TESTE-C[.]7z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

TESTE-C.7z
Size

33.1MB
MD5

a5da16e8196ae55fc0f31c78350554a6
SHA1

ae21be57c97739247103ff21df49f60be1616139
SHA256

6f416c542f30365b4f3ab0abdaedbfe964acdc3945dc2a89f4a0de4ed39987a8
SHA512

3debb9d43828485044bb3ea01cc55df65287d0856d4b65e6e3e3c8ed82e34aa1a8688c570d96c89c7c3c8ed6952b2929e37a9421da74710f378ce84f92e3f773
SSDEEP

786432:JOTD2ZkjkPKHHdcBlb6V2M4SfjJ7dY8RH0rwZVTAT:JesvP69ZvjJ59h0rwjTAT

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/enshrouded.org
unpack001/steamclient.dll
unpack001/steamclient64.dll
unpack001/steamclient_loader.exe
unpack001/winmm.dll

Files

TESTE-C.7z
.7z
ColdClientLoader.ini
StubDRM64.dll
.dll windows:6 windows x64 arch:x64

11715c84b2642faed91bb8a483d47e23

Code Sign

25:c1:c6:b7:e2:09:a5:55:65:3d:26:56:da:e6:23:3f:fe:6d:39:a3
Certificate

Issuer

CN=Ascertia Public CA 1,O=Ascertia,C=GB

Not Before

19/01/2020, 20:45

Not After

19/02/2020, 20:45

Subject

CN=OnlineFix,OU=OnlineFix,O=OnlineFix,L=OnlineFix,ST=OnlineFix,C=US,1.2.840.113549.1.9.1=#0c166f6e6c696e65666978406f6e6c696e656669782e6d65

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e6
Certificate

Issuer

CN=Ascertia Root CA 2,O=Ascertia,C=GB

Not Before

21/04/2009, 12:15

Not After

14/04/2028, 23:59

Subject

CN=Ascertia Public CA 1,O=Ascertia,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:48:a1:32:e9:17:05:ae:d8:07:92:63:93:03:a0:e5:6c:1e:ec:4d:36:0b:fd:8d:84:85:04:4c:a5:93:3d:34
Signer

Actual PE Digest

35:48:a1:32:e9:17:05:ae:d8:07:92:63:93:03:a0:e5:6c:1e:ec:4d:36:0b:fd:8d:84:85:04:4c:a5:93:3d:34

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtect
GetModuleHandleA
GetProcAddress
VirtualQuery
WriteConsoleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle

Exports

Exports

OnlineFix

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dlllist.txt
enshrouded.org
.exe windows:6 windows x64 arch:x64

57a93c581066edd469a2ee699218d201

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\keen\holistic_server\.run\code_builds\builds\holistic\7\holistic\games\game38\game38_client\build\win32_x64\master\enshrouded.pdb

