build[.]v1[.]9[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

build.v1.9.zip
Size

1.1MB
MD5

1ff75e0a175485352388ac2affd481d7
SHA1

7ce4ac2435e9f127f8dff0d1a18ba307493fdc2f
SHA256

da2fe1694c40130ab552406fbeb0447abfca4b4da3ffb83a14ae757c25d51d2f
SHA512

0de9d29bb1f2937d40521ea931cf0f49022dcb39cabaf32ac5c0110480738704ac035ccc7e92fc8ed8927e06ff190eedb4b89acc87c8dacb6468567dbf67b6fa
SSDEEP

12288:/R61H3KJ9McdATC7QIFiGMkQE56xBJKIabR61H3KJ9ZcdATC7QIFiGMkQE56a:Z61UMZlIFjjQZLI61UZZlIFjjQy

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/steam_api/steam_api.dll
unpack001/steam_api/steam_api64.dll
unpack001/steamclient/ColdClientLoader.exe
unpack001/steamclient/ColdClientLoader64.exe
unpack001/steamclient/coldclient.dll
unpack001/steamclient/coldclient64.dll

Files

build.v1.9.zip
.zip
steam_api/ColdAPI.ini
steam_api/steam_api.dll
.dll windows:6 windows x86 arch:x86

b6eb171ea2f830c47de9ac38c061ad0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindClose
GetPrivateProfileSectionA
GetCurrentDirectoryA
UnmapViewOfFile
GetModuleHandleA
GetFileAttributesA
CreateFileA
DeleteFileA
lstrcpyA
CloseHandle
WritePrivateProfileStringA
GetProcAddress
ExitProcess
FindNextFileA
CreateDirectoryA
CreateFileMappingW
MapViewOfFile
GetPrivateProfileIntA
GetPrivateProfileStringA
GetModuleFileNameA
lstrlenA
lstrcatA
VirtualProtect
Sleep
GetTickCount
WriteConsoleW
SetEndOfFile
DecodePointer
VirtualAlloc
VirtualFree
SetEnvironmentVariableA
FindFirstFileA
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
QueryPerformanceCounter
GetLastError
WideCharToMultiByte
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
SetEvent
WaitForSingleObjectEx
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
EncodePointer
GetCurrentThread
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW
GetVersionExW
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
LoadLibraryW
RtlUnwind
RaiseException
ReadFile
GetModuleHandleExW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetStdHandle
GetFileType
HeapFree
WriteFile
GetConsoleCP
GetFileSizeEx
HeapAlloc
LCMapStringW
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
FlushFileBuffers
SetStdHandle
CreateFileW
GetStringTypeW
HeapSize
HeapReAlloc

