Steam[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Steam.exe
Size

1.2MB
MD5

0573c43a268c516fdc219651f6f7048a
SHA1

f72077918cfd76b2e49e37223cc732ce95456f0b
SHA256

f4ec84f73aae0a024832b44708984c7b558946e0998bb6d139af10dd860199a8
SHA512

6eb5404f889b051d66200dae1b76fb6e433a13d2673acc9f0d6f2997a00f489776fd2ca8088047136fd6e0b94f922c138d7fd6198bb5b501ed86f227b3e2a5b9
SSDEEP

24576:RznmLjr6ZQuE9G22ERxofCj8JGEN84q2ql5dRQBMoFZ9x:Rzmu9Es2GGEN84q2ql5dRQBMoFZ9x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Steam.exe

Files

Steam.exe
.exe windows:4 windows x86 arch:x86

b86e3bff94e274464acfa3cb6b517aa9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

u:\p4clients\rel_beta\Projects\GazelleProto\Client\BootStrapper\VC70_Release_Static\BootStrapper.pdb

Imports

ws2_32

bind
select
__WSAFDIsSet
recvfrom
sendto
WSAGetLastError
recv
connect
socket
ntohs
ioctlsocket
htonl
gethostname
gethostbyname
inet_addr
WSASend
WSARecv
shutdown
WSASetLastError
setsockopt
getsockname
closesocket
WSACleanup
WSAStartup
send
htons

kernel32

lstrcmpW
lstrcatA
GlobalFindAtomA
GlobalGetAtomNameA
GlobalFlags
WritePrivateProfileStringA
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
WriteFile
FlushFileBuffers
LockFile
UnlockFile
DuplicateHandle
GetVolumeInformationA
GetCPInfo
GetOEMCP
lstrcpynA
SetErrorMode
GetTickCount
FileTimeToLocalFileTime
GetFileTime
HeapAlloc
HeapFree
HeapReAlloc
IsBadReadPtr
GetSystemTimeAsFileTime
ExitProcess
TerminateProcess
SetEnvironmentVariableA
ExitThread
CreateThread
GetDriveTypeA
GetStartupInfoA
RtlUnwind
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetEnvironmentVariableW
SetHandleCount
GetStdHandle
GetFileType
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetStdHandle
VirtualProtect
VirtualQuery
GetLocaleInfoW
GlobalAddAtomA
MulDiv
SetLastError
GlobalUnlock
FreeResource
GlobalFree
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
GetTempFileNameA
SetUnhandledExceptionFilter
SetThreadPriority
GetSystemInfo
LocalFree
LocalAlloc
GetCurrentThread
SetEndOfFile
SetFilePointer
ReadFile
GetFileSize
CreateMutexA
SetFileAttributesA
GetLongPathNameA
RemoveDirectoryA
CopyFileA
CreateDirectoryA
WaitForMultipleObjectsEx
TerminateThread
ResumeThread
ResetEvent
FormatMessageA
InterlockedIncrement
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
SetCurrentDirectoryA
GetCurrentDirectoryA
GetFileAttributesA
GetFullPathNameA
CreateEventA
SetEvent
FlushViewOfFile
IsBadCodePtr
GetCurrentProcess
CreateFileA
GetCurrentThreadId
GetCurrentProcessId
GetTempPathA
RaiseException
GetModuleFileNameA
GetVersion
GetVersionExA
CompareStringA
GetThreadLocale
lstrcmpiA
InterlockedExchange
MultiByteToWideChar
GetACP
CompareStringW
WideCharToMultiByte
GetLocaleInfoA
lstrlenA
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleHandleA
FreeLibrary
GetProcAddress
LoadLibraryA
GetExitCodeProcess
WaitForSingleObject
GetCommandLineA
CloseHandle
InterlockedDecrement
DeleteFileA
FindClose
FindNextFileA
FindFirstFileA
SystemTimeToFileTime
GetSystemTime
CreateProcessA
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
FileTimeToSystemTime

user32

RegisterClipboardFormatA
PostThreadMessageA
ReleaseCapture
LoadCursorA
SetCapture
MoveWindow
SetWindowTextA
IsDialogMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
IsChild
GetWindowTextA
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
UnregisterClassA
DefWindowProcA
CallWindowProcA
SetWindowLongA
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
PtInRect
IntersectRect
GetLastActivePopup
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetWindow
SetWindowContextHelpId
GetParent
MapDialogRect
SetWindowPos
GetDlgItem
PostQuitMessage
ReleaseDC
GetDC
CopyRect
SetForegroundWindow
ShowWindow
wsprintfA
CharUpperA
EnableWindow
SendMessageA
GetDesktopWindow
KillTimer
DestroyMenu
GetSysColorBrush
MessageBeep
GetNextDlgGroupItem
SendMessageW
DrawIcon
GetSystemMetrics
IsIconic
SetTimer
LoadImageA
DrawTextW
OffsetRect
InflateRect
GetClientRect
FindWindowA
MessageBoxW
MessageBoxA
RegisterWindowMessageA
PostMessageA
InvalidateRgn
InvalidateRect
CopyAcceleratorTableA
SetRect
IsRectEmpty
GetDlgCtrlID
CharNextA
PeekMessageA

gdi32

GetDeviceCaps
GetMapMode
GetTextColor
GetRgnBox
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
BitBlt
GetWindowExtEx
GetViewportExtEx
GetObjectA
ScaleWindowExtEx
SetWindowExtEx
GetClipBox
SetMapMode
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
GetStockObject
CreateCompatibleDC
CreateBitmap
DeleteDC
ExtSelectClipRgn
CreateRectRgnIndirect
DeleteObject
GetBkColor
CreateSolidBrush
ScaleViewportExtEx

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

comdlg32

GetFileTitleA

advapi32

RegQueryValueA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyA
RegDeleteValueA
RegQueryValueExA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegOpenKeyA

shell32

Shell_NotifyIconW
Shell_NotifyIconA

ole32

CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleInitialize
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleUninitialize

oleaut32

SysAllocString
VariantCopy
SafeArrayDestroy
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocStringByteLen
SysStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
SHDeleteKeyA
PathIsUNCA

comctl32

ord17

oledlg

ord8

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

oleacc

CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: 828KB - Virtual size: 825KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 288KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b86e3bff94e274464acfa3cb6b517aa9

Headers

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

oledlg

version

oleacc

Sections

.text Size: 828KB - Virtual size: 825KB

.rdata Size: 288KB - Virtual size: 286KB

.data Size: 48KB - Virtual size: 74KB

.rsrc Size: 44KB - Virtual size: 42KB

.text
Size: 828KB - Virtual size: 825KB

.rdata
Size: 288KB - Virtual size: 286KB

.data
Size: 48KB - Virtual size: 74KB

.rsrc
Size: 44KB - Virtual size: 42KB