HorizonForbiddenWest[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

HorizonForbiddenWest.exe
Size

43.8MB
MD5

8152ebae2dd78c1a5e4b2fe98ad43be5
SHA1

97047fd98edaed53ba4667294611c6417857ace2
SHA256

6629083175b524cff9ee3369a7eb8e1d6188b421032b84affee60fd7be767449
SHA512

792924778ffeb8769cf082cdaff4bff7c8c541e3f841be6b1cb884c6e9818d38aa9bfaaa1cce221988ce1293aa2c333a937c364870a7d34af999df4163023d44
SSDEEP

393216:KHYTdGmECagj0vRE2AQ6Z1XT0o+VKobESOgER3hehmEHwMH3S5:s0kFGiV1ESO5Xe4EHwMHi5

Score

1^/10

Malware Config

Signatures

Files

HorizonForbiddenWest.exe
.exe windows:6 windows x64 arch:x64

780d0a39830e426e0077321faadf2d57

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:37:77:3d:9d:48:b9:fa:17:7b:dd:ec:c2:5d:67:4c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28/11/2023, 00:00

Not After

27/11/2024, 23:59

Subject

SERIALNUMBER=201635710028,CN=Sony Interactive Entertainment LLC,O=Sony Interactive Entertainment LLC,L=San Mateo,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f4:af:20:74:d9:56:d5:02:67:51:54:b7:f1:5c:e6:fb:03:49:1d:00
Signer

Actual PE Digest

f4:af:20:74:d9:56:d5:02:67:51:54:b7:f1:5c:e6:fb:03:49:1d:00

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\dev\HRZ2-PCR\NIP\Assets\Game_Assets\NIP.WinGameSteam.Submission.DX12.pdb

Imports

kernel32

AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
GetCurrentProcessId
OpenProcess
GetVersionExW
TerminateProcess
GetLogicalProcessorInformationEx
CreateThread
SizeofResource
LockResource
LoadResource
FindResourceW
LocalAlloc
LocalFree
LoadLibraryExW
SetEnvironmentVariableW
ExitProcess
GetLocaleInfoA
GetComputerNameA
GetModuleHandleExW
FormatMessageA
CloseThreadpool
GetFileSizeEx
CreateThreadpool
GetFullPathNameW
DeviceIoControl
SetFilePointer
TrySubmitThreadpoolCallback
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
SetThreadpoolThreadMaximum
GetLogicalProcessorInformation
CreateThreadpoolWait
GetThreadPriority
SetThreadpoolWait
ResetEvent
GetModuleHandleA
TryAcquireSRWLockExclusive
TryAcquireSRWLockShared
GetSystemTimeAsFileTime
GetTimeZoneInformation
FindNextFileW
ExpandEnvironmentStringsW
RemoveDirectoryW
GetDriveTypeA
SetFileTime
GetFullPathNameA
SetEndOfFile
SetFileAttributesW
GetFileInformationByHandle
GetDiskFreeSpaceA
GetFileAttributesExW
DeleteFileW
GetOverlappedResult
CopyFileW
MoveFileW
GetFileTime
FlushFileBuffers
VirtualFree
VirtualAlloc
WakeAllConditionVariable
InitializeConditionVariable
WaitForSingleObjectEx
RegisterWaitForSingleObject
GlobalMemoryStatus
GetSystemInfo
VirtualQuery
OutputDebugStringA
UnmapViewOfFile
CreateFileMappingA
MapViewOfFileEx
CancelIo
GetOverlappedResultEx
SetHandleInformation
SetThreadAffinityMask
CreateMutexA
ReleaseMutex
ResumeThread
DuplicateHandle
SwitchToThread
SetThreadGroupAffinity
SetThreadPriorityBoost
SleepConditionVariableSRW
CreateSemaphoreA
WaitForMultipleObjectsEx
GetModuleFileNameA
GetCommandLineW
SetErrorMode
GetModuleHandleExA
GetComputerNameExA
FindFirstFileW
WaitForMultipleObjects
InitializeCriticalSectionEx
DecodePointer
SetLastError
TerminateThread
SetConsoleTitleA
TlsSetValue
TlsAlloc
TlsFree
WriteConsoleA
AllocConsole
OutputDebugStringW
GetSystemDirectoryW
lstrcmpA
FileTimeToSystemTime
VerifyVersionInfoW
VerSetConditionMask
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
InitializeSListHead
SetWaitableTimer
CancelWaitableTimer
CreateWaitableTimerW
SetFileInformationByHandle
ExitThread
GetExitCodeThread
GetStringTypeW
GetNativeSystemInfo
RtlPcToFileHeader
EncodePointer
LCMapStringEx
GetTickCount
GetLocaleInfoW
GetModuleHandleW
CompareStringEx
GetCPInfo
VirtualProtect
SetThreadExecutionState
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
GetConsoleWindow
GlobalMemoryStatusEx
LoadLibraryExA
RtlUnwindEx
TlsGetValue
FreeLibraryAndExitThread
GetFileType
HeapSize
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetCurrentProcessorNumber
HeapAlloc
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetACP
IsDebuggerPresent
SetUnhandledExceptionFilter
GetThreadContext
AddVectoredExceptionHandler
ReleaseSRWLockExclusive
GetOEMCP
HeapReAlloc
GetProcessHeap
FindFirstFileExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
InitializeSRWLock
SetStdHandle
GetCurrentDirectoryW
FreeConsole
GetStdHandle
SetConsoleScreenBufferSize
LoadLibraryA
MultiByteToWideChar
CreateEventW
RemoveVectoredExceptionHandler
CreateSemaphoreW
ReleaseSemaphore
DeleteCriticalSection
CreateEventExW
K32EnumProcessModules
K32GetModuleInformation
K32GetModuleBaseNameA
GetCurrentThread
RtlCaptureContext
QueryPerformanceCounter
GetTempFileNameA
CreateProcessA
GetComputerNameW
GetFileSize
GetLocalTime
DeleteFileA
QueryPerformanceFrequency
CreateFileA
GetTempPathA
Sleep
CreateFileW
WriteFile
ReadFile
GetLastError
CreateEventA
SetProcessWorkingSetSize
GetSystemPreferredUILanguages
GetSystemTime
FreeLibrary
SystemTimeToFileTime
GetProcAddress
LoadLibraryW
RaiseException
WideCharToMultiByte
MulDiv
SetConsoleTextAttribute
FindClose
CloseHandle
SetEvent
K32GetProcessMemoryInfo
GetTickCount64
GetCurrentThreadId
GetFileAttributesW
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
SetThreadPriority
GetLocaleInfoEx
GetModuleFileNameW
EnterCriticalSection
GetPhysicallyInstalledSystemMemory
GetGeoInfoA
CreateDirectoryW
GetCommandLineA
GetCurrentProcess
VirtualQueryEx
SetPriorityClass

