C:\Users\misio\Desktop\MyCodingWork\vanta\x64\Release\GeforceNOW.pdb
Static task
static1
1 signatures
General
-
Target
GeforceNOW.exe
-
Size
1.0MB
-
MD5
e26a24135d40f5bf9edf3a4a0c96513b
-
SHA1
5ea1f0e0a9a342d82bf4c36689879d1c9f96130a
-
SHA256
7d82013608db360b15d8bd88ae2d35ed1a421099e25fbd245feba6fe25a2d274
-
SHA512
11c9290931e6e1b130d629ee6c0b90ec334aec85b5b28de1c463bd16a79000fac93a29bd6c7d03e7287cedac1c7ace85a340fc800c3e720fdd4c79812bd80004
-
SSDEEP
24576:VXJ73RZNq2EiYF8BfEjdNugounm7Dk+1sU:VXJ7heaa8dXgFnmvSU
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource GeforceNOW.exe
Files
-
GeforceNOW.exe.exe windows:6 windows x64 arch:x64
f6ed43d215bbe647d04320323babf60a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
d3d9
Direct3DCreate9Ex
kernel32
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameA
GetModuleHandleW
QueryFullProcessImageNameW
SetLastError
FormatMessageA
LocalFree
EnterCriticalSection
LeaveCriticalSection
SleepEx
GetSystemDirectoryA
VerifyVersionInfoA
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetFileType
PeekNamedPipe
WaitForMultipleObjects
CreateFileA
GetFileSizeEx
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetFileAttributesA
GetTickCount
OutputDebugStringW
GetFileInformationByHandleEx
AreFileApisANSI
lstrcmpiA
GetConsoleWindow
Beep
CreateThread
CloseHandle
Process32Next
GetLastError
Sleep
CreateToolhelp32Snapshot
CreateFileW
GetFileAttributesExW
SetConsoleWindowInfo
TerminateProcess
VirtualAlloc
DeviceIoControl
GetStdHandle
SetConsoleScreenBufferSize
GetCurrentProcess
SetConsoleTitleA
VirtualFree
GetConsoleScreenBufferInfo
VirtualProtect
Process32First
ReadFile
QueryPerformanceCounter
FreeLibrary
VerSetConditionMask
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
GetModuleHandleA
GlobalUnlock
WideCharToMultiByte
GlobalLock
FindFirstFileW
FindClose
GlobalFree
GlobalAlloc
MultiByteToWideChar
UnhandledExceptionFilter
InitializeSListHead
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsDebuggerPresent
SleepConditionVariableSRW
GetLocaleInfoEx
user32
DispatchMessageA
GetWindowRect
DestroyWindow
GetSystemMetrics
ShowWindow
SetWindowLongA
MessageBoxA
TranslateMessage
PeekMessageA
GetDesktopWindow
FindWindowA
SetForegroundWindow
EmptyClipboard
GetAsyncKeyState
GetKeyState
LoadCursorA
ScreenToClient
ClientToScreen
GetForegroundWindow
SetCursor
GetClientRect
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
SendInput
GetClipboardData
SetClipboardData
advapi32
AddAccessAllowedAce
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
OpenProcessToken
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
ConvertSidToStringSidA
CopySid
SetSecurityInfo
IsValidSid
InitializeAcl
GetTokenInformation
GetLengthSid
shell32
Shell_NotifyIconA
ShellExecuteA
imm32
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext
msvcp140
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?id@?$ctype@_W@std@@2V0locale@2@A
?_Xout_of_range@std@@YAXPEBD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Random_device@std@@YAIXZ
?_Syserror_map@std@@YAPEBDH@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Cnd_do_broadcast_at_thread_exit
_Query_perf_counter
_Thrd_detach
_Mtx_unlock
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?good@ios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Winerror_map@std@@YAHH@Z
?setf@ios_base@std@@QEAAHHH@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exceptions@std@@YAHXZ
?_Throw_Cpp_error@std@@YAXH@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Query_perf_frequency
?_Xlength_error@std@@YAXPEBD@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
wininet
InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetOpenA
ntdll
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
xinput1_4
ord2
normaliz
IdnToAscii
wldap32
ord27
ord32
ord33
ord41
ord35
ord79
ord50
ord30
ord200
ord301
ord45
ord60
ord211
ord26
ord46
ord217
ord143
ord22
crypt32
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertGetNameStringA
CertCreateCertificateChainEngine
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptQueryObject
ws2_32
socket
WSASetLastError
WSAIoctl
ntohs
WSAStartup
getsockopt
getsockname
getpeername
connect
bind
WSACleanup
WSAGetLastError
send
accept
recv
closesocket
htonl
setsockopt
listen
ioctlsocket
__WSAFDIsSet
select
getaddrinfo
freeaddrinfo
recvfrom
sendto
gethostname
ntohl
htons
rpcrt4
UuidCreate
UuidToStringA
RpcStringFreeA
psapi
GetModuleInformation
userenv
UnloadUserProfile
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__C_specific_handler
__std_exception_copy
__std_exception_destroy
strstr
__std_terminate
_CxxThrowException
memchr
memmove
memset
strchr
strrchr
__current_exception
__current_exception_context
memcpy
memcmp
api-ms-win-crt-stdio-l1-1-0
_lseeki64
_wfopen
fseek
__stdio_common_vfprintf
__stdio_common_vsprintf
fread
__stdio_common_vsscanf
feof
_open
fputs
fopen
__stdio_common_vsprintf_s
_close
fclose
fflush
_write
_popen
_pclose
fgets
_read
_get_stream_buffer_pointers
_fseeki64
fsetpos
ungetc
__acrt_iob_func
__p__commode
setvbuf
fgetpos
ftell
__stdio_common_vsnprintf_s
_set_fmode
fgetc
fputc
fwrite
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-string-l1-1-0
tolower
_strdup
strncpy
strspn
strcmp
strncmp
strcspn
strpbrk
isupper
api-ms-win-crt-heap-l1-1-0
calloc
_callnewh
realloc
malloc
_set_new_mode
free
api-ms-win-crt-convert-l1-1-0
strtol
atoi
atof
strtoul
strtoll
strtod
strtoull
api-ms-win-crt-runtime-l1-1-0
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_configure_narrow_argv
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
system
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
terminate
exit
_invalid_parameter_noinfo_noreturn
_errno
strerror
__sys_nerr
_invalid_parameter_noinfo
_resetstkoflw
_initialize_narrow_environment
_getpid
abort
_beginthreadex
api-ms-win-crt-time-l1-1-0
_time64
_gmtime64
api-ms-win-crt-filesystem-l1-1-0
_access
_fstat64
_lock_file
_unlock_file
_stat64
_unlink
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-locale-l1-1-0
localeconv
___lc_codepage_func
_configthreadlocale
api-ms-win-crt-math-l1-1-0
sqrt
sqrtf
sinf
powf
pow
tanf
atan2f
fmodf
cosf
ceilf
atan2
asin
acosf
_dclass
__setusermatherr
Sections
.text Size: 802KB - Virtual size: 802KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 160KB - Virtual size: 160KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 28KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 31KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