2024-02-21_6b950bf012ea289c665dfec3e33caf6b_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-21_6b950bf012ea289c665dfec3e33caf6b_ryuk
Size

6.6MB
MD5

6b950bf012ea289c665dfec3e33caf6b
SHA1

29934c5d34d0ae6e30fab2131bb47f9cf65002be
SHA256

2cf5211bbf4ad7cf37a10b5edba3c7f73e8e088bf2cc70763cfe1a24cf18099f
SHA512

5bd1032e88c3a01476f6c267b994565b43395996c97a9cc26a1e60dcc3768eeb2f2a420906bbbd48313ae28559fec7761cdbfdbaa790b13b69b0ddda6840b809
SSDEEP

98304:0pMiV2hQABRkBFHHAk45JKbUxfp9o1cLz6:0p32+AB2BpVoJKGfp95z6

Score

1^/10

Malware Config

Signatures

Files

2024-02-21_6b950bf012ea289c665dfec3e33caf6b_ryuk
.exe windows:6 windows x64 arch:x64

d1947430fa4500702f3549cf4c2b3b98

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0b:2a:68:f3:0c:61:62:5e:5e:9e:ae:97:bd:5f:67:87
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

24/01/2022, 00:00

Not After

24/01/2025, 23:59

Subject

CN=Fatshark AB,O=Fatshark AB,L=Stockholm,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:2a:68:f3:0c:61:62:5e:5e:9e:ae:97:bd:5f:67:87
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

24/01/2022, 00:00

Not After

24/01/2025, 23:59

Subject

CN=Fatshark AB,O=Fatshark AB,L=Stockholm,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8a:3b:0f:87:1e:2f:f2:10:7d:d6:6c:53:e5:41:53:c4:51:d9:77:57:14:f4:bb:84:d0:8b:18:20:bf:31:56:76
Signer

Actual PE Digest

8a:3b:0f:87:1e:2f:f2:10:7d:d6:6c:53:e5:41:53:c4:51:d9:77:57:14:f4:bb:84:d0:8b:18:20:bf:31:56:76

Digest Algorithm

sha256

PE Digest Matches

true

b7:77:04:28:31:ef:59:d2:05:8a:4c:ed:e4:53:96:6d:ea:9c:8b:8a
Signer

Actual PE Digest

b7:77:04:28:31:ef:59:d2:05:8a:4c:ed:e4:53:96:6d:ea:9c:8b:8a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\w\vt2-stingray\vt2\release\gotwf_balance_2023_11_14\engine\win64\release\vermintide2.pdb

