71fdff18f15b01b1eb5dbf177a070b323e5e4cc50b9355ad75cd628589cdfe8e

Sharing

Copy URL Twitter E-mail

General

Target

71fdff18f15b01b1eb5dbf177a070b323e5e4cc50b9355ad75cd628589cdfe8e
Size

3.3MB
MD5

0f7e42fd9270919801d5d850f8da127f
SHA1

06d49b0c268335dda34984976fba4a719bb9f48d
SHA256

71fdff18f15b01b1eb5dbf177a070b323e5e4cc50b9355ad75cd628589cdfe8e
SHA512

de5bf6cded2010c9025de10ec0ac2de587c383d7d32bf00d638e29d1f52b8d4b3334a3d1070d7a06eb781ef41faa3d3f6c32ccd5aa962a9491f36068feda5255
SSDEEP

98304:xI3zSz+BiIz1scygtazTvKGA0cllS7RbM3:uG6Fv/igWRw3

Score

1^/10

Malware Config

Signatures

Files

71fdff18f15b01b1eb5dbf177a070b323e5e4cc50b9355ad75cd628589cdfe8e
.dll windows:6 windows x86 arch:x86

9c292c2a5650613cc7e9bd48f71bfa9b

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

07/10/2021, 00:00

Not After

09/10/2024, 23:59

Subject

CN=Valve Corp.,O=Valve Corp.,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

50:11:35:15:64:54:3c:14:b0:27:a4:f4:75:68:a0:ad:9f:2d:67:61:dc:d3:cd:72:d6:06:8a:b9:99:91:e6:f2
Signer

Actual PE Digest

50:11:35:15:64:54:3c:14:b0:27:a4:f4:75:68:a0:ad:9f:2d:67:61:dc:d3:cd:72:d6:06:8a:b9:99:91:e6:f2

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\buildslave\steam_rel_client_hotfix_win32\build\bin\ClientRelease\bin\steamservice.pdb

Imports

kernel32

GetFullPathNameW
RemoveDirectoryW
SetLastError
ProcessIdToSessionId
GetModuleFileNameW
GlobalAlloc
GlobalUnlock
GlobalLock
lstrlenW
GetPrivateProfileStringA
MoveFileExW
DeleteFileW
WTSGetActiveConsoleSessionId
FindClose
CreateFileW
MultiByteToWideChar
SystemTimeToFileTime
GetSystemTime
ReadConsoleA
SetConsoleMode
ConvertFiberToThread
DeleteFiber
GetEnvironmentVariableW
LocalFree
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
SetStdHandle
LocalAlloc
HeapReAlloc
CreateFileA
CreateDirectoryW
ExpandEnvironmentStringsA
VerSetConditionMask
GetCurrentProcessId
DeviceIoControl
GetFileAttributesW
VerifyVersionInfoW
FindFirstFileW
GetSystemDirectoryA
GetFileType
GetFileInformationByHandle
DeleteFileA
LoadLibraryA
TerminateProcess
CreateProcessW
GetExitCodeProcess
SetCurrentDirectoryW
ExpandEnvironmentStringsW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
OpenFileMappingA
Sleep
OpenEventA
PeekNamedPipe
CreatePipe
DuplicateHandle
OutputDebugStringA
WriteFile
ReadFile
IsBadReadPtr
LoadLibraryExA
FreeLibrary
VirtualFree
VirtualProtect
VirtualAlloc
GetProcessHeap
HeapFree
HeapAlloc
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetCurrentProcess
WaitForMultipleObjects
ResetEvent
GetLastError
SetThreadAffinityMask
GetCurrentThread
GetCurrentThreadId
GetProcAddress
GetModuleHandleA
GetVersionExA
GetSystemTimeAsFileTime
LCMapStringW
CompareStringW
SetFilePointerEx
ExitProcess
HeapValidate
HeapSize
WriteConsoleW
GetStdHandle
GetConsoleCP
ReadConsoleW
GetConsoleMode
SystemTimeToTzSpecificLocalTime
GetLocalTime
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
GetStartupInfoW
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
CreateEventW
WaitForSingleObjectEx
GetCPInfo
DecodePointer
EncodePointer
OpenProcess
CreateThread
GetProcessTimes
CreateEventA
WaitForSingleObject
SetEvent
CloseHandle
LeaveCriticalSection
SetConsoleCtrlHandler
EnterCriticalSection
GetCurrentDirectoryW
FindNextFileW
WideCharToMultiByte
FileTimeToSystemTime
FindFirstFileExW
FlushFileBuffers
GetDiskFreeSpaceA
GetDriveTypeW
GetFileSizeEx
GetTempFileNameW
SetEndOfFile
SetFileAttributesW
SetFilePointer
SetFileTime
GetTempPathW
GetDateFormatW
GetTimeFormatW
GetModuleHandleW
LoadLibraryExW
LoadLibraryW
VirtualQuery
GetModuleFileNameA
GetModuleHandleExA
GetModuleHandleExW
CreateIoCompletionPort
InitializeCriticalSection
DeleteCriticalSection
IsDebuggerPresent
DebugActiveProcess
DebugActiveProcessStop
RaiseException
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
SwitchToThread
OpenThread
SetThreadPriority
TerminateThread
GetExitCodeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
QueryPerformanceCounter
QueryPerformanceFrequency
GetCommandLineA
HeapSetInformation
HeapLock
HeapUnlock
HeapWalk
HeapQueryInformation
GlobalMemoryStatusEx
SetUnhandledExceptionFilter
GetCommandLineW
DebugBreak
GetProcessHeaps
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
InitOnceBeginInitialize
InitOnceComplete
GetStringTypeW