user32

CreateWindowExA
DefWindowProcA
RegisterClassA
SystemParametersInfoA
PeekMessageA
UnregisterClassA
GetCursorPos
IsWindow
GetLastInputInfo
MessageBoxA
GetWindowLongW
SetPropA
SendDlgItemMessageW
IsDlgButtonChecked
GetPropA
CheckDlgButton
EnableWindow
LoadBitmapW
FillRect
LoadCursorA
DispatchMessageA
GetMessageA
AdjustWindowRectEx
LoadCursorW
LoadImageW
EnumDisplaySettingsA
GetWindowThreadProcessId
GetForegroundWindow
RegisterWindowMessageW
EnumDisplayMonitors
LoadIconW
GetMonitorInfoW
EnumDisplayDevicesW
DisplayConfigGetDeviceInfo
EnumDisplaySettingsW
DestroyWindow
GetDC
SetActiveWindow
UnregisterClassW
WaitMessage
GetActiveWindow
PeekMessageW
GetUpdateRect
DrawTextW
UpdateWindow
DrawFrameControl
ReleaseDC
EndPaint
SendInput
GetPhysicalCursorPos
LogicalToPhysicalPoint
MapVirtualKeyW
ScreenToClient
GetRawInputDeviceInfoW
GetKeyboardLayoutNameW
GetKeyboardLayout
SetPhysicalCursorPos
PhysicalToLogicalPoint
RegisterRawInputDevices
ActivateKeyboardLayout
GetKeyNameTextW
GetRawInputDeviceList
SetCursorPos
DefWindowProcW
GetSystemMenu
PostMessageW
InsertMenuItemW
MonitorFromWindow
SetWindowLongPtrW
CreateWindowExW
GetWindowLongPtrW
RegisterClassExW
SetWindowPlacement
GetRawInputData
AdjustWindowRect
DrawMenuBar
CheckMenuItem
PostQuitMessage
GetParent
InvalidateRect
IsIconic
SetClassLongPtrW
GetCursorInfo
ClientToScreen
ClipCursor
SetCursor
GetClientRect
ShowCursor
GetKeyState
GetWindowRect
SetWindowPos
SendMessageW
EndDialog
SetWindowTextW
ShowWindow
SetTimer
SetWindowTextA
SetFocus
FlashWindowEx
GetDlgItem
KillTimer
DialogBoxParamW
SetForegroundWindow
GetMessageW
MessageBoxW
GetSystemMetrics
DispatchMessageW
IntersectRect
TranslateMessage
PostThreadMessageW
SystemParametersInfoW
IsWindowVisible
BeginPaint