user32

MessageBoxA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Exports

Exports

Breakpad_SetSteamID
Breakpad_SteamMiniDumpInit
Breakpad_SteamSetSteamID
Breakpad_SteamWriteMiniDumpSetComment
Breakpad_SteamWriteMiniDumpUsingExceptionInfoWithBuildId
CreateInterface
GetHSteamPipe
GetHSteamUser
SteamAPI_GetHSteamPipe
SteamAPI_GetHSteamUser
SteamAPI_GetSteamInstallPath
SteamAPI_Init
SteamAPI_InitSafe
SteamAPI_IsSteamRunning
SteamAPI_RegisterCallResult
SteamAPI_RegisterCallback
SteamAPI_ReleaseCurrentThreadMemory
SteamAPI_RestartAppIfNecessary
SteamAPI_RunCallbacks
SteamAPI_SetMiniDumpComment
SteamAPI_SetTryCatchCallbacks
SteamAPI_Shutdown
SteamAPI_UnregisterCallResult
SteamAPI_UnregisterCallback
SteamAPI_WriteMiniDump
SteamAppList
SteamApps
SteamBilling
SteamClient
SteamContentServer
SteamController
SteamFriends
SteamGameCoordinator
SteamGameSearch
SteamGameServer
SteamGameServerHTTP
SteamGameServerInventory
SteamGameServerNetworking
SteamGameServerStats
SteamGameServerUGC
SteamGameServerUtils
SteamGameServer_BSecure
SteamGameServer_GetHSteamPipe
SteamGameServer_GetHSteamUser
SteamGameServer_GetSteamID
SteamGameServer_Init
SteamGameServer_InitSafe
SteamGameServer_RunCallbacks
SteamGameServer_Shutdown
SteamHTMLSurface
SteamHTTP
SteamInput
SteamInternal_ContextInit
SteamInternal_CreateInterface
SteamInternal_FindOrCreateGameServerInterface
SteamInternal_FindOrCreateUserInterface
SteamInternal_GameServer_Init
SteamInventory
SteamMasterServerUpdater
SteamMatchmaking
SteamMatchmakingServers
SteamMusic
SteamMusicRemote
SteamNetworking
SteamParentalSettings
SteamParties
SteamRemotePlay
SteamRemoteStorage
SteamScreenshots
SteamUGC
SteamUnifiedMessages
SteamUser
SteamUserStats
SteamUtils
SteamVideo
Steam_BConnected
Steam_BGetCallback
Steam_BLoggedOn
Steam_BReleaseSteamPipe
Steam_ConnectToGlobalUser
Steam_CreateGlobalUser
Steam_CreateLocalUser
Steam_CreateSteamPipe
Steam_FreeLastCallback
Steam_GSBLoggedOn
Steam_GSBSecure
Steam_GSGetSteam2GetEncryptionKeyToSendToNewClient
Steam_GSGetSteamGameConnectToken
Steam_GSGetSteamID
Steam_GSLogOff
Steam_GSLogOn
Steam_GSRemoveUserConnect
Steam_GSSendSteam2UserConnect
Steam_GSSendSteam3UserConnect
Steam_GSSendUserDisconnect
Steam_GSSendUserStatusResponse
Steam_GSSetServerType
Steam_GSSetSpawnCount
Steam_GSUpdateStatus
Steam_GetAPICallResult
Steam_GetGSHandle
Steam_GetHSteamUserCurrent
Steam_InitiateGameConnection
Steam_LogOff
Steam_LogOn
Steam_RegisterInterfaceFuncs
Steam_ReleaseThreadLocalMemory
Steam_ReleaseUser
Steam_RunCallbacks
Steam_SetLocalIPBinding
Steam_TerminateGameConnection
_CLoadLibraryA@4
_CLoadLibraryExA@12
_CLoadLibraryExW@12
_CLoadLibraryW@4
__VirtualAlloc_@16
handledExceptionFilter

Sections

.text
Size: 286KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
steam_api/steam_api64.dll
.dll windows:6 windows x64 arch:x64

2503a87f19c32ae112078f4778fdfc67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

FindClose
GetPrivateProfileSectionA
GetCurrentDirectoryA
UnmapViewOfFile
GetModuleHandleA
GetFileAttributesA
CreateFileA
DeleteFileA
lstrcpyA
CloseHandle
WritePrivateProfileStringA
GetProcAddress
ExitProcess
FindNextFileA
CreateDirectoryA
CreateFileMappingW
MapViewOfFile
GetPrivateProfileIntA
GetPrivateProfileStringA
GetModuleFileNameA
lstrlenA
lstrcatA
VirtualProtect
Sleep
GetTickCount
WriteConsoleW
SetEndOfFile
VirtualAlloc
VirtualFree
SetEnvironmentVariableA
FindFirstFileA
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
QueryPerformanceCounter
GetLastError
WideCharToMultiByte
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
SetEvent
WaitForSingleObjectEx
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
EncodePointer
GetCurrentThread
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW
GetVersionExW
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
LoadLibraryW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
ReadFile
GetModuleHandleExW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetStdHandle
GetFileType
HeapFree
WriteFile
GetConsoleCP
GetFileSizeEx
HeapAlloc
LCMapStringW
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
FlushFileBuffers
SetStdHandle
CreateFileW
GetStringTypeW
HeapSize
HeapReAlloc