Imports

winmm

timeGetTime
timeBeginPeriod
timeGetDevCaps
timeEndPeriod

dinput8

DirectInput8Create

xinput9_1_0

XInputSetState
XInputGetState

physxcooking_64

PxCreateCooking

physx_64

??0PxHeightFieldDescGeneratedInfo@physx@@QEAA@XZ
PxGetPhysicsBinaryMetaData
PxUnregisterPhysicsSerializers
PxRegisterPhysicsSerializers
??0PxArticulationJointGeneratedInfo@physx@@QEAA@XZ
PxGetPhysics
PxRegisterHeightFields
??0PxAggregateGeneratedInfo@physx@@QEAA@XZ
??0PxTriangleMeshGeometryGeneratedInfo@physx@@QEAA@XZ
??0PxArticulationGeneratedInfo@physx@@QEAA@XZ
??0PxHeightFieldGeometryGeneratedInfo@physx@@QEAA@XZ
??0PxBoxGeometryGeneratedInfo@physx@@QEAA@XZ
??0PxShapeGeneratedInfo@physx@@QEAA@XZ
??0PxArticulationReducedCoordinateGeneratedInfo@physx@@QEAA@XZ
??0PxPlaneGeometryGeneratedInfo@physx@@QEAA@XZ
PxCreateBasePhysics
PxAddCollectionToPhysics
??0PxSphereGeometryGeneratedInfo@physx@@QEAA@XZ
??0PxCapsuleGeometryGeneratedInfo@physx@@QEAA@XZ
??0PxRigidDynamicGeneratedInfo@physx@@QEAA@XZ
??0PxArticulationLinkGeneratedInfo@physx@@QEAA@XZ
??0PxConvexMeshGeometryGeneratedInfo@physx@@QEAA@XZ
??0PxMeshScaleGeneratedInfo@physx@@QEAA@XZ
??0PxArticulationJointReducedCoordinateGeneratedInfo@physx@@QEAA@XZ
?getGeometry@PxShapeGeometryPropertyHelper@physx@@QEBA_NPEBVPxShape@2@AEAVPxHeightFieldGeometry@2@@Z
?getGeometry@PxShapeGeometryPropertyHelper@physx@@QEBA_NPEBVPxShape@2@AEAVPxTriangleMeshGeometry@2@@Z
?getGeometry@PxShapeGeometryPropertyHelper@physx@@QEBA_NPEBVPxShape@2@AEAVPxConvexMeshGeometry@2@@Z
?getGeometry@PxShapeGeometryPropertyHelper@physx@@QEBA_NPEBVPxShape@2@AEAVPxPlaneGeometry@2@@Z
?getGeometry@PxShapeGeometryPropertyHelper@physx@@QEBA_NPEBVPxShape@2@AEAVPxCapsuleGeometry@2@@Z
?getGeometry@PxShapeGeometryPropertyHelper@physx@@QEBA_NPEBVPxShape@2@AEAVPxSphereGeometry@2@@Z
?getGeometry@PxShapeGeometryPropertyHelper@physx@@QEBA_NPEBVPxShape@2@AEAVPxBoxGeometry@2@@Z
??0PxRigidStaticGeneratedInfo@physx@@QEAA@XZ
??0PxMaterialGeneratedInfo@physx@@QEAA@XZ

physxcommon_64

?sweep@PxGeometryQuery@physx@@SA_NAEBVPxVec3@2@MAEBVPxGeometry@2@AEBVPxTransform@2@12AEAUPxSweepHit@2@V?$PxFlags@W4Enum@PxHitFlag@physx@@G@2@M@Z
?computePenetration@PxGeometryQuery@physx@@SA_NAEAVPxVec3@2@AEAMAEBVPxGeometry@2@AEBVPxTransform@2@23@Z
?PxTransformFromSegment@physx@@YA?AVPxTransform@1@AEBVPxVec3@1@0PEAM@Z
?sweep@PxMeshQuery@physx@@SA_NAEBVPxVec3@2@MAEBVPxGeometry@2@AEBVPxTransform@2@IPEBVPxTriangle@2@AEAUPxSweepHit@2@V?$PxFlags@W4Enum@PxHitFlag@physx@@G@2@PEBIM_N@Z
?PxCreateCollection@@YAPEAVPxCollection@physx@@XZ
?getTriangle@PxMeshQuery@physx@@SAXAEBVPxTriangleMeshGeometry@2@AEBVPxTransform@2@IAEAVPxTriangle@2@PEAI3@Z
?distanceSegmentSegmentSquared@Gu@physx@@YAMAEBVPxVec3@2@000PEAM1@Z
?raycast@PxGeometryQuery@physx@@SAIAEBVPxVec3@2@0AEBVPxGeometry@2@AEBVPxTransform@2@MV?$PxFlags@W4Enum@PxHitFlag@physx@@G@2@IPEIAUPxRaycastHit@2@@Z
?findOverlapTriangleMesh@PxMeshQuery@physx@@SAIAEBVPxGeometry@2@AEBVPxTransform@2@AEBVPxTriangleMeshGeometry@2@1PEAIIIAEA_N@Z
?findOverlapHeightField@PxMeshQuery@physx@@SAIAEBVPxGeometry@2@AEBVPxTransform@2@AEBVPxHeightFieldGeometry@2@1PEAIIIAEA_N@Z
?getTriangle@PxMeshQuery@physx@@SAXAEBVPxHeightFieldGeometry@2@AEBVPxTransform@2@IAEAVPxTriangle@2@PEAI3@Z