user32

EnumWindows
SetWindowPos
DialogBoxParamA
EndDialog
GetDlgItem
SetDlgItemInt
GetDlgItemInt
SetDlgItemTextA
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
GetWindowTextLengthA
MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
GetWindowThreadProcessId
MessageBoxW
wsprintfA
IsWindowVisible
GetWindowRect

advapi32

RegDeleteValueW
RegisterEventSourceW
DeregisterEventSource
RegEnumValueA
StartTraceA
StopTraceA
EnableTrace
ProcessTrace
CloseTrace
OpenTraceA
RegQueryValueExW
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumValueW
RegEnumKeyExA
RegDeleteValueA
SetTokenInformation
DuplicateTokenEx
CreateProcessAsUserW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetExplicitEntriesFromAclA
SetEntriesInAclA
RegSetValueExW
RegSetValueExA
RegOpenKeyExW
ReportEventW
RegDisableReflectionKey
RegCreateKeyExW
RegCreateKeyExA
LookupPrivilegeValueA
EqualSid
AdjustTokenPrivileges
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExA
RegOpenKeyA
RegCloseKey
SetSecurityDescriptorDacl
IsValidSid
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
GetLengthSid
CreateWellKnownSid
CopySid
AddAccessAllowedAce
OpenProcessToken

shell32

SHGetFolderPathW
SHCreateDirectoryExA
SHGetFolderPathA
CommandLineToArgvW

ole32

CoTaskMemFree
CoInitialize
CLSIDFromString
CoTaskMemAlloc
CoUninitialize
CoCreateGuid
StringFromGUID2
CoCreateInstance
CoInitializeEx
PropVariantClear

oleaut32

SysAllocString
SysFreeString
SysAllocStringByteLen
VariantInit
VariantClear
SysStringLen

shlwapi

SHDeleteKeyA

psapi

EnumProcesses
GetModuleFileNameExA
GetModuleFileNameExW
GetProcessMemoryInfo

cfgmgr32

CM_Get_DevNode_Status

setupapi

SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo

ws2_32

send
closesocket
WSAGetLastError
WSASend
recv
WSASetLastError
WSACleanup

bcrypt

BCryptGenRandom

Exports

Exports

CreateInterface
SteamService_RunMainLoop
SteamService_Shutdown
SteamService_StartThread
SteamService_Stop
g_dwDllEntryThreadId

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 813KB - Virtual size: 812KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c292c2a5650613cc7e9bd48f71bfa9b

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4Certificate

Extended Key Usages

Key Usages

50:11:35:15:64:54:3c:14:b0:27:a4:f4:75:68:a0:ad:9f:2d:67:61:dc:d3:cd:72:d6:06:8a:b9:99:91:e6:f2Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

psapi

cfgmgr32

setupapi

ws2_32

bcrypt

Exports

Exports

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 813KB - Virtual size: 812KB

.data Size: 45KB - Virtual size: 1.6MB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 103KB - Virtual size: 102KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4
Certificate

50:11:35:15:64:54:3c:14:b0:27:a4:f4:75:68:a0:ad:9f:2d:67:61:dc:d3:cd:72:d6:06:8a:b9:99:91:e6:f2
Signer

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 813KB - Virtual size: 812KB

.data
Size: 45KB - Virtual size: 1.6MB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 103KB - Virtual size: 102KB