user32

MessageBoxA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Exports

Exports

Breakpad_SetSteamID
Breakpad_SteamMiniDumpInit
Breakpad_SteamSetSteamID
Breakpad_SteamWriteMiniDumpSetComment
Breakpad_SteamWriteMiniDumpUsingExceptionInfoWithBuildId
CLoadLibraryA
CLoadLibraryExA
CLoadLibraryExW
CLoadLibraryW
CreateInterface
GetHSteamPipe
GetHSteamUser
SteamAPI_GetHSteamPipe
SteamAPI_GetHSteamUser
SteamAPI_GetSteamInstallPath
SteamAPI_Init
SteamAPI_InitSafe
SteamAPI_IsSteamRunning
SteamAPI_RegisterCallResult
SteamAPI_RegisterCallback
SteamAPI_ReleaseCurrentThreadMemory
SteamAPI_RestartAppIfNecessary
SteamAPI_RunCallbacks
SteamAPI_SetMiniDumpComment
SteamAPI_SetTryCatchCallbacks
SteamAPI_Shutdown
SteamAPI_UnregisterCallResult
SteamAPI_UnregisterCallback
SteamAPI_WriteMiniDump
SteamAppList
SteamApps
SteamBilling
SteamClient
SteamContentServer
SteamController
SteamFriends
SteamGameCoordinator
SteamGameSearch
SteamGameServer
SteamGameServerHTTP
SteamGameServerInventory
SteamGameServerNetworking
SteamGameServerStats
SteamGameServerUGC
SteamGameServerUtils
SteamGameServer_BSecure
SteamGameServer_GetHSteamPipe
SteamGameServer_GetHSteamUser
SteamGameServer_GetSteamID
SteamGameServer_Init
SteamGameServer_InitSafe
SteamGameServer_RunCallbacks
SteamGameServer_Shutdown
SteamHTMLSurface
SteamHTTP
SteamInput
SteamInternal_ContextInit
SteamInternal_CreateInterface
SteamInternal_FindOrCreateGameServerInterface
SteamInternal_FindOrCreateUserInterface
SteamInternal_GameServer_Init
SteamInventory
SteamMasterServerUpdater
SteamMatchmaking
SteamMatchmakingServers
SteamMusic
SteamMusicRemote
SteamNetworking
SteamParentalSettings
SteamParties
SteamRemotePlay
SteamRemoteStorage
SteamScreenshots
SteamUGC
SteamUnifiedMessages
SteamUser
SteamUserStats
SteamUtils
SteamVideo
Steam_BConnected
Steam_BGetCallback
Steam_BLoggedOn
Steam_BReleaseSteamPipe
Steam_ConnectToGlobalUser
Steam_CreateGlobalUser
Steam_CreateLocalUser
Steam_CreateSteamPipe
Steam_FreeLastCallback
Steam_GSBLoggedOn
Steam_GSBSecure
Steam_GSGetSteam2GetEncryptionKeyToSendToNewClient
Steam_GSGetSteamGameConnectToken
Steam_GSGetSteamID
Steam_GSLogOff
Steam_GSLogOn
Steam_GSRemoveUserConnect
Steam_GSSendSteam2UserConnect
Steam_GSSendSteam3UserConnect
Steam_GSSendUserDisconnect
Steam_GSSendUserStatusResponse
Steam_GSSetServerType
Steam_GSSetSpawnCount
Steam_GSUpdateStatus
Steam_GetAPICallResult
Steam_GetGSHandle
Steam_GetHSteamUserCurrent
Steam_InitiateGameConnection
Steam_LogOff
Steam_LogOn
Steam_RegisterInterfaceFuncs
Steam_ReleaseThreadLocalMemory
Steam_ReleaseUser
Steam_RunCallbacks
Steam_SetLocalIPBinding
Steam_TerminateGameConnection
_VirtualAlloc_
handledExceptionFilter

Sections

.text
Size: 343KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
steamclient/ColdAPI.ini
steamclient/ColdClientLoader.exe
.exe windows:6 windows x86 arch:x86

e1f3e11a243fdc18d760dfa4c1bff651

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
lstrcmpA
ResumeThread
GetModuleHandleA
GetFileAttributesA
CreateFileA
lstrcpyA
CloseHandle
WritePrivateProfileStringA
GetProcAddress
lstrlenA
ExitProcess
SetEnvironmentVariableA
GetCurrentProcessId
CreateRemoteThread
CreateProcessA
GetPrivateProfileIntA
GetPrivateProfileStringA
WriteConsoleW
CreateFileW
GetFullPathNameA
TerminateProcess
WriteProcessMemory
GetModuleFileNameA
VirtualAllocEx
ReadFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
GetModuleHandleExW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
DecodePointer

user32

MessageBoxA

advapi32

RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
steamclient/ColdClientLoader64.exe
.exe windows:6 windows x64 arch:x64

f27b2b23a9f9d9a248b6930c55dbbff2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WaitForSingleObject
lstrcmpA
ResumeThread
GetModuleHandleA
GetFileAttributesA
CreateFileA
lstrcpyA
CloseHandle
WritePrivateProfileStringA
GetProcAddress
lstrlenA
ExitProcess
SetEnvironmentVariableA
GetCurrentProcessId
CreateRemoteThread
CreateProcessA
GetPrivateProfileIntA
GetPrivateProfileStringA
WriteConsoleW
CreateFileW
GetFullPathNameA
TerminateProcess
WriteProcessMemory
GetModuleFileNameA
VirtualAllocEx
ReadFile
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
GetModuleHandleExW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx

user32

MessageBoxA

advapi32

RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
steamclient/coldclient.dll
.dll windows:6 windows x86 arch:x86

b6eb171ea2f830c47de9ac38c061ad0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindClose
GetPrivateProfileSectionA
GetCurrentDirectoryA
UnmapViewOfFile
GetModuleHandleA
GetFileAttributesA
CreateFileA
DeleteFileA
lstrcpyA
CloseHandle
WritePrivateProfileStringA
GetProcAddress
ExitProcess
FindNextFileA
CreateDirectoryA
CreateFileMappingW
MapViewOfFile
GetPrivateProfileIntA
GetPrivateProfileStringA
GetModuleFileNameA
lstrlenA
lstrcatA
VirtualProtect
Sleep
GetTickCount
WriteConsoleW
SetEndOfFile
DecodePointer
VirtualAlloc
VirtualFree
SetEnvironmentVariableA
FindFirstFileA
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
QueryPerformanceCounter
GetLastError
WideCharToMultiByte
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
SetEvent
WaitForSingleObjectEx
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
EncodePointer
GetCurrentThread
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW
GetVersionExW
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
LoadLibraryW
RtlUnwind
RaiseException
ReadFile
GetModuleHandleExW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetStdHandle
GetFileType
HeapFree
WriteFile
GetConsoleCP
GetFileSizeEx
HeapAlloc
LCMapStringW
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
FlushFileBuffers
SetStdHandle
CreateFileW
GetStringTypeW
HeapSize
HeapReAlloc

user32

MessageBoxA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Exports

Exports

Breakpad_SetSteamID
Breakpad_SteamMiniDumpInit
Breakpad_SteamSetSteamID
Breakpad_SteamWriteMiniDumpSetComment
Breakpad_SteamWriteMiniDumpUsingExceptionInfoWithBuildId
CreateInterface
GetHSteamPipe
GetHSteamUser
SteamAPI_GetHSteamPipe
SteamAPI_GetHSteamUser
SteamAPI_GetSteamInstallPath
SteamAPI_Init
SteamAPI_InitSafe
SteamAPI_IsSteamRunning
SteamAPI_RegisterCallResult
SteamAPI_RegisterCallback
SteamAPI_ReleaseCurrentThreadMemory
SteamAPI_RestartAppIfNecessary
SteamAPI_RunCallbacks
SteamAPI_SetMiniDumpComment
SteamAPI_SetTryCatchCallbacks
SteamAPI_Shutdown
SteamAPI_UnregisterCallResult
SteamAPI_UnregisterCallback
SteamAPI_WriteMiniDump
SteamAppList
SteamApps
SteamBilling
SteamClient
SteamContentServer
SteamController
SteamFriends
SteamGameCoordinator
SteamGameSearch
SteamGameServer
SteamGameServerHTTP
SteamGameServerInventory
SteamGameServerNetworking
SteamGameServerStats
SteamGameServerUGC
SteamGameServerUtils
SteamGameServer_BSecure
SteamGameServer_GetHSteamPipe
SteamGameServer_GetHSteamUser
SteamGameServer_GetSteamID
SteamGameServer_Init
SteamGameServer_InitSafe
SteamGameServer_RunCallbacks
SteamGameServer_Shutdown
SteamHTMLSurface
SteamHTTP
SteamInput
SteamInternal_ContextInit
SteamInternal_CreateInterface
SteamInternal_FindOrCreateGameServerInterface
SteamInternal_FindOrCreateUserInterface
SteamInternal_GameServer_Init
SteamInventory
SteamMasterServerUpdater
SteamMatchmaking
SteamMatchmakingServers
SteamMusic
SteamMusicRemote
SteamNetworking
SteamParentalSettings
SteamParties
SteamRemotePlay
SteamRemoteStorage
SteamScreenshots
SteamUGC
SteamUnifiedMessages
SteamUser
SteamUserStats
SteamUtils
SteamVideo
Steam_BConnected
Steam_BGetCallback
Steam_BLoggedOn
Steam_BReleaseSteamPipe
Steam_ConnectToGlobalUser
Steam_CreateGlobalUser
Steam_CreateLocalUser
Steam_CreateSteamPipe
Steam_FreeLastCallback
Steam_GSBLoggedOn
Steam_GSBSecure
Steam_GSGetSteam2GetEncryptionKeyToSendToNewClient
Steam_GSGetSteamGameConnectToken
Steam_GSGetSteamID
Steam_GSLogOff
Steam_GSLogOn
Steam_GSRemoveUserConnect
Steam_GSSendSteam2UserConnect
Steam_GSSendSteam3UserConnect
Steam_GSSendUserDisconnect
Steam_GSSendUserStatusResponse
Steam_GSSetServerType
Steam_GSSetSpawnCount
Steam_GSUpdateStatus
Steam_GetAPICallResult
Steam_GetGSHandle
Steam_GetHSteamUserCurrent
Steam_InitiateGameConnection
Steam_LogOff
Steam_LogOn
Steam_RegisterInterfaceFuncs
Steam_ReleaseThreadLocalMemory
Steam_ReleaseUser
Steam_RunCallbacks
Steam_SetLocalIPBinding
Steam_TerminateGameConnection
_CLoadLibraryA@4
_CLoadLibraryExA@12
_CLoadLibraryExW@12
_CLoadLibraryW@4
__VirtualAlloc_@16
handledExceptionFilter