physxfoundation_64

?getSize@SListImpl@shdfnd@physx@@SAIXZ
?getDefaultStackSize@ThreadImpl@shdfnd@physx@@SAIXZ
?getId@ThreadImpl@shdfnd@physx@@SA_KXZ
?start@ThreadImpl@shdfnd@physx@@QEAAXIPEAVRunnable@23@@Z
?signalQuit@ThreadImpl@shdfnd@physx@@QEAAXXZ
??1SListImpl@shdfnd@physx@@QEAA@XZ
??0SListImpl@shdfnd@physx@@QEAA@XZ
?getSize@SyncImpl@shdfnd@physx@@SAIXZ
?reset@SyncImpl@shdfnd@physx@@QEAAXXZ
?setAffinityMask@ThreadImpl@shdfnd@physx@@QEAAII@Z
?setName@ThreadImpl@shdfnd@physx@@QEAAXPEBD@Z
?snprintf@shdfnd@physx@@YAHPEAD_KPEBDZZ
?incRefCount@Foundation@shdfnd@physx@@SAXXZ
?pop@SListImpl@shdfnd@physx@@QEAAPEAVSListEntry@23@XZ
?stricmp@shdfnd@physx@@YAHPEBD0@Z
PxGetFoundation
?PxDiagonalize@physx@@YA?AVPxVec3@1@AEBVPxMat33@1@AEAVPxQuat@1@@Z
?getAllocator@shdfnd@physx@@YAAEAVPxAllocatorCallback@2@XZ
?getInstance@Foundation@shdfnd@physx@@SAAEAV123@XZ
?error@Foundation@shdfnd@physx@@QEAAXW4Enum@PxErrorCode@3@PEBDH1ZZ
PxCreateFoundation
PxSetProfilerCallback
?set@SyncImpl@shdfnd@physx@@QEAAXXZ
??1SyncImpl@shdfnd@physx@@QEAA@XZ
??0SyncImpl@shdfnd@physx@@QEAA@XZ
?getSize@ThreadImpl@shdfnd@physx@@SAIXZ
?quitIsSignalled@ThreadImpl@shdfnd@physx@@QEAA_NXZ
??1ThreadImpl@shdfnd@physx@@QEAA@XZ
?decRefCount@Foundation@shdfnd@physx@@SAXXZ
?push@SListImpl@shdfnd@physx@@QEAAXPEAVSListEntry@23@@Z
??0ThreadImpl@shdfnd@physx@@QEAA@XZ
?wait@SyncImpl@shdfnd@physx@@QEAA_NI@Z
?waitForQuit@ThreadImpl@shdfnd@physx@@QEAA_NXZ
?quit@ThreadImpl@shdfnd@physx@@QEAAXXZ

lua51

lua_load
lua_error
lua_getstack
luaL_unref
luaL_checkstack
luaL_optinteger
lua_lessthan
lua_remove
lua_newthread
lua_pushstring
luaL_checkudata
lua_rawgeti
lua_sethook
luaL_checknumber
lua_pushnumber
lua_tothread
lua_checkstack
lua_gettop
luaL_getmetafield
lua_cpcall
lua_status
lua_rawget
lua_close
lua_touserdata
lua_pushfstring
lua_call
lua_atpanic
lua_gethookmask
lua_objlen
lua_topointer
lua_isstring
lua_tolstring
lua_tointeger
lua_isuserdata
lua_pushboolean
lua_tonumber
lua_newstate
luaL_optnumber
luaL_loadstring
lua_getinfo
lua_setupvalue
lua_pushlstring
lua_dump
luaL_findtable
lua_getmetatable
luaL_checklstring
luaL_checkany
lua_settable
lua_rawequal
lua_type
lua_getfenv
lua_pushvfstring
lua_pushlightuserdata
luaL_checktype
lua_gettable
lua_setfield
luaL_callmeta
luaL_error
lua_next
luaopen_bit
luaopen_ffi
luaopen_jit
lua_pushnil
lua_resume
lua_replace
luaL_argerror
lua_newuserdata
lua_xmove
lua_pushthread
lua_pushvalue
luaL_newmetatable
luaL_openlibs
lua_isnumber
lua_gethook
luaL_openlib
lua_tocfunction
lua_createtable
luaL_ref
luaL_newstate
lua_setlocal
lua_pushcclosure
lua_pushinteger
luaL_where
luaL_checkinteger
lua_concat
lua_equal
lua_rawset
lua_iscfunction
lua_gethookcount
lua_getfield
luaL_optlstring
lua_getupvalue
luaL_typerror
lua_typename
lua_gc
lua_pcall
luaL_gsub
lua_toboolean
luaL_loadfile
lua_getlocal
lua_setfenv
luaL_register
lua_rawseti
lua_setmetatable
lua_yield
lua_insert
luaL_checkoption
lua_settop
luaL_loadbuffer

