA
GetModuleFileNameA
GetVersionExA
GetCurrentDirectoryA
VerifyVersionInfoW
VerSetConditionMask
GetVersionExW
GetSystemPowerStatus
GlobalMemoryStatusEx
GetUserDefaultUILanguage
GetComputerNameW
GetTempPathW
LocalAlloc
SetUnhandledExceptionFilter
OpenEventW
DebugBreak
GetCurrentDirectoryW
GetOverlappedResult
CancelIo
GetFileSize
FileTimeToDosDateTime
FileTimeToLocalFileTime
lstrlenA
GetFileTime
VirtualQuery
GlobalMemoryStatus
RaiseException
DecodePointer
EncodePointer
HeapFree
HeapReAlloc
HeapAlloc
RtlUnwind
HeapQueryInformation
GetModuleHandleA
GetCurrentThreadId
ExitProcess
SetConsoleCtrlHandler
ExitThread
GetCommandLineA
HeapSetInformation
GetStartupInfoW
FileTimeToSystemTime
GetDriveTypeA
FindFirstFileExA
IsProcessorFeaturePresent
GetStdHandle
GetLocaleInfoW
UnhandledExceptionFilter
TerminateProcess
HeapCreate
SetHandleCount
GetFileType
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlushFileBuffers
SetStdHandle
InterlockedExchange
GetStringTypeW
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFullPathNameA
GetFileInformationByHandle
PeekNamedPipe
CreateFileA
WriteConsoleW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CompareStringW
SetEnvironmentVariableA
GetDriveTypeW
GetProcessHeap
GetProcessAffinityMask
InterlockedExchangeAdd
VirtualProtect
VirtualAlloc
VirtualFree
FlushConsoleInputBuffer
SwitchToThread
SetThreadAffinityMask
InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList
InterlockedFlushSList
OpenEventA
SetWaitableTimer
CreateWaitableTimerA
GetSystemDirectoryA
SetConsoleMode
ReadConsoleInputA
GetDateFormatA
GetTimeFormatA
CreateMutexW
FlushInstructionCache
CreateSemaphoreW
SignalObjectAndWait
VerifyVersionInfoA
ExpandEnvironmentStringsA
GetVersion
SleepEx
GetQueuedCompletionStatus
CreateIoCompletionPort
SetHandleInformation
FormatMessageW
GetSystemTimeAsFileTime
HeapSize
InitializeCriticalSectionAndSpinCount
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetThreadPriority
CreateThread
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
DuplicateHandle
CreateMutexA
ReleaseMutex
InterlockedCompareExchange
GetModuleHandleW
SetDllDirectoryW
CreateDirectoryW
WaitForSingleObject
WideCharToMultiByte
LoadLibraryA
SetEvent
IsDebuggerPresent
ReleaseSemaphore
WaitForSingleObjectEx
CreateSemaphoreA
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
DeleteFileW
CopyFileW
GetStartupInfoA
LoadLibraryW
GetProcAddress
FreeLibrary
CreateEventA
CloseHandle
Sleep
SetLastError
GetLastError
MultiByteToWideChar
QueryPerformanceFrequency
QueryPerformanceCounter
SetErrorMode

user32

SystemParametersInfoW
GetAsyncKeyState
ClientToScreen
RegisterRawInputDevices
GetMessageTime
MapVirtualKeyExA
GetMessagePos
GetRawInputData
LoadKeyboardLayoutA
GetKeyNameTextW
GetRawInputDeviceInfoW
GetRawInputDeviceList
wvsprintfA
GetWindowLongW
SetWindowLongW
PostQuitMessage
GetMonitorInfoA
SetFocus
GetFocus
ShowCursor
ReleaseDC
GetDC
SetWindowTextW
GetDlgItem
IsDlgButtonChecked
CopyImage
SetWindowLongA
KillTimer
GetMessageA
PeekMessageA
RegisterDeviceNotificationW
GetMessageExtraInfo
PtInRect
SetDlgItemTextW
DispatchMessageA
UnregisterDeviceNotification
ReleaseCapture
DestroyIcon
DestroyCursor
ChangeDisplaySettingsA
SetCursor
GetSystemMetrics
CreateIconIndirect
IsClipboardFormatAvailable
GetClipboardData
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
GetCursorPos
WindowFromPoint
IsWindowVisible
GetCaretBlinkTime
MessageBoxW
UpdateWindow
GetKeyState
LoadImageW
DialogBoxParamA
EndDialog
SetForegroundWindow
ScreenToClient
CheckDlgButton
GetAncestor
CreateDialogParamW
PeekMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
ValidateRect
GetParent
SetCapture
MonitorFromWindow
RegisterClassExW
DialogBoxParamW
LoadIconA
SendDlgItemMessageW
SetDlgItemTextA
MessageBoxA
CopyRect
OffsetRect
GetDesktopWindow
AdjustWindowRectEx
SetWindowPos
GetWindowPlacement
SetCursorPos
MsgWaitForMultipleObjects
GetProcessWindowStation
GetUserObjectInformationW
ClipCursor
GetWindowRect
SendMessageA
UnregisterClassW
DestroyWindow
DefWindowProcW
RegisterClassW
CreateWindowExW
EnumDisplayMonitors
EnumDisplaySettingsA
EnumDisplayDevicesA
GetClientRect
EnableWindow
SetTimer
ShowWindow
CreateDialogParamA
GetWindowLongA
GetThreadDesktop
GetUserObjectInformationA
EnumWindows
RegisterWindowMessageA
SendMessageTimeoutA
IsIconic
LoadCursorA
wsprintfA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA

ole32

PropVariantClear
CoCreateGuid
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoSetProxyBlanket
StringFromGUID2
CoInitialize

shlwapi

PathFileExistsW
SHDeleteKeyW
PathCanonicalizeW

advapi32

RegCloseKey
RegisterEventSourceA
ReportEventA
DeregisterEventSource
CryptImportKey
CryptVerifySignatureA
CryptDestroyKey
OpenProcessToken
GetTokenInformation
GetSidSubAuthority
GetUserNameA
RegOpenKeyExW
RegCreateKeyW
RegSetValueExA
RegQueryValueExA
RegDeleteValueA
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW

gdi32

CreateDIBSection
SwapBuffers
SetPixelFormat
ChoosePixelFormat
GetDeviceCaps
GetObjectA
DeleteObject
CreateBitmap

shell32

SHFileOperationW
SHGetFolderPathW
ShellExecuteW
CommandLineToArgvW

opengl32

wglGetCurrentContext
wglCreateContext
wglMakeCurrent
wglDeleteContext
wglGetProcAddress
wglGetCurrentDC

winmm

waveInGetNumDevs
timeGetTime
timeEndPeriod
waveOutGetNumDevs
waveOutGetDevCapsA
waveOutGetDevCapsW
waveOutClose
waveOutOpen
waveOutUnprepareHeader
waveOutWrite
waveOutReset
waveOutGetPosition
waveInAddBuffer
waveInPrepareHeader
waveInUnprepareHeader
waveInGetDevCapsA
waveInGetDevCapsW
waveInStart
waveInOpen
waveInClose
waveInReset
waveOutPrepareHeader
timeBeginPeriod

ws2_32

WSAEnumNetworkEvents
WSAResetEvent
WSAWaitForMultipleEvents
WSACloseEvent
WSAEventSelect
WSACreateEvent
WSASetEvent
WSACancelAsyncRequest
WSAAsyncGetHostByName
WSACleanup
ntohl
htonl
ntohs
htons
getpeername
getprotobyname
recv
gethostbyname
shutdown
listen
accept
WSARecvFrom
WSAIoctl
getnameinfo
getaddrinfo
recvfrom
sendto
send
gethostname
socket
connect
bind
inet_addr
WSAStartup
select
__WSAFDIsSet
inet_ntoa
getsockname
freeaddrinfo
WSASocketA
WSASetLastError
WSAGetLastError
setsockopt
ioctlsocket
getsockopt
closesocket

oleaut32

VariantClear
SysAllocString
SysFreeString
VariantChangeType
VariantInit

imm32

ImmReleaseContext
ImmSetOpenStatus
ImmGetConversionStatus
ImmGetCompositionStringW
ImmAssociateContextEx
ImmAssociateContext
ImmGetContext
ImmSetCompositionStringW

dnsapi

DnsQuery_A
DnsFree

iphlpapi

GetIpAddrTable

winhttp

WinHttpGetIEProxyConfigForCurrentUser

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 14.2MB - Virtual size: 14.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 257KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.trace
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data1
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 554KB - Virtual size: 553KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 581KB - Virtual size: 581KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

fe4592683c1521ad3cfa6cf32a7a418a

Headers

DLL Characteristics

File Characteristics

Imports

hid

kernel32

user32

version

ole32

shlwapi

advapi32

gdi32

shell32

opengl32

winmm

ws2_32

oleaut32

imm32

dnsapi

iphlpapi

winhttp

Exports

Exports

Sections

.text Size: 14.2MB - Virtual size: 14.2MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 257KB - Virtual size: 1.0MB

.rodata Size: 3KB - Virtual size: 2KB

.trace Size: 7KB - Virtual size: 6KB

.data1 Size: 512B - Virtual size: 64B

_RDATA Size: 1KB - Virtual size: 1KB

.rsrc Size: 554KB - Virtual size: 553KB

.reloc Size: 581KB - Virtual size: 581KB

.text
Size: 14.2MB - Virtual size: 14.2MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 257KB - Virtual size: 1.0MB

.rodata
Size: 3KB - Virtual size: 2KB

.trace
Size: 7KB - Virtual size: 6KB

.data1
Size: 512B - Virtual size: 64B

_RDATA
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 554KB - Virtual size: 553KB

.reloc
Size: 581KB - Virtual size: 581KB