Imports

kernel32

SetEvent
ResetEvent
CreateEventA
CreateEventW
GetCurrentProcess
SwitchToThread
CreateThread
GetCurrentThread
GetCurrentThreadId
OpenThread
SetThreadPriority
GetThreadPriorityBoost
GetThreadPriority
GetExitCodeThread
SuspendThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadStackLimits
GetThreadContext
SetThreadContext
GetCurrentProcessorNumber
SetThreadInformation
GetSystemCpuSetInformation
GetModuleFileNameA
GetModuleHandleA
LoadLibraryA
QueryProcessCycleTime
QueryIdleProcessorCycleTime
SetConsoleOutputCP
GlobalMemoryStatusEx
SetProcessAffinityMask
GetLocaleInfoA
GetSystemTime
GetTickCount64
GetEnvironmentVariableW
GetCurrentDirectoryW
CreateDirectoryW
CreateFileA
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
GetDiskFreeSpaceExA
GetFileAttributesW
GetFileInformationByHandle
GetLogicalDrives
GetTempFileNameW
ReadFileEx
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
TryEnterCriticalSection
SetFileTime
WriteFile
GetTempPathW
GetVolumeInformationA
SetHandleInformation
CreatePipe
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
DeviceIoControl
GetOverlappedResult
CancelIoEx
WaitForMultipleObjectsEx
GetProcessTimes
GetCurrentProcessId
ExitProcess
TerminateProcess
GetExitCodeProcess
CreateProcessW
SetPriorityClass
GetPriorityClass
GetProcessId
OpenProcess
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameW
LocalAlloc
LocalFree
GetProcessAffinityMask
QueryFullProcessImageNameA
CopyFileW
CreateHardLinkW
CreateNamedPipeA
ReadDirectoryChangesW
GetComputerNameW
SystemTimeToFileTime
K32EnumProcesses
K32EnumProcessModules
K32GetModuleInformation
K32GetProcessMemoryInfo
SetEnvironmentVariableA
GetFileSize
CreateFileMappingA
GlobalAlloc
GlobalUnlock
GlobalLock
SetThreadExecutionState
GetFileType
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
OutputDebugStringW
IsDebuggerPresent
VerifyVersionInfoW
VerSetConditionMask
GetTickCount
QueryPerformanceCounter
WaitForMultipleObjects
SetFilePointerEx
GetACP
IsValidCodePage
FindFirstFileExW
HeapQueryInformation
HeapSize
SetStdHandle
SetCurrentDirectoryW
GetStdHandle
LoadLibraryW
GetSystemDirectoryW
QueryPerformanceFrequency
FormatMessageW
SetLastError
MoveFileExW
GetEnvironmentVariableA
WaitForSingleObjectEx
FreeLibrary
WideCharToMultiByte
SleepEx
DeleteCriticalSection
InitializeCriticalSectionEx
ReadFile
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapAlloc
HeapFree
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetCommandLineW
GetCommandLineA
GetFileAttributesExW
SetConsoleCtrlHandler
GetTimeZoneInformation
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
InterlockedPushEntrySList
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
CompareStringEx
GetStringTypeW
CreateSymbolicLinkW
GetFileInformationByHandleEx
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolWork
RtlUnwind
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
GetSystemTimeAsFileTime
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
InitOnceExecuteOnce
InitializeSRWLock
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetFileInformationByHandle
LCMapStringEx
DecodePointer
EncodePointer
GetLocaleInfoEx
GetNativeSystemInfo
FormatMessageA
TryAcquireSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockShared
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetConsoleWindow
SetConsoleTitleA
WriteConsoleA
AllocConsole
FileTimeToSystemTime
lstrcmpA
LoadLibraryExW
GetModuleHandleExA
CreateProcessA
GetFullPathNameW
GetFileSizeEx
CreateFileW
MultiByteToWideChar
GetProcAddress
GetModuleHandleW
GetLastError
OutputDebugStringA
VirtualUnlock
VirtualLock
VirtualFree
VirtualProtect
VirtualAlloc
GetSystemInfo
Sleep
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateSemaphoreW
WaitForSingleObject
ReleaseSemaphore
CloseHandle
PeekNamedPipe
RaiseException

dbghelp

MiniDumpWriteDump

shell32

Shell_NotifyIconW
SHGetFolderPathW
ShellExecuteW

gdi32

SetPixel
SelectObject
GetPixel
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW

winmm

midiInOpen
midiInGetDevCapsW
timeEndPeriod
timeBeginPeriod
midiInClose
midiInStart

advapi32

RegOpenKeyExW
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
RegCloseKey
RegOpenKeyW
RegQueryValueExW
SystemFunction036

powrprof

PowerGetActiveScheme
PowerSetActiveScheme

ws2_32

ntohs
WSAGetLastError
closesocket
send
bind
gethostbyname
shutdown
ntohl
sendto
recvfrom
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSACleanup
WSAStartup
connect
select
__WSAFDIsSet
ioctlsocket
listen
accept
gethostname
freeaddrinfo
getaddrinfo
WSAIoctl
WSASetLastError
socket
setsockopt
recv
htonl
htons
getsockopt
getsockname
getpeername

user32

MessageBoxA
GetWindowThreadProcessId
LoadStringW
MessageBoxW
RegisterWindowMessageW
TrackMouseEvent
TranslateMessage
DispatchMessageW
PeekMessageW
SendMessageW
PostMessageW
DefWindowProcW
RegisterClassW
UnregisterClassW
IsWindow
GetRawInputDeviceList
RegisterRawInputDevices
GetRawInputDeviceInfoW
DestroyWindow
ShowWindow
FlashWindowEx
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BringWindowToTop
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
RegisterClipboardFormatW
EmptyClipboard
GetKeyNameTextW
MapVirtualKeyW
SetCapture
ReleaseCapture
SetTimer
KillTimer
GetRawInputData
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
MonitorFromRect
EnumDisplayDevicesW
EnumDisplaySettingsW
CreateIconIndirect
LoadIconW
LoadCursorW
LoadBitmapW
FindWindowExW
GetDesktopWindow
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
SetRect
ClipCursor
ScreenToClient
ClientToScreen
GetCaretBlinkTime
GetCursorPos
SetCursor
AdjustWindowRect
GetWindowRect
GetClientRect
InvalidateRect
ReleaseDC
GetDC
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
TrackPopupMenu
InsertMenuW
CreatePopupMenu
GetSystemMetrics
CreateWindowExW