Sections

.text
Size: 286KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
steamclient/coldclient64.dll
.dll windows:6 windows x64 arch:x64

2503a87f19c32ae112078f4778fdfc67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

FindClose
GetPrivateProfileSectionA
GetCurrentDirectoryA
UnmapViewOfFile
GetModuleHandleA
GetFileAttributesA
CreateFileA
DeleteFileA
lstrcpyA
CloseHandle
WritePrivateProfileStringA
GetProcAddress
ExitProcess
FindNextFileA
CreateDirectoryA
CreateFileMappingW
MapViewOfFile
GetPrivateProfileIntA
GetPrivateProfileStringA
GetModuleFileNameA
lstrlenA
lstrcatA
VirtualProtect
Sleep
GetTickCount
WriteConsoleW
SetEndOfFile
VirtualAlloc
VirtualFree
SetEnvironmentVariableA
FindFirstFileA
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
QueryPerformanceCounter
GetLastError
WideCharToMultiByte
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
SetEvent
WaitForSingleObjectEx
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
EncodePointer
GetCurrentThread
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW
GetVersionExW
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
LoadLibraryW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
ReadFile
GetModuleHandleExW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetStdHandle
GetFileType
HeapFree
WriteFile
GetConsoleCP
GetFileSizeEx
HeapAlloc
LCMapStringW
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
FlushFileBuffers
SetStdHandle
CreateFileW
GetStringTypeW
HeapSize
HeapReAlloc

user32

MessageBoxA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Exports

Exports

Breakpad_SetSteamID
Breakpad_SteamMiniDumpInit
Breakpad_SteamSetSteamID
Breakpad_SteamWriteMiniDumpSetComment
Breakpad_SteamWriteMiniDumpUsingExceptionInfoWithBuildId
CLoadLibraryA
CLoadLibraryExA
CLoadLibraryExW
CLoadLibraryW
CreateInterface
GetHSteamPipe
GetHSteamUser
SteamAPI_GetHSteamPipe
SteamAPI_GetHSteamUser
SteamAPI_GetSteamInstallPath
SteamAPI_Init
SteamAPI_InitSafe
SteamAPI_IsSteamRunning
SteamAPI_RegisterCallResult
SteamAPI_RegisterCallback
SteamAPI_ReleaseCurrentThreadMemory
SteamAPI_RestartAppIfNecessary
SteamAPI_RunCallbacks
SteamAPI_SetMiniDumpComment
SteamAPI_SetTryCatchCallbacks
SteamAPI_Shutdown
SteamAPI_UnregisterCallResult
SteamAPI_UnregisterCallback
SteamAPI_WriteMiniDump
SteamAppList
SteamApps
SteamBilling
SteamClient
SteamContentServer
SteamController
SteamFriends
SteamGameCoordinator
SteamGameSearch
SteamGameServer
SteamGameServerHTTP
SteamGameServerInventory
SteamGameServerNetworking
SteamGameServerStats
SteamGameServerUGC
SteamGameServerUtils
SteamGameServer_BSecure
SteamGameServer_GetHSteamPipe
SteamGameServer_GetHSteamUser
SteamGameServer_GetSteamID
SteamGameServer_Init
SteamGameServer_InitSafe
SteamGameServer_RunCallbacks
SteamGameServer_Shutdown
SteamHTMLSurface
SteamHTTP
SteamInput
SteamInternal_ContextInit
SteamInternal_CreateInterface
SteamInternal_FindOrCreateGameServerInterface
SteamInternal_FindOrCreateUserInterface
SteamInternal_GameServer_Init
SteamInventory
SteamMasterServerUpdater
SteamMatchmaking
SteamMatchmakingServers
SteamMusic
SteamMusicRemote
SteamNetworking
SteamParentalSettings
SteamParties
SteamRemotePlay
SteamRemoteStorage
SteamScreenshots
SteamUGC
SteamUnifiedMessages
SteamUser
SteamUserStats
SteamUtils
SteamVideo
Steam_BConnected
Steam_BGetCallback
Steam_BLoggedOn
Steam_BReleaseSteamPipe
Steam_ConnectToGlobalUser
Steam_CreateGlobalUser
Steam_CreateLocalUser
Steam_CreateSteamPipe
Steam_FreeLastCallback
Steam_GSBLoggedOn
Steam_GSBSecure
Steam_GSGetSteam2GetEncryptionKeyToSendToNewClient
Steam_GSGetSteamGameConnectToken
Steam_GSGetSteamID
Steam_GSLogOff
Steam_GSLogOn
Steam_GSRemoveUserConnect
Steam_GSSendSteam2UserConnect
Steam_GSSendSteam3UserConnect
Steam_GSSendUserDisconnect
Steam_GSSendUserStatusResponse
Steam_GSSetServerType
Steam_GSSetSpawnCount
Steam_GSUpdateStatus
Steam_GetAPICallResult
Steam_GetGSHandle
Steam_GetHSteamUserCurrent
Steam_InitiateGameConnection
Steam_LogOff
Steam_LogOn
Steam_RegisterInterfaceFuncs
Steam_ReleaseThreadLocalMemory
Steam_ReleaseUser
Steam_RunCallbacks
Steam_SetLocalIPBinding
Steam_TerminateGameConnection
_VirtualAlloc_
handledExceptionFilter

