Steam[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Steam.exe
Size

1.2MB
MD5

760a27ba4d8657c93bc45dc92e3f9d0b
SHA1

4db4bb5a80dd237058dd2f85de5b71c7e550a245
SHA256

d46ecad6ace145a017cc647bcfa2aebf8eba18843d9e0f38fafbdabc30aa397f
SHA512

6a138547aee15adac551100acf13d441479e73f0745649b8c5ff5fa9e8523d20453040b9100691c69b5a099976290f2e9930de36f930b3a70a48a3f895ba0244
SSDEEP

24576:gNgKIWpsyrKGofyfgusSe1bKLlYmxxa+0PM4H40C129FLGV8:gNrIms6KGBfPsR1bKLlYP/40R9VGy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Steam.exe

Files

Steam.exe
.exe windows:4 windows x86 arch:x86

dccca72866016e6974db0304fdbbe412

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

u:\p4clients\rel_beta\Projects\GazelleProto\Client\BootStrapper\VC70_Release_Static\BootStrapper.pdb

Imports

ws2_32

htons
htonl
gethostname
gethostbyname
inet_addr
ioctlsocket
closesocket
WSAConnect
WSASend
WSARecv
shutdown
select
__WSAFDIsSet
WSASetLastError
WSAGetLastError
WSACleanup
WSAStartup
WSASocketA
inet_ntoa

kernel32

WritePrivateProfileStringA
GetPrivateProfileStringA
GlobalFlags
LocalAlloc
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
MoveFileA
WriteFile
FlushFileBuffers
LockFile
UnlockFile
DuplicateHandle
GetVolumeInformationA
GetShortPathNameA
GetCPInfo
GetOEMCP
FileTimeToSystemTime
SystemTimeToFileTime
SetErrorMode
GetTickCount
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
GetFileTime
LocalUnlock
LocalLock
GetPrivateProfileIntA
GetDiskFreeSpaceA
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
ExitProcess
TerminateProcess
SetEnvironmentVariableA
ExitThread
CreateThread
GetDriveTypeA
GetSystemTimeAsFileTime
IsBadReadPtr
GetStartupInfoA
RtlUnwind
HeapSize
FatalAppExitA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
SetEnvironmentVariableW
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetStdHandle
VirtualProtect
GetSystemInfo
VirtualQuery
IsBadCodePtr
GetLocaleInfoW
GlobalSize
lstrcpynA
LocalFree
GlobalGetAtomNameA
GlobalFindAtomA
lstrcatA
lstrcmpW
GlobalAddAtomA
SuspendThread
ResumeThread
SetThreadPriority
MulDiv
SetLastError
GlobalUnlock
FreeResource
GlobalFree
GetCurrentThread
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
SetEndOfFile
SetFilePointer
ReadFile
GetFileSize
DeleteFileA
CreateMutexA
MoveFileExA
GetDiskFreeSpaceExA
CopyFileExA
GetFileAttributesExA
RemoveDirectoryA
FindClose
CopyFileA
CreateDirectoryA
FormatMessageA
SetConsoleCtrlHandler
MapViewOfFile
CreateFileMappingA
GetFileInformationByHandle
UnmapViewOfFile
SetCurrentDirectoryA
GetCurrentDirectoryA
GetFileAttributesA
InterlockedIncrement
CreateEventA
GetFullPathNameA
WaitForSingleObject
SetEvent
FlushViewOfFile
CloseHandle
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
CreateFileA
GetTempPathA
GetModuleFileNameA
RaiseException
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
GetVersion
CompareStringA
lstrcmpiW
lstrcmpiA
GetStringTypeExA
lstrlenW
MultiByteToWideChar
CompareStringW
GetEnvironmentVariableA
GetStringTypeExW
lstrlenA
GetEnvironmentVariableW
FindNextFileA
FindFirstFileA
GetVersionExA
GetThreadLocale
GetLocaleInfoA
InterlockedExchange
WideCharToMultiByte
GetACP
FreeLibrary
GetProcAddress
LoadLibraryA
GetCommandLineA
InterlockedDecrement
CreateProcessA
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleHandleA
Sleep
GetTempFileNameA