dinput8

DirectInput8Create

oleaut32

SysFreeString
SysAllocString

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree
PropVariantClear
CoInitializeEx
CoSetProxyBlanket

steam_api64

SteamGameServer_GetHSteamUser
SteamInternal_FindOrCreateGameServerInterface
SteamInternal_SteamAPI_Init
SteamAPI_RegisterCallResult
SteamAPI_UnregisterCallResult
SteamAPI_RunCallbacks
SteamAPI_GetHSteamUser
SteamAPI_RegisterCallback
SteamInternal_FindOrCreateUserInterface
SteamInternal_ContextInit
SteamAPI_ReleaseCurrentThreadMemory
SteamAPI_Shutdown
SteamAPI_UnregisterCallback

comdlg32

CommDlgExtendedError
GetSaveFileNameW
GetOpenFileNameW

wldap32

ord26
ord117
ord41
ord208
ord27
ord216
ord14
ord46
ord219
ord145
ord127
ord167
ord142
ord79
ord133
ord147
ord301
ord73

crypt32

CertFreeCertificateChain
CertFindExtension
CertCreateCertificateChainEngine
CertAddCertificateContextToStore
CryptQueryObject
PFXImportCertStore
CryptStringToBinaryW
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertGetCertificateChain
CryptDecodeObjectEx
CertGetNameStringW
CertFreeCertificateChainEngine

Exports

Exports

AmdPowerXpressRequestHighPerformance
NVSDK_NGX_Parameter_GetD
NVSDK_NGX_Parameter_GetD3d11Resource
NVSDK_NGX_Parameter_GetD3d12Resource
NVSDK_NGX_Parameter_GetF
NVSDK_NGX_Parameter_GetI
NVSDK_NGX_Parameter_GetUI
NVSDK_NGX_Parameter_GetULL
NVSDK_NGX_Parameter_GetVoidPointer
NVSDK_NGX_Parameter_SetD
NVSDK_NGX_Parameter_SetD3d11Resource
NVSDK_NGX_Parameter_SetD3d12Resource
NVSDK_NGX_Parameter_SetF
NVSDK_NGX_Parameter_SetI
NVSDK_NGX_Parameter_SetUI
NVSDK_NGX_Parameter_SetULL
NVSDK_NGX_Parameter_SetVoidPointer
NVSDK_NGX_UpdateFeature
NVSDK_NGX_VULKAN_AllocateParameters
NVSDK_NGX_VULKAN_CreateFeature
NVSDK_NGX_VULKAN_CreateFeature1
NVSDK_NGX_VULKAN_DestroyParameters
NVSDK_NGX_VULKAN_EvaluateFeature
NVSDK_NGX_VULKAN_EvaluateFeature_C
NVSDK_NGX_VULKAN_GetCapabilityParameters
NVSDK_NGX_VULKAN_GetFeatureDeviceExtensionRequirements
NVSDK_NGX_VULKAN_GetFeatureInstanceExtensionRequirements
NVSDK_NGX_VULKAN_GetFeatureRequirements
NVSDK_NGX_VULKAN_GetParameters
NVSDK_NGX_VULKAN_GetScratchBufferSize
NVSDK_NGX_VULKAN_Init
NVSDK_NGX_VULKAN_ReleaseFeature
NVSDK_NGX_VULKAN_RequiredExtensions
NVSDK_NGX_VULKAN_Shutdown
NVSDK_NGX_VULKAN_Shutdown1
NvOptimusEnablement

Sections

.text
Size: 12.9MB - Virtual size: 12.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20.0MB - Virtual size: 20.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 524KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 587KB - Virtual size: 586KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 398KB - Virtual size: 397KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bind
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
nvngx_dlss.dll
.dll windows:6 windows x64 arch:x64

154e283e694e5fc75c2bd54e533abe38

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:36:af:b1:da:06:ca:97:91:38:8b:36:e2:58:d0:48
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17/10/2022, 00:00

Not After

15/10/2025, 23:59

Subject

CN=NVIDIA Corporation,OU=1-G,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:4d:d2:82:82:9b:1e:c4:40:ac:e0:c8:e8:e8:3c:4f:da:6e:88:70:4a:89:5c:28:99:30:a1:09:8a:a2:39:2f
Signer