Sections

.text
Size: 343KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b6eb171ea2f830c47de9ac38c061ad0c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 286KB - Virtual size: 286KB

.rdata Size: 125KB - Virtual size: 125KB

.data Size: 34KB - Virtual size: 154KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 30KB - Virtual size: 30KB

2503a87f19c32ae112078f4778fdfc67

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 343KB - Virtual size: 343KB

.rdata Size: 197KB - Virtual size: 197KB

.data Size: 39KB - Virtual size: 240KB

.pdata Size: 19KB - Virtual size: 18KB

_RDATA Size: 512B - Virtual size: 256B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 13KB - Virtual size: 13KB

e1f3e11a243fdc18d760dfa4c1bff651

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 47KB - Virtual size: 46KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 204KB - Virtual size: 203KB

f27b2b23a9f9d9a248b6930c55dbbff2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 44KB - Virtual size: 44KB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 2KB - Virtual size: 7KB

.pdata Size: 3KB - Virtual size: 3KB

_RDATA Size: 512B - Virtual size: 256B

.rsrc Size: 204KB - Virtual size: 203KB

b6eb171ea2f830c47de9ac38c061ad0c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 286KB - Virtual size: 286KB

.rdata Size: 125KB - Virtual size: 125KB

.text
Size: 286KB - Virtual size: 286KB

.rdata
Size: 125KB - Virtual size: 125KB

.data
Size: 34KB - Virtual size: 154KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 30KB - Virtual size: 30KB

.text
Size: 343KB - Virtual size: 343KB

.rdata
Size: 197KB - Virtual size: 197KB

.data
Size: 39KB - Virtual size: 240KB

.pdata
Size: 19KB - Virtual size: 18KB

_RDATA
Size: 512B - Virtual size: 256B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 13KB - Virtual size: 13KB

.text
Size: 47KB - Virtual size: 46KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 204KB - Virtual size: 203KB

.text
Size: 44KB - Virtual size: 44KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 2KB - Virtual size: 7KB

.pdata
Size: 3KB - Virtual size: 3KB

_RDATA
Size: 512B - Virtual size: 256B

.rsrc
Size: 204KB - Virtual size: 203KB

.text
Size: 286KB - Virtual size: 286KB

.rdata
Size: 125KB - Virtual size: 125KB

.data
Size: 34KB - Virtual size: 154KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 30KB - Virtual size: 30KB

.text
Size: 343KB - Virtual size: 343KB

.rdata
Size: 197KB - Virtual size: 197KB

.data
Size: 39KB - Virtual size: 240KB

.pdata
Size: 19KB - Virtual size: 18KB

_RDATA
Size: 512B - Virtual size: 256B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 13KB - Virtual size: 13KB