SteamFix32[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

SteamFix32.dll
Size

721KB
MD5

7dc12c4b56620bccff9e56f7c405855e
SHA1

b0bb0df855c334cbab30046523b5acb0f30bcaaa
SHA256

f89c75393cace7a0a69673bff23900e97aa43bc0e1df137c98e173cf0dc40656
SHA512

59684b26179d29594c454187a677edf540ecae2e2bab4681283e2e8089b8b2af4c164c50be1d5000ea3426c87d823047a2b6a3cd542b66d82b7f8538356e732d
SSDEEP

12288:iCdLJckPwKayfxLqFvzIkvY66mPn8gb5a3s5iozHVO2JFaOqCd5o:iSckPGdF7xw1go3s5ioTV3OLq5o

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SteamFix32.dll

Files

SteamFix32.dll
.dll windows:6 windows x86 arch:x86

ace07a7ac51940394ef56cd64c0edc52

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

AreFileApisANSI
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetForegroundWindow

advapi32

RegOpenKeyA

shell32

ShellExecuteA

msvcp140

??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ

d3dcompiler_47

D3DCompile

imm32

ImmSetCompositionWindow

vcruntime140

__CxxFrameHandler3

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-runtime-l1-1-0

_crt_atexit

api-ms-win-crt-filesystem-l1-1-0

_wstat64i32

api-ms-win-crt-multibyte-l1-1-0

_mbsicmp

api-ms-win-crt-convert-l1-1-0

strtoul

api-ms-win-crt-math-l1-1-0

ceil

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

Exports

Exports

FreeTP_Org

Sections

.text
Size: - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 657KB - Virtual size: 657KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1021B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ace07a7ac51940394ef56cd64c0edc52

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcp140

d3dcompiler_47

imm32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: - Virtual size: 211KB

.rdata Size: 57KB - Virtual size: 57KB

.data Size: - Virtual size: 5KB

.vmp0 Size: - Virtual size: 181KB

.vmp1 Size: 657KB - Virtual size: 657KB

.reloc Size: 4KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 1021B

.text
Size: - Virtual size: 211KB

.rdata
Size: 57KB - Virtual size: 57KB

.data
Size: - Virtual size: 5KB

.vmp0
Size: - Virtual size: 181KB

.vmp1
Size: 657KB - Virtual size: 657KB

.reloc
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 1021B