patriots[.]exe

Resubmissions

26-03-2024 16:45

240326-t9cn8she9t 3

Sharing

Copy URL

Twitter E-mail

General

Target

patriots.exe
Size

2.2MB
MD5

30f4f164ac5571d4e01ce39e7b869f87
SHA1

7e7823d1bebe6e740f3842c5a63f3ad6b8800942
SHA256

65e092b3ad4c40bcdf36bc112a20bb92e493c997addfb0d0ba1ea68945101046
SHA512

f3f70fd4080d9fb5867cd27adb998ee33a620258391c914ac76d660017306816cf78c178cd94beb2ab22e22b85cb51697130f715e7947e711c03aa534ec2e008
SSDEEP

3072:rQaWCRdGDE1e/24ooTGPNnkBSzxqzxbEjpqC6ztHr:rLHL1QooTGPNnkBSzxqzxb2/6ztH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
patriots.exe

Files

patriots.exe
.exe windows:6 windows x86 arch:x86

8bbbae150fb153247f47a450a35ed7ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Phoenix\main\Game\launcher.pdb

Imports

steam_api

SteamApps
SteamUser
SteamAPI_Shutdown
SteamAPI_Init

gdiplus

GdipFree
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipCreateFromHWND
GdipDeleteGraphics
GdipDrawString
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromFile

mfc110

ord5643
ord5110
ord5266
ord5091
ord7537
ord7538
ord7528
ord5264
ord8027
ord10052
ord1057
ord1463
ord6938
ord461
ord1102
ord6333
ord1104
ord1166
ord7313
ord3767
ord3104
ord2159
ord2189
ord8588
ord2466
ord449
ord1099
ord2464
ord12843
ord13970
ord9017
ord9042
ord11954
ord8947
ord2704
ord13498
ord6064
ord3340
ord3341
ord4025
ord10266
ord11180
ord10808
ord8848
ord11912
ord3234
ord1498
ord994
ord7260
ord9016
ord5975
ord9063
ord12001
ord2705
ord1719
ord6066
ord4150
ord3085
ord8934
ord6331
ord4151
ord6334
ord2491
ord8196
ord3631
ord10175
ord7470
ord987
ord1459
ord7808
ord2149
ord946
ord6694
ord10047
ord5617
ord12701
ord12000
ord5380
ord10228
ord8025
ord4519
ord12028
ord12020
ord5765
ord3786
ord6193
ord14402
ord6194
ord14403
ord6192
ord14401
ord7811
ord12307
ord14201
ord11766
ord11765
ord1978
ord7753
ord12720
ord4023
ord4084
ord9203
ord14327
ord7734
ord14329
ord12318
ord12317
ord2430
ord5212
ord8130
ord12638
ord8191
ord8273
ord13296
ord7934
ord544
ord13038
ord10831
ord2830
ord4415
ord4809
ord5554
ord11774
ord12883
ord12094
ord9503
ord6377
ord6427
ord11389
ord1711
ord1702
ord12038
ord12040
ord13619
ord3204
ord10795
ord6809
ord8773
ord14322
ord11719
ord3772
ord11870
ord11510
ord11509
ord5507
ord10085
ord10081
ord10083
ord10084
ord10082
ord8018
ord3240
ord3243
ord6330
ord6410
ord3816
ord4746
ord2245
ord1038
ord316
ord1500
ord9155
ord5614
ord5404
ord5107
ord11949
ord3203
ord3308
ord3309
ord3874
ord11905
ord2626
ord5782
ord13449
ord11501
ord6710
ord14328
ord7735
ord14330
ord2995
ord4424
ord9495
ord4432
ord4870
ord4837
ord4831
ord4867
ord4889
ord4846
ord4875
ord4885
ord4854
ord4858
ord4862
ord4850
ord4879
ord4842
ord1724
ord12032
ord1715
ord2353
ord13502

msvcr110

_setmbcp
__CxxFrameHandler3
memset
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_commode
_fmode
_acmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
?terminate@@YAXXZ
??1type_info@@UAE@XZ
strncmp
vsprintf_s
sprintf_s
swprintf_s

kernel32

GetPrivateProfileStringA
GetCurrentDirectoryA
GetPrivateProfileStringW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetCurrentDirectoryW
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
CloseHandle
GetCommandLineA
CreateProcessA

user32

LoadIconW
SendMessageA
GetDC
GetParent
SetLayeredWindowAttributes
UpdateLayeredWindow
GetWindowRect
EnableWindow

gdi32

GetObjectA
CreateCompatibleDC

shell32

ShellExecuteA

comctl32

InitCommonControlsEx

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

8bbbae150fb153247f47a450a35ed7ec

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

steam_api

gdiplus

mfc110

msvcr110

kernel32

user32

gdi32

shell32

comctl32

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 1024B - Virtual size: 3KB

.rsrc Size: 2.2MB - Virtual size: 2.2MB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 1024B - Virtual size: 3KB

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

.reloc
Size: 11KB - Virtual size: 11KB