Actual PE Digest

0d:4d:d2:82:82:9b:1e:c4:40:ac:e0:c8:e8:e8:3c:4f:da:6e:88:70:4a:89:5c:28:99:30:a1:09:8a:a2:39:2f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\dvs\p4\build\sw\devrel\libdev\NGX\snippets\rel_tot\source\features\dlaa\_out\wddm_amd64_release\custom_engine_generic\nvngx_dlss.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

user32

GetWindowThreadProcessId
MessageBoxA

kernel32

GetProcessHeap
SetEndOfFile
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
VerSetConditionMask
CreateFileW
GetFileAttributesW
GetFullPathNameW
CloseHandle
GetLastError
SetLastError
GetSystemDirectoryW
FreeLibrary
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetModuleHandleExA
GetProcAddress
LoadLibraryExW
LoadLibraryW
LocalAlloc
LocalFree
VerifyVersionInfoW
GetModuleHandleA
GetStdHandle
OutputDebugStringA
GetCurrentProcessId
WriteConsoleA
GetConsoleWindow
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
GetCurrentThreadId
WaitForSingleObjectEx
QueryPerformanceCounter
QueryPerformanceFrequency
EncodePointer
DecodePointer
LCMapStringEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
RtlUnwind
GetCPInfo
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GetCommandLineA
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetFileType
ReadFile
GetModuleHandleExW
ExitProcess
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
GetConsoleMode
ReadConsoleW
HeapReAlloc
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetFileSizeEx
SetFilePointerEx
GetTimeZoneInformation
HeapSize
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP

Exports

Exports

NGX_SNIPPETS_GetRequiredDriverSupport
NVSDK_NGX_D3D11_CreateFeature
NVSDK_NGX_D3D11_EvaluateFeature
NVSDK_NGX_D3D11_GetFeatureRequirements
NVSDK_NGX_D3D11_GetScratchBufferSize
NVSDK_NGX_D3D11_Init
NVSDK_NGX_D3D11_Init_Ext
NVSDK_NGX_D3D11_PopulateParameters_Impl
NVSDK_NGX_D3D11_ReleaseFeature
NVSDK_NGX_D3D11_Shutdown
NVSDK_NGX_D3D11_Shutdown1
NVSDK_NGX_D3D12_CreateFeature
NVSDK_NGX_D3D12_EvaluateFeature
NVSDK_NGX_D3D12_GetFeatureRequirements
NVSDK_NGX_D3D12_GetScratchBufferSize
NVSDK_NGX_D3D12_Init
NVSDK_NGX_D3D12_Init_Ext
NVSDK_NGX_D3D12_PopulateParameters_Impl
NVSDK_NGX_D3D12_ReleaseFeature
NVSDK_NGX_D3D12_Shutdown
NVSDK_NGX_D3D12_Shutdown1
NVSDK_NGX_GetAPIVersion
NVSDK_NGX_GetApplicationId
NVSDK_NGX_GetDriverVersion
NVSDK_NGX_GetDriverVersionEx
NVSDK_NGX_GetGPUArchitecture
NVSDK_NGX_GetSnippetVersion
NVSDK_NGX_SetInfoCallback
NVSDK_NGX_SetTelemetryEvaluateCallback
NVSDK_NGX_VULKAN_CreateFeature
NVSDK_NGX_VULKAN_CreateFeature1
NVSDK_NGX_VULKAN_EvaluateFeature
NVSDK_NGX_VULKAN_GetFeatureDeviceExtensionRequirements
NVSDK_NGX_VULKAN_GetFeatureInstanceExtensionRequirements
NVSDK_NGX_VULKAN_GetFeatureRequirements
NVSDK_NGX_VULKAN_GetScratchBufferSize
NVSDK_NGX_VULKAN_Init
NVSDK_NGX_VULKAN_Init_Ext
NVSDK_NGX_VULKAN_Init_Ext2
NVSDK_NGX_VULKAN_PopulateParameters_Impl
NVSDK_NGX_VULKAN_ReleaseFeature
NVSDK_NGX_VULKAN_Shutdown
NVSDK_NGX_VULKAN_Shutdown1

Sections

.text
Size: 631KB - Virtual size: 630KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50.3MB - Virtual size: 50.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
steam_settings/force_language.txt
steamclient.dll
.dll windows:6 windows x86 arch:x86

5dd268f44ce93a6f008b620583e0cad0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

PlaySoundA

iphlpapi

GetAdaptersInfo

ws2_32

WSASetLastError
getsockopt
htonl
bind
accept
closesocket
connect
inet_ntop
inet_pton
freeaddrinfo
InetPtonW
WSAConnect
getaddrinfo
ioctlsocket
WSAStartup
socket
setsockopt
sendto
send
recvfrom
recv
ntohs
ntohl
listen
htons