steam_api64

SteamAPI_RunCallbacks
SteamAPI_RestartAppIfNecessary
SteamAPI_UnregisterCallback
SteamInternal_FindOrCreateGameServerInterface
SteamAPI_RegisterCallback
SteamInternal_FindOrCreateUserInterface
SteamAPI_GetHSteamUser
SteamInternal_ContextInit
SteamGameServer_GetHSteamUser
SteamAPI_Shutdown
SteamAPI_IsSteamRunning
SteamAPI_RegisterCallResult
SteamInternal_CreateInterface
SteamAPI_Init
SteamAPI_UnregisterCallResult

crypt32

CertGetNameStringA
CertAddCertificateContextToStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptQueryObject
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CertOpenStore

wldap32

ord301
ord200
ord217
ord46
ord211
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord143

hid

HidD_GetAttributes
HidP_GetValueCaps
HidD_GetPreparsedData
HidD_FreePreparsedData
HidD_GetFeature
HidD_SetFeature
HidP_GetCaps
HidD_GetSerialNumberString
HidD_GetManufacturerString
HidD_GetProductString
HidD_GetHidGuid

kernel32

TlsAlloc
GetSystemTimeAsFileTime
TlsSetValue
TlsFree
InitializeSListHead
RtlVirtualUnwind
UnhandledExceptionFilter
TerminateProcess
TlsGetValue
IsProcessorFeaturePresent
GetStartupInfoW
InterlockedPushEntrySList
RtlPcToFileHeader
EncodePointer
RtlUnwindEx
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetTimeZoneInformation
ExitThread
FreeLibraryAndExitThread
GetDriveTypeW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
CreateEventW
GetOverlappedResultEx
CancelIo
GetOverlappedResult
VerifyVersionInfoW
MultiByteToWideChar
CreateFileA
SetLastError
WaitForMultipleObjects
PeekNamedPipe
GetFileType
ExpandEnvironmentStringsA
VerifyVersionInfoA
GetSystemDirectoryA
VerSetConditionMask
WaitForSingleObjectEx
GetTickCount64
SleepEx
InitializeCriticalSectionEx
InitializeCriticalSection
RtlCaptureContext
GetTickCount
LoadLibraryA
SetFilePointerEx
ReadFile
VirtualQuery
FormatMessageW
GetLargePageMinimum
VirtualAlloc
VirtualFree
K32GetProcessMemoryInfo
GlobalUnlock
GlobalLock
GlobalAlloc
CreateEventA
SetEvent
TerminateThread
GetThreadId
CreateThread
RaiseException
GetCurrentThread
SetThreadPriority
SetThreadAffinityMask
OpenThread
GetThreadContext
ResumeThread
SuspendThread
GetSystemTime
SetConsoleTitleW
AllocConsole
SetConsoleCursorPosition
GetNumberOfConsoleInputEvents
WriteConsoleW
FreeConsole
ReadConsoleInputW
AttachConsole
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
MoveFileW
DeleteFileW
GetFileAttributesExW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
FindClose
GetTempPathW
RemoveDirectoryW
DeviceIoControl
FindNextFileW
FindFirstFileExW
GetFileSizeEx
FindFirstFileW
CreateDirectoryW
SetUnhandledExceptionFilter
AddVectoredExceptionHandler
GetCurrentDirectoryW
K32GetModuleInformation
GetModuleHandleExA
RtlCaptureStackBackTrace
GetEnvironmentVariableW
RtlLookupFunctionEntry
EnterCriticalSection
RemoveVectoredExceptionHandler
GetCurrentProcessId
SetFileInformationByHandle
GetFileAttributesW
CreateFileW
GetProcessId
FormatMessageA
FreeLibrary
GetModuleHandleW
LoadLibraryW
GetModuleFileNameW
SwitchToThread
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
TryEnterCriticalSection
CreateSemaphoreW
WaitForSingleObject
ReleaseSemaphore
GlobalMemoryStatusEx
WideCharToMultiByte
HeapReAlloc
GetFullPathNameW
SetStdHandle
FlushFileBuffers
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetProcAddress
GetVersionExA
GetSystemInfo
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentThreadId
SetPriorityClass
IsDebuggerPresent
lstrcmpW
SetThreadExecutionState
DeleteCriticalSection
LocalFree
CloseHandle
GetLastError
Sleep
GetCommandLineA
SetCurrentDirectoryA
GetModuleHandleA
SetErrorMode
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetStringTypeW
SetEndOfFile
HeapSize
WriteFile
ResetEvent
GetModuleFileNameA
GetCommandLineW
GetCurrentProcess
OutputDebugStringA