usp10

ScriptShape
ScriptItemize

gdi32

AddFontResourceExW
GetGlyphOutlineA
GetStockObject
RemoveFontMemResourceEx
DeleteObject
SetStretchBltMode
GetObjectW
SetTextColor
DeleteDC
GetDeviceCaps
CreateFontW
GetTextExtentPointW
StretchBlt
CreateCompatibleDC
SelectObject
SetBkMode
Polyline
CreateCompatibleBitmap
BitBlt
AddFontMemResourceEx
GetGlyphOutlineW
GetGlyphIndicesW
CreateFontIndirectA

advapi32

EventSetInformation
EventWriteTransfer
EventRegister
EventUnregister
RegQueryValueExA
RegOpenKeyExA
GetUserNameA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegGetValueA
RegCreateKeyExA
RegQueryValueExW
GetUserNameW
RegOpenKeyExW
RegCloseKey
RegSetValueExA

shell32

SHCreateDirectoryExW
ShellExecuteW
ShellExecuteExW
SHGetFolderPathW

ole32

PropVariantClear
CLSIDFromString
CoCreateInstance
CoTaskMemFree
StringFromCLSID
CoCreateGuid
CoInitializeEx
CoUninitialize

shlwapi

ord219

setupapi

SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfacePropertyW
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiOpenDeviceInterfaceW
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceRegistryPropertyW

dbghelp

MiniDumpWriteDump

winhttp

WinHttpSendRequest
WinHttpSetTimeouts
WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpReceiveResponse
WinHttpWriteData
WinHttpSetStatusCallback

api-ms-win-core-synch-l1-2-0

WakeByAddressAll
WaitOnAddress

hid

HidD_GetSerialNumberString
HidD_GetProductString
HidD_SetFeature
HidD_FreePreparsedData
HidD_GetPreparsedData
HidD_GetAttributes
HidP_GetValueCaps
HidP_GetCaps
HidD_GetHidGuid
HidD_GetFeature
HidD_GetManufacturerString

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime
timeGetDevCaps

faultrep

ReportFault

bcrypt

BCryptDestroyHash
BCryptHashData
BCryptCreateHash
BCryptFinishHash
BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider

crypt32

CryptBinaryToStringA
CryptBinaryToStringW

steam_api64

SteamInternal_ContextInit
SteamAPI_UnregisterCallResult
SteamAPI_RestartAppIfNecessary
SteamInternal_SteamAPI_Init
SteamAPI_RegisterCallResult
SteamAPI_Shutdown
SteamAPI_RunCallbacks
SteamAPI_RegisterCallback
SteamAPI_UnregisterCallback
SteamAPI_GetHSteamUser
SteamInternal_FindOrCreateUserInterface
SteamAPI_IsSteamRunning

uxtheme

EnableThemeDialogTexture

ws2_32

connect
htonl
WSARecvFrom
ioctlsocket
setsockopt
WSAGetLastError
socket
getsockname
WSACleanup
__WSAFDIsSet
accept
bind
closesocket
select
WSASend
shutdown
listen
WSASendTo
recv
WSAStartup

Exports

Exports

AmdPowerXpressRequestHighPerformance
D3D12SDKPath
D3D12SDKVersion
GameMainProg
MainProg
NVSDK_NGX_D3D12_AllocateParameters
NVSDK_NGX_D3D12_CreateFeature
NVSDK_NGX_D3D12_DestroyParameters
NVSDK_NGX_D3D12_EvaluateFeature
NVSDK_NGX_D3D12_EvaluateFeature_C
NVSDK_NGX_D3D12_GetCapabilityParameters
NVSDK_NGX_D3D12_GetFeatureRequirements
NVSDK_NGX_D3D12_GetParameters
NVSDK_NGX_D3D12_GetScratchBufferSize
NVSDK_NGX_D3D12_ReleaseFeature
NVSDK_NGX_D3D12_Shutdown
NVSDK_NGX_D3D12_Shutdown1
NVSDK_NGX_Parameter_GetD
NVSDK_NGX_Parameter_GetD3d11Resource
NVSDK_NGX_Parameter_GetD3d12Resource
NVSDK_NGX_Parameter_GetF
NVSDK_NGX_Parameter_GetI
NVSDK_NGX_Parameter_GetUI
NVSDK_NGX_Parameter_GetULL
NVSDK_NGX_Parameter_GetVoidPointer
NVSDK_NGX_Parameter_SetD
NVSDK_NGX_Parameter_SetD3d11Resource
NVSDK_NGX_Parameter_SetD3d12Resource
NVSDK_NGX_Parameter_SetF
NVSDK_NGX_Parameter_SetI
NVSDK_NGX_Parameter_SetUI
NVSDK_NGX_Parameter_SetULL
NVSDK_NGX