advapi32

SystemFunction036

shell32

SHGetFolderPathW
CommandLineToArgvW

xinput9_1_0

XInputGetState
XInputSetState

user32

OpenClipboard
SetWindowLongA
GetWindowLongA
CallWindowProcA
WindowFromDC
DestroyWindow
CreateWindowExW
RegisterClassExW
UnregisterClassW
DefWindowProcA
ClipCursor
GetClipCursor
GetWindowRect
SetProcessDPIAware
MonitorFromWindow
LoadCursorA
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
GetClientRect
ReleaseDC
GetDC
GetForegroundWindow
GetKeyState
TrackMouseEvent
EmptyClipboard
GetClipboardData
CloseClipboard
SetClipboardData

kernel32

ReleaseSemaphore
GetVersionExW
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
WriteConsoleW
SetEndOfFile
HeapSize
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
MoveFileExW
GetTimeZoneInformation
SetStdHandle
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
InterlockedPopEntrySList
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetStdHandle
HeapReAlloc
FreeLibraryAndExitThread
ExitThread
CreateThread
HeapFree
HeapAlloc
GetFullPathNameW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
ReadFile
InterlockedFlushSList
InterlockedPushEntrySList
GetEnvironmentVariableA
GetEnvironmentVariableW
OutputDebugStringA
CloseHandle
GetLastError
SetLastError
WaitForSingleObject
GetCurrentProcess
ExitProcess
TerminateProcess
GetExitCodeProcess
ResumeThread
CreateProcessA
CreateProcessW
OpenProcess
VirtualAllocEx
VirtualProtectEx
VirtualQueryEx
ReadProcessMemory
WriteProcessMemory
GetProcAddress
LoadLibraryW
GetUserDefaultLCID
VirtualProtect
VirtualFree
VirtualQuery
FreeLibrary
GetModuleHandleW
LoadLibraryExA
LoadLibraryExW
DebugBreak
GetCurrentThread
GetCurrentThreadId
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
GetFileSize
SetFilePointer
WriteFile
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
WideCharToMultiByte
CreateEventA
GetModuleHandleA
LoadLibraryA
VerSetConditionMask
QueryPerformanceCounter
QueryPerformanceFrequency
GetCommandLineW
GetProcessId
GetTickCount64
GetModuleFileNameW
LocalFree
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
SetEnvironmentVariableW
Sleep
GetSystemDirectoryW
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
TryEnterCriticalSection
DuplicateHandle
GetExitCodeThread
EncodePointer
DecodePointer
RaiseException
QueueUserWorkItem
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
QueryDepthSList
UnregisterWaitEx
MultiByteToWideChar
GetModuleHandleExW
RtlUnwind

gdi32

DeleteObject
CreateRectRgn
GetDeviceCaps

dwmapi

DwmIsCompositionEnabled
DwmGetColorizationColor
DwmEnableBlurBehindWindow

Exports

Exports

Breakpad_SteamMiniDumpInit
Breakpad_SteamSetAppID
Breakpad_SteamSetSteamID
Breakpad_SteamWriteMiniDumpSetComment
Breakpad_SteamWriteMiniDumpUsingExceptionInfoWithBuildId
CreateInterface
Steam_BConnected
Steam_BGetCallback
Steam_BLoggedOn
Steam_BReleaseSteamPipe
Steam_ConnectToGlobalUser
Steam_CreateGlobalUser
Steam_CreateLocalUser
Steam_CreateSteamPipe
Steam_FreeLastCallback
Steam_GSBLoggedOn
Steam_GSBSecure
Steam_GSGetSteam2GetEncryptionKeyToSendToNewClient
Steam_GSGetSteamID
Steam_GSLogOff
Steam_GSLogOn
Steam_GSRemoveUserConnect
Steam_GSSendSteam2UserConnect
Steam_GSSendSteam3UserConnect
Steam_GSSendUserDisconnect
Steam_GSSendUserStatusResponse
Steam_GSSetServerType
Steam_GSSetSpawnCount
Steam_GSUpdateStatus
Steam_GetAPICallResult
Steam_GetGSHandle
Steam_InitiateGameConnection
Steam_LogOff
Steam_LogOn
Steam_ReleaseThreadLocalMemory
Steam_ReleaseUser
Steam_SetLocalIPBinding
Steam_TerminateGameConnection

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 45B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
steamclient64.dll
.dll windows:6 windows x64 arch:x64