user32

CopyAcceleratorTableA
InvalidateRect
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
GetDialogBaseUnits
GetSysColorBrush
DestroyIcon
TranslateAcceleratorA
SetMenu
BringWindowToTop
SetRectEmpty
CreatePopupMenu
InsertMenuItemA
LoadAcceleratorsA
ReuseDDElParam
UnpackDDElParam
LoadMenuA
RegisterClipboardFormatA
IsClipboardFormatAvailable
GetTabbedTextExtentA
UnionRect
PostThreadMessageA
GetDCEx
LockWindowUpdate
SetParent
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
InsertMenuA
RemoveMenu
GetMenuStringA
DestroyMenu
GetMenuItemInfoA
InflateRect
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
IsChild
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetRect
RegisterClassA
UnregisterClassA
SetWindowPlacement
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
PtInRect
GetLastActivePopup
ShowOwnedPopups
SetCursor
SetWindowsHookExA
CallNextHookEx
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
MapVirtualKeyA
IsRectEmpty
CharNextA
GetKeyNameTextA
CopyRect
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
ScreenToClient
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetWindow
SetWindowContextHelpId
GetParent
WaitMessage
GetWindowThreadProcessId
ReleaseCapture
LoadCursorA
WindowFromPoint
MapDialogRect
SetWindowPos
GetDlgItem
PostQuitMessage
wsprintfA
CharUpperA
CharLowerW
CharLowerA
CharUpperW
EnableWindow
SendMessageA
GetDesktopWindow
KillTimer
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
SetTimer
AppendMenuA
GetSystemMenu
LoadIconA
MessageBoxA
RegisterWindowMessageA
PostMessageA
SetCapture
DeleteMenu
GetClassInfoA
ScrollWindowEx
GetMessageA

gdi32

DeleteDC
CreateDIBPatternBrushPt
CreatePatternBrush
CreateBitmap
CreateCompatibleDC
GetStockObject
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetDeviceCaps
CreatePen
ExtCreatePen
CreateHatchBrush
CreateRectRgnIndirect
PatBlt
GetDCOrgEx
CreateFontIndirectA
GetTextExtentPoint32A
ExtSelectClipRgn
CopyMetaFileA
GetBkColor
GetTextColor
OffsetWindowOrgEx
PolyBezierTo
GetTextMetricsA
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
CreateCompatibleBitmap
GetCharWidthA
StretchDIBits
CreateFontA
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
StartDocA
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
GetRgnBox
SetBkColor
RestoreDC
SaveDC
CreateDCA
CreateSolidBrush
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
GetObjectA
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
DeleteObject
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetTextColor
SetWindowExtEx

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA
GetJobA

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA
ReplaceTextA
FindTextA
CommDlgExtendedError
PrintDlgA
PageSetupDlgA

advapi32

SetFileSecurityA
RegCreateKeyA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegSetValueA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetFileSecurityA

shell32

ExtractIconA
DragFinish
DragQueryFileA
SHGetFileInfoA

ole32

CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
CreateBindCtx
CoTaskMemAlloc
ReleaseStgMedium
OleDuplicateData
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoDisconnectObject
CoCreateInstance
StringFromGUID2
OleRun
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
OleFlushClipboard
CoRegisterMessageFilter
CoRegisterClassObject
CoRevokeClassObject
OleSetClipboard
CreateStreamOnHGlobal
OleIsCurrentClipboard

oleaut32

VarDateFromStr
VarBstrFromCy
VarCyFromStr
VarDecFromStr
VarBstrFromDec
SysReAllocStringLen
SysAllocString
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VarBstrFromDate
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SystemTimeToVariantTime
OleCreateFontIndirect
SysStringByteLen
SysAllocStringByteLen
SysStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
LoadTypeLi
VariantCopy
SysFreeString

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathRemoveExtensionA
PathIsUNCA

comctl32

ord13
ImageList_GetImageInfo
ImageList_Draw
ord17
ImageList_Merge
ImageList_LoadImageA
ImageList_Create
ImageList_Destroy
ord14
ImageList_Write
ImageList_Read

oledlg

ord8

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: 940KB - Virtual size: 938KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dccca72866016e6974db0304fdbbe412

Headers

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

oledlg

version

oleacc

Sections

.text Size: 940KB - Virtual size: 938KB

.rdata Size: 264KB - Virtual size: 263KB

.data Size: 24KB - Virtual size: 52KB

.rsrc Size: 44KB - Virtual size: 40KB

.text
Size: 940KB - Virtual size: 938KB

.rdata
Size: 264KB - Virtual size: 263KB

.data
Size: 24KB - Virtual size: 52KB

.rsrc
Size: 44KB - Virtual size: 40KB