GamingRepair[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

GamingRepair.exe
Size

573KB
MD5

0d05a797214e62f36e15d2149e6f4005
SHA1

bf634ecf71e833be051672aebb5367392fee44b2
SHA256

2dea72909788e997892e7219f859b3361910291eb3feb156dafa8b1ceee20c86
SHA512

3b5f3bcb1c54c010bcc9e19a5cbec06061fede5a2a56a730fbf920214af02bdec2c2d602bb51a800c543c011368c4eecbc5aa50fd494e719925d2a80a91283b3
SSDEEP

12288:8vRBXaGr2dkAL4s26pFQZ1HnoBw25YO6RiE+n9yu8:nGrGkAv2JO19yu8

Score

1^/10

Malware Config

Signatures

Files

GamingRepair.exe
.exe windows:10 windows x64 arch:x64

8d3b18a77245c2ac926f3c0dd520371b

Code Sign

33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9f:db:86:26:8b:5b:04:93:97:f5:4b:94:8e:46:64:83:35:e1:93:2e:ae:1e:73:50:eb:29:93:49:06:30:a0:05
Signer

Actual PE Digest

9f:db:86:26:8b:5b:04:93:97:f5:4b:94:8e:46:64:83:35:e1:93:2e:ae:1e:73:50:eb:29:93:49:06:30:a0:05

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

GamingRepair.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

exit
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
_exit
__p___argc
__p___wargv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_register_onexit_function
_invalid_parameter_noinfo
_crt_atexit
_beginthreadex
_initterm_e
_invalid_parameter_noinfo_noreturn
abort
_errno
terminate
_initterm

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
_fseeki64
getchar
__stdio_common_vsnprintf_s
ungetc
fsetpos
_set_fmode
__p__commode
setvbuf
__stdio_common_vsprintf_s
fgetpos
fwrite
fgetwc
fgetc
__stdio_common_vswprintf_s
ungetwc
__acrt_iob_func
fflush
fclose
fputwc

api-ms-win-crt-string-l1-1-0

wcsnlen
wcscpy_s
strcpy_s
wcscmp
_wcsnicmp
__strncnt
islower
_wcsicmp
strcspn
_wcsdup
isupper
isspace
tolower

ntdll

RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
NtQueryMutant
NtQueryInformationProcess
DbgPrintEx
VerSetConditionMask

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
LoadStringW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
FreeLibrary
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
DeleteCriticalSection
InitializeSRWLock
TryAcquireSRWLockExclusive
WaitForSingleObject
SetEvent
ReleaseMutex
CreateEventW
InitializeCriticalSectionEx
WaitForSingleObjectEx
OpenSemaphoreW
AcquireSRWLockShared
CreateMutexExW
CreateEventExW
ResetEvent
SetWaitableTimer
ReleaseSRWLockShared
ReleaseSemaphore
ReleaseSRWLockExclusive
CreateMutexW
EnterCriticalSection
LeaveCriticalSection
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentThreadId
GetCurrentThread
ExitProcess
CreateProcessW
GetCurrentProcessId
CreateThread
ResumeThread
OpenProcessToken
GetExitCodeProcess
GetExitCodeThread
CreateProcessAsUserW
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW
LCMapStringEx
GetLocaleInfoEx
GetCPInfo

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle
SetHandleInformation

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo
GetSystemTimePreciseAsFileTime

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoInitialize
RoGetActivationFactory
RoUninitialize

api-ms-win-core-fibers-l1-1-0

FlsFree
FlsAlloc
FlsSetValue
FlsGetValue

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

drvstore

DriverStoreEnumW

newdev

DiUninstallDriverW
DiUninstallDevice

setupapi

SetupDiDestroyDeviceInfoList
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoList

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv
__pctype_func
_lock_locales
___mb_cur_max_func
___lc_collate_cp_func
_configthreadlocale
_unlock_locales
setlocale
___lc_locale_name_func

api-ms-win-crt-heap-l1-1-0

_free_base
calloc
malloc
_callnewh
free
_malloc_base
_calloc_base
_set_new_mode
_realloc_base

api-ms-win-crt-convert-l1-1-0

strtof
strtod
wcstoul
_wtoi
_wtof

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-math-l1-1-0

pow
ldexp
frexp
powf

api-ms-win-crt-time-l1-1-0

_W_Getdays
_Getdays
_Strftime
_Getmonths
_Gettnames
_W_Gettnames
_Wcsftime
_W_Getmonths

api-ms-win-core-synch-l1-2-1

CreateWaitableTimerW
WaitForMultipleObjects

api-ms-win-core-synch-l1-2-0

WakeConditionVariable
WakeAllConditionVariable
Sleep
SleepConditionVariableSRW
InitializeConditionVariable

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsCreateStringReference
WindowsCreateString
WindowsConcatString
WindowsDeleteString

api-ms-win-core-registry-l1-1-0

RegDeleteTreeW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegEnumValueW
RegGetValueW
RegSetValueExW
RegQueryInfoKeyW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-file-l1-1-0

CreateDirectoryW
FindFirstFileW
GetFileTime
GetFileAttributesW
CreateFileW
DeleteFileW
SetFileAttributesW
FindNextFileW
RemoveDirectoryW
FindClose
SetFileTime

api-ms-win-security-base-l1-1-0

RevertToSelf
GetTokenInformation
ImpersonateLoggedOnUser
AdjustTokenPrivileges
DuplicateTokenEx

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalAlloc
LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoInitializeEx
CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler
CoUninitialize

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-namedpipe-l1-1-0

CreatePipe

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW
K32GetProcessImageFileNameW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
EnableTraceEx2
StartTraceW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-service-management-l1-1-0

StartServiceW
OpenSCManagerW
CloseServiceHandle
ControlServiceExW
OpenServiceW

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx
QueryServiceConfigW
ChangeServiceConfigW
NotifyServiceStatusChangeW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringEx
GetStringTypeW
WideCharToMultiByte

winhttp

WinHttpQueryDataAvailable
WinHttpOpen
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpCloseHandle
WinHttpReadData
WinHttpQueryAuthSchemes
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest
WinHttpGetProxyForUrl
WinHttpConnect
WinHttpSetOption
WinHttpGetDefaultProxyConfiguration
WinHttpOpenRequest
WinHttpSetCredentials

api-ms-win-security-credentials-l1-1-0

CredFree
CredReadW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId

Sections

.text
Size: 376KB - Virtual size: 373KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d3b18a77245c2ac926f3c0dd520371b

Code Sign

33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

9f:db:86:26:8b:5b:04:93:97:f5:4b:94:8e:46:64:83:35:e1:93:2e:ae:1e:73:50:eb:29:93:49:06:30:a0:05Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-fibers-l1-1-0

api-ms-win-core-util-l1-1-0

drvstore

newdev

setupapi

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-file-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-eventing-controller-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-path-l1-1-0

api-ms-win-core-version-l1-1-1

api-ms-win-core-version-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-core-string-l1-1-0

winhttp

api-ms-win-security-credentials-l1-1-0

api-ms-win-core-file-l2-1-2

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-kernel32-legacy-l1-1-0

Sections

.text Size: 376KB - Virtual size: 373KB

33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

9f:db:86:26:8b:5b:04:93:97:f5:4b:94:8e:46:64:83:35:e1:93:2e:ae:1e:73:50:eb:29:93:49:06:30:a0:05
Signer

.text
Size: 376KB - Virtual size: 373KB

.rdata
Size: 148KB - Virtual size: 145KB

.data
Size: 8KB - Virtual size: 11KB

.pdata
Size: 16KB - Virtual size: 13KB

.didat
Size: 4KB - Virtual size: 144B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 2KB