902a5422d6e0609ff46121a70fb95ee0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

winmm

PlaySoundA

iphlpapi

GetAdaptersInfo

ws2_32

WSASetLastError
getsockopt
htonl
bind
accept
closesocket
connect
inet_ntop
inet_pton
freeaddrinfo
InetPtonW
WSAConnect
getaddrinfo
ioctlsocket
WSAStartup
socket
setsockopt
sendto
send
recvfrom
recv
ntohs
ntohl
listen
htons

advapi32

SystemFunction036

shell32

SHGetFolderPathW
CommandLineToArgvW

xinput9_1_0

XInputGetState
XInputSetState

user32

OpenClipboard
SetWindowLongPtrA
GetWindowLongPtrA
CallWindowProcA
WindowFromDC
DestroyWindow
CreateWindowExW
RegisterClassExW
UnregisterClassW
DefWindowProcA
ClipCursor
GetClipCursor
GetWindowRect
SetProcessDPIAware
MonitorFromWindow
LoadCursorA
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
GetClientRect
ReleaseDC
GetDC
GetForegroundWindow
GetKeyState
TrackMouseEvent
EmptyClipboard
GetClipboardData
CloseClipboard
SetClipboardData

kernel32

ReleaseSemaphore
GetVersionExW
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
WriteConsoleW
SetEndOfFile
HeapSize
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
MoveFileExW
GetTimeZoneInformation
SetStdHandle
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
InterlockedPopEntrySList
GetTimeFormatW
GetDateFormatW
GetStdHandle
HeapReAlloc
FreeLibraryAndExitThread
ExitThread
CreateThread
HeapFree
HeapAlloc
GetFullPathNameW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
ReadFile
InterlockedFlushSList
InterlockedPushEntrySList
GetEnvironmentVariableA
GetEnvironmentVariableW
OutputDebugStringA
CloseHandle
GetLastError
SetLastError
WaitForSingleObject
ExitProcess
TerminateProcess
GetExitCodeProcess
ResumeThread
CreateProcessA
CreateProcessW
OpenProcess
VirtualAllocEx
VirtualProtectEx
VirtualQueryEx
ReadProcessMemory
WriteProcessMemory
IsWow64Process
MultiByteToWideChar
GetCurrentProcess
VirtualProtect
VirtualFree
IsValidLocale
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExA
LoadLibraryExW
DebugBreak
GetCurrentThread
GetCurrentThreadId
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
GetFileSize
SetFilePointer
WriteFile
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
WideCharToMultiByte
CreateEventA
GetModuleHandleA
LoadLibraryA
VerSetConditionMask
QueryPerformanceCounter
QueryPerformanceFrequency
GetCommandLineW
GetProcessId
GetTickCount64
GetModuleFileNameW
GetModuleHandleExW
LocalFree
Module32FirstW
Module32NextW
LoadLibraryW
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
SetEnvironmentVariableW
Sleep
GetSystemDirectoryW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
TryEnterCriticalSection
DuplicateHandle
GetExitCodeThread
RtlPcToFileHeader
EncodePointer
DecodePointer
RaiseException
QueueUserWorkItem
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
QueryDepthSList
UnregisterWaitEx
VirtualQuery
CreateToolhelp32Snapshot
RtlUnwindEx

gdi32

DeleteObject
CreateRectRgn
GetDeviceCaps

dwmapi

DwmIsCompositionEnabled
DwmGetColorizationColor
DwmEnableBlurBehindWindow

Exports

Exports

Breakpad_SteamMiniDumpInit
Breakpad_SteamSetAppID
Breakpad_SteamSetSteamID
Breakpad_SteamWriteMiniDumpSetComment
Breakpad_SteamWriteMiniDumpUsingExceptionInfoWithBuildId
CreateInterface
Steam_BConnected
Steam_BGetCallback
Steam_BLoggedOn
Steam_BReleaseSteamPipe
Steam_ConnectToGlobalUser
Steam_CreateGlobalUser
Steam_CreateLocalUser
Steam_CreateSteamPipe
Steam_FreeLastCallback
Steam_GSBLoggedOn
Steam_GSBSecure
Steam_GSGetSteam2GetEncryptionKeyToSendToNewClient
Steam_GSGetSteamID
Steam_GSLogOff
Steam_GSLogOn
Steam_GSRemoveUserConnect
Steam_GSSendSteam2UserConnect
Steam_GSSendSteam3UserConnect
Steam_GSSendUserDisconnect
Steam_GSSendUserStatusResponse
Steam_GSSetServerType
Steam_GSSetSpawnCount
Steam_GSUpdateStatus
Steam_GetAPICallResult
Steam_GetGSHandle
Steam_InitiateGameConnection
Steam_LogOff
Steam_LogOn
Steam_ReleaseThreadLocalMemory
Steam_ReleaseUser
Steam_SetLocalIPBinding
Steam_TerminateGameConnection

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 699KB - Virtual size: 699KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 45B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
steamclient_loader.exe
.exe windows:6 windows x86 arch:x86