user32

LoadCursorA
DestroyWindow
SetWindowPos
PostMessageA
GetFocus
FillRect
CreateWindowExW
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
LoadCursorW
WindowFromPoint
ScreenToClient
AdjustWindowRectEx
ReleaseCapture
SetCapture
GetCapture
BringWindowToTop
IsChild
RegisterClassExW
UnregisterClassW
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
IsClipboardFormatAvailable
GetWindowTextLengthW
DefWindowProcW
DispatchMessageA
GetSystemMetrics
InvalidateRect
ShowWindow
GetWindowPlacement
GetClientRect
SetWindowLongW
SetLayeredWindowAttributes
ClientToScreen
GetWindowLongW
FlashWindowEx
ReleaseDC
CreateIconIndirect
DestroyCursor
GetDC
GetAsyncKeyState
GetKeyState
GetKeyNameTextW
MapVirtualKeyW
MessageBoxA
GetWindowTextW
EndPaint
BeginPaint
GetCursorPos
SetCursorPos
IsIconic
ShowCursor
SetForegroundWindow
UpdateWindow
PtInRect
SetWindowLongPtrA
GetParent
GetDesktopWindow
GetWindowLongPtrA
PeekMessageA
SystemParametersInfoA
SetCursor
ClipCursor
TranslateMessage
RegisterRawInputDevices
SetFocus
DefWindowProcA
AdjustWindowRect
GetForegroundWindow
GetRawInputData
RegisterClassW
SetClassLongPtrA
SetWindowsHookExA
GetCursorInfo
IsWindow
SetWindowTextW
CallNextHookEx
GetWindowRect

gdi32

DeleteObject
CreateBitmap
CreateDIBSection
GetStockObject
GetDeviceCaps

shell32

ShellExecuteW
SHGetSpecialFolderPathW
CommandLineToArgvW

ole32

CoInitializeEx
CoCreateGuid
CoUninitialize

advapi32

CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegGetValueA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
ConvertSidToStringSidW
LsaOpenPolicy
LsaAddAccountRights
GetTokenInformation
CryptEncrypt

netapi32

NetWkstaGetInfo
NetApiBufferFree

vcomp140

omp_get_thread_num

setupapi

SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW

ws2_32

select
ntohl
listen
getaddrinfo
getpeername
getsockname
send
socket
ntohs
connect
recvfrom
recv
getsockopt
htonl
htons
sendto
ioctlsocket
setsockopt
WSAGetLastError
bind
accept
WSAStartup
WSACleanup
WSAPoll
shutdown
gethostbyname
closesocket
__WSAFDIsSet
WSASetLastError
WSAIoctl
freeaddrinfo
gethostname

