castle[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

castle.exe
Size

1.8MB
MD5

268a3c79bc2e1481248e7f4e1f9bae2d
SHA1

2151f121ea5c1e6d37c5bd60241184c1648dce1d
SHA256

6ad96614a65626e607a47fbbc75067a43722fbdf5591097dccc479f0bc69f2ac
SHA512

b6f72fd91c38979f7a5b7caf02826a30f7838e48fbf7e7ba69f0d1a2e175cb7eee4914a4ede61f16ed01af18c0b8d3d9c42a9a2b9374e80643c3474b12178a30
SSDEEP

49152:l371cZ7fkF9Ham+jTndSJdt/b/d0BTkxRClmd:VCZTI6modS1aBTLmd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
castle.exe

Files

castle.exe
.exe windows:6 windows x86 arch:x86

7dc386366e0e45317c9d988f7b0898ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\projects\win32\CastleCrashers\Dev\Castle\gamecode\win32\ProjectFiles\Release\CastleWin32.pdb

Imports

dinput8

DirectInput8Create

winhttp

WinHttpReadData
WinHttpAddRequestHeaders
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpConnect
WinHttpSetStatusCallback
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpOpen

d3d9

Direct3DCreate9

d3dx9_43

D3DXMatrixOrthoOffCenterLH
D3DXCreateTextureFromFileExA

steam_api

SteamAPI_GetHSteamUser
SteamAPI_RegisterCallResult
SteamAPI_UnregisterCallResult
SteamInternal_FindOrCreateUserInterface
SteamAPI_UnregisterCallback
SteamAPI_RegisterCallback
SteamAPI_Shutdown
SteamInternal_CreateInterface
SteamAPI_Init
SteamAPI_RunCallbacks
SteamAPI_SetMiniDumpComment
SteamAPI_WriteMiniDump
SteamInternal_ContextInit

kernel32

HeapReAlloc
HeapSize
WriteConsoleW
CreateFileW
SetStdHandle
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
ReadConsoleW
SetFilePointerEx
GetStringTypeW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetModuleHandleA
Sleep
GetLastError
LoadLibraryA
GetProcAddress
WaitForSingleObject
ResumeThread
CloseHandle
RaiseException
IsDebuggerPresent
GetTickCount
GetCurrentProcess
ReadFile
ReleaseSemaphore
SetEndOfFile
CreateFileA
SetEvent
GetOverlappedResult
CreateSemaphoreA
CreateEventA
GetUserDefaultLCID
OutputDebugStringA
GetFileSize
QueryPerformanceFrequency
QueryPerformanceCounter
GetLocalTime
GetModuleFileNameA
SetThreadPriority
CreateThread
LocalFree
GetTimeZoneInformation
GetFileType
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapAlloc
HeapFree
GetACP
WriteFile
GetStdHandle
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
WideCharToMultiByte
MultiByteToWideChar
RtlUnwind
SetLastError
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
DecodePointer
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
GetStartupInfoW
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
EncodePointer
SetFilePointer
ResetEvent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

user32

DefWindowProcA
ScreenToClient
PeekMessageA
PostQuitMessage
GetCursorPos
TranslateMessage
SetRect
AdjustWindowRectEx
GetWindowRect
LoadCursorA
DestroyWindow
SetWindowPos
MessageBoxW
GetSystemMetrics
GetAsyncKeyState
SetWindowLongA
ClientToScreen
ChangeDisplaySettingsA
MessageBoxA
MoveWindow
AdjustWindowRect
RegisterClassA
CreateWindowExA
SetFocus
SetCursor
LoadIconA
GetClientRect
UnregisterClassA
GetDesktopWindow
UpdateWindow
SetForegroundWindow
ShowCursor
SetCursorPos
ShowWindow
DispatchMessageA

gdi32

GetStockObject

shell32

ShellExecuteA
CommandLineToArgvW

ole32

CoInitialize
CoInitializeEx
CoCreateInstance
CoUninitialize
CoSetProxyBlanket

oleaut32

SysFreeString
SysAllocString

Sections

.text
Size: 913KB - Virtual size: 912KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 372KB - Virtual size: 371KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 346KB - Virtual size: 345KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bind
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7dc386366e0e45317c9d988f7b0898ae

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dinput8

winhttp

d3d9

d3dx9_43

steam_api

kernel32

user32

gdi32

shell32

ole32

oleaut32

Sections

.text Size: 913KB - Virtual size: 912KB

.rdata Size: 372KB - Virtual size: 371KB

.data Size: 13KB - Virtual size: 1.4MB

.gfids Size: 512B - Virtual size: 284B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 346KB - Virtual size: 345KB

.reloc Size: 84KB - Virtual size: 83KB

.bind Size: 138KB - Virtual size: 138KB

.text
Size: 913KB - Virtual size: 912KB

.rdata
Size: 372KB - Virtual size: 371KB

.data
Size: 13KB - Virtual size: 1.4MB

.gfids
Size: 512B - Virtual size: 284B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 346KB - Virtual size: 345KB

.reloc
Size: 84KB - Virtual size: 83KB

.bind
Size: 138KB - Virtual size: 138KB