5a6e533a847e4a6c14333c31892a86eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExA
RegSetValueExW
RegCloseKey

user32

MessageBoxA

kernel32

WriteConsoleW
CreateFileW
SetEnvironmentVariableW
GetFileAttributesW
GetFullPathNameW
CloseHandle
WaitForSingleObject
GetCurrentProcessId
TerminateProcess
ResumeThread
CreateProcessW
GetModuleFileNameW
GetModuleHandleW
lstrcpyW
lstrlenA
lstrlenW
GetPrivateProfileStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
LCMapStringW
GetProcessHeap
SetFilePointerEx
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
DecodePointer
RaiseException

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winmm.dll
.dll windows:6 windows x64 arch:x64

d87c96e86984e394d8b76e8b7350cb52

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameW
GetSystemDirectoryW
GetLastError
LoadLibraryW
GetProcAddress
ExitProcess
SetEndOfFile
WriteConsoleW
HeapSize
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
GetLocaleInfoEx
LCMapStringEx
CompareStringEx
GetCPInfo
HeapCreate
VirtualProtect
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
HeapReAlloc
CloseHandle
HeapAlloc
GetThreadContext
GetCurrentProcessId
GetModuleHandleW
FlushInstructionCache
SetThreadContext
OpenThread
VirtualFree
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
GetStdHandle
GetFileType
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadFile
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
ReadConsoleW
CreateFileW
RtlUnwind

user32

MessageBoxA
MessageBoxW

Exports

Exports

CloseDriver
DefDriverProc
DriverCallback
DrvGetModuleHandle
GetDriverModuleHandle
NotifyCallbackData
OnlineFix
OpenDriver
PlaySound
PlaySoundA
PlaySoundW
SendDriverMessage
WOW32DriverCallback
WOW32ResolveMultiMediaHandle
WOWAppExit
aux32Message
auxGetDevCapsA
auxGetDevCapsW
auxGetNumDevs
auxGetVolume
auxOutMessage
auxSetVolume
joy32Message
joyConfigChanged
joyGetDevCapsA
joyGetDevCapsW
joyGetNumDevs
joyGetPos
joyGetPosEx
joyGetThreshold
joyReleaseCapture
joySetCapture
joySetThreshold
mci32Message
mciDriverNotify
mciDriverYield
mciExecute
mciFreeCommandResource
mciGetCreatorTask
mciGetDeviceIDA
mciGetDeviceIDFromElementIDA
mciGetDeviceIDFromElementIDW
mciGetDeviceIDW
mciGetDriverData
mciGetErrorStringA
mciGetErrorStringW
mciGetYieldProc
mciLoadCommandResource
mciSendCommandA
mciSendCommandW
mciSendStringA
mciSendStringW
mciSetDriverData
mciSetYieldProc
mid32Message
midiConnect
midiDisconnect
midiInAddBuffer
midiInClose
midiInGetDevCapsA
midiInGetDevCapsW
midiInGetErrorTextA
midiInGetErrorTextW
midiInGetID
midiInGetNumDevs
midiInMessage
midiInOpen
midiInPrepareHeader
midiInReset
midiInStart
midiInStop
midiInUnprepareHeader
midiOutCacheDrumPatches
midiOutCachePatches
midiOutClose
midiOutGetDevCapsA
midiOutGetDevCapsW
midiOutGetErrorTextA
midiOutGetErrorTextW
midiOutGetID
midiOutGetNumDevs
midiOutGetVolume
midiOutLongMsg
midiOutMessage
midiOutOpen
midiOutPrepareHeader
midiOutReset
midiOutSetVolume
midiOutShortMsg
midiOutUnprepareHeader
midiStreamClose
midiStreamOpen
midiStreamOut
midiStreamPause
midiStreamPosition
midiStreamProperty
midiStreamRestart
midiStreamStop
mixerClose
mixerGetControlDetailsA
mixerGetControlDetailsW
mixerGetDevCapsA
mixerGetDevCapsW
mixerGetID
mixerGetLineControlsA
mixerGetLineControlsW
mixerGetLineInfoA
mixerGetLineInfoW
mixerGetNumDevs
mixerMessage
mixerOpen
mixerSetControlDetails
mmDrvInstall
mmGetCurrentTask
mmTaskBlock
mmTaskCreate
mmTaskSignal
mmTaskYield
mmioAdvance
mmioAscend
mmioClose
mmioCreateChunk
mmioDescend
mmioFlush
mmioGetInfo
mmioInstallIOProcA
mmioInstallIOProcW
mmioOpenA
mmioOpenW
mmioRead
mmioRenameA
mmioRenameW
mmioSeek
mmioSendMessage
mmioSetBuffer
mmioSetInfo
mmioStringToFOURCCA
mmioStringToFOURCCW
mmioWrite
mmsystemGetVersion
mod32Message
mxd32Message
sndPlaySoundA
sndPlaySoundW
tid32Message
timeBeginPeriod
timeEndPeriod
timeGetDevCaps
timeGetSystemTime
timeGetTime
timeKillEvent
timeSetEvent
waveInAddBuffer
waveInClose
waveInGetDevCapsA
waveInGetDevCapsW
waveInGetErrorTextA
waveInGetErrorTextW
waveInGetID
waveInGetNumDevs
waveInGetPosition
waveInMessage
waveInOpen
waveInPrepareHeader
waveInReset
waveInStart
waveInStop
waveInUnprepareHeader
waveOutBreakLoop
waveOutClose
waveOutGetDevCapsA
waveOutGetDevCapsW
waveOutGetErrorTextA
waveOutGetErrorTextW
waveOutGetID
waveOutGetNumDevs
waveOutGetPitch
waveOutGetPlaybackRate
waveOutGetPosition
waveOutGetVolume
waveOutMessage
waveOutOpen
waveOutPause
waveOutPrepareHeader
waveOutReset
waveOutRestart
waveOutSetPitch
waveOutSetPlaybackRate
waveOutSetVolume
waveOutUnprepareHeader
waveOutWrite
wid32Message
wod32Message