imm32

ImmNotifyIME
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow
ImmAssociateContextEx

iphlpapi

GetAdaptersAddresses

dbghelp

SymSetOptions
StackWalk64
SymGetLineFromAddrW64
SymInitializeW
SymFunctionTableAccess64
SymFromAddrW
SymSetSearchPathW
UnDecorateSymbolNameW
SymGetModuleInfoW64
ImageDirectoryEntryToDataEx
SymCleanup
SymGetModuleBase64
SymLoadModuleEx
EnumerateLoadedModules64

sl.interposer

slGetNewFrameToken
D3D11CreateDevice
slGetFeatureFunction
slGetFeatureRequirements
slInit
slShutdown
slIsFeatureSupported
slUpgradeInterface
slSetD3DDevice
slSetTag
slEvaluateFeature
slSetConstants
slFreeResources
CreateDXGIFactory

bcrypt

BCryptGenerateSymmetricKey
BCryptCreateHash
BCryptHashData
BCryptImportKeyPair
BCryptDestroyHash
BCryptDeriveKeyPBKDF2
BCryptEncrypt
BCryptDestroyKey
BCryptGetProperty
BCryptDecrypt
BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptFinishHash
BCryptOpenAlgorithmProvider

amd_ags_x64

agsDriverExtensionsDX11_DestroyDevice
agsDeInitialize
agsInitialize
agsDriverExtensionsDX11_CreateDevice

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 751KB - Virtual size: 750KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 12.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 259KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 593B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gehcont
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1947430fa4500702f3549cf4c2b3b98

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

0b:2a:68:f3:0c:61:62:5e:5e:9e:ae:97:bd:5f:67:87Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0b:2a:68:f3:0c:61:62:5e:5e:9e:ae:97:bd:5f:67:87Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

8a:3b:0f:87:1e:2f:f2:10:7d:d6:6c:53:e5:41:53:c4:51:d9:77:57:14:f4:bb:84:d0:8b:18:20:bf:31:56:76Signer

b7:77:04:28:31:ef:59:d2:05:8a:4c:ed:e4:53:96:6d:ea:9c:8b:8aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

dinput8

xinput9_1_0

physxcooking_64

physx_64

physxcommon_64

physxfoundation_64

lua51

steam_api64

crypt32

wldap32

hid

kernel32

user32

gdi32

shell32

ole32

advapi32

netapi32

vcomp140

setupapi

ws2_32

imm32

iphlpapi

dbghelp

sl.interposer

bcrypt

amd_ags_x64

Exports

Exports

Sections

.text Size: 5.5MB - Virtual size: 5.5MB

.rdata Size: 751KB - Virtual size: 750KB

.data Size: 36KB - Virtual size: 12.0MB

.pdata Size: 259KB - Virtual size: 258KB

.rodata Size: 3KB - Virtual size: 2KB

.gfids Size: 512B - Virtual size: 324B

.tls Size: 1024B - Virtual size: 593B

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

0b:2a:68:f3:0c:61:62:5e:5e:9e:ae:97:bd:5f:67:87
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0b:2a:68:f3:0c:61:62:5e:5e:9e:ae:97:bd:5f:67:87
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

8a:3b:0f:87:1e:2f:f2:10:7d:d6:6c:53:e5:41:53:c4:51:d9:77:57:14:f4:bb:84:d0:8b:18:20:bf:31:56:76
Signer

b7:77:04:28:31:ef:59:d2:05:8a:4c:ed:e4:53:96:6d:ea:9c:8b:8a
Signer

.text
Size: 5.5MB - Virtual size: 5.5MB

.rdata
Size: 751KB - Virtual size: 750KB

.data
Size: 36KB - Virtual size: 12.0MB

.pdata
Size: 259KB - Virtual size: 258KB

.rodata
Size: 3KB - Virtual size: 2KB

.gfids
Size: 512B - Virtual size: 324B

.tls
Size: 1024B - Virtual size: 593B

.gehcont
Size: 512B - Virtual size: 32B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 11KB