Sections

.text
Size: 372KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

11715c84b2642faed91bb8a483d47e23

Code Sign

25:c1:c6:b7:e2:09:a5:55:65:3d:26:56:da:e6:23:3f:fe:6d:39:a3Certificate

Extended Key Usages

Key Usages

e6Certificate

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

35:48:a1:32:e9:17:05:ae:d8:07:92:63:93:03:a0:e5:6c:1e:ec:4d:36:0b:fd:8d:84:85:04:4c:a5:93:3d:34Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 46KB - Virtual size: 45KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 3KB - Virtual size: 3KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 1024B - Virtual size: 656B

.reloc Size: 2KB - Virtual size: 1KB

57a93c581066edd469a2ee699218d201

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

dbghelp

shell32

gdi32

winmm

advapi32

powrprof

ws2_32

user32

dinput8

oleaut32

ole32

steam_api64

comdlg32

wldap32

crypt32

Exports

Exports

Sections

.text Size: 12.9MB - Virtual size: 12.9MB

.rdata Size: 20.0MB - Virtual size: 20.0MB

.data Size: 524KB - Virtual size: 2.3MB

.pdata Size: 587KB - Virtual size: 586KB

_RDATA Size: 4KB - Virtual size: 4KB

.rsrc Size: 200KB - Virtual size: 200KB

.reloc Size: 398KB - Virtual size: 397KB

.bind Size: 202KB - Virtual size: 202KB

154e283e694e5fc75c2bd54e533abe38

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

06:36:af:b1:da:06:ca:97:91:38:8b:36:e2:58:d0:48Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

25:c1:c6:b7:e2:09:a5:55:65:3d:26:56:da:e6:23:3f:fe:6d:39:a3
Certificate

e6
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

35:48:a1:32:e9:17:05:ae:d8:07:92:63:93:03:a0:e5:6c:1e:ec:4d:36:0b:fd:8d:84:85:04:4c:a5:93:3d:34
Signer

.text
Size: 46KB - Virtual size: 45KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 3KB - Virtual size: 3KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 1024B - Virtual size: 656B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 12.9MB - Virtual size: 12.9MB

.rdata
Size: 20.0MB - Virtual size: 20.0MB

.data
Size: 524KB - Virtual size: 2.3MB

.pdata
Size: 587KB - Virtual size: 586KB

_RDATA
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 200KB - Virtual size: 200KB

.reloc
Size: 398KB - Virtual size: 397KB

.bind
Size: 202KB - Virtual size: 202KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

06:36:af:b1:da:06:ca:97:91:38:8b:36:e2:58:d0:48
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

0d:4d:d2:82:82:9b:1e:c4:40:ac:e0:c8:e8:e8:3c:4f:da:6e:88:70:4a:89:5c:28:99:30:a1:09:8a:a2:39:2f
Signer

.text
Size: 631KB - Virtual size: 630KB

.rdata
Size: 241KB - Virtual size: 241KB

.data
Size: 50.3MB - Virtual size: 50.4MB

.pdata
Size: 25KB - Virtual size: 24KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 412KB - Virtual size: 412KB

.data
Size: 109KB - Virtual size: 152KB

.detourc
Size: 14KB - Virtual size: 13KB

.detourd
Size: 512B - Virtual size: 36B

.tls
Size: 512B - Virtual size: 45B

.gfids
Size: 3KB - Virtual size: 2KB

.reloc
Size: 110KB - Virtual size: 110KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 699KB - Virtual size: 699KB

.data
Size: 116KB - Virtual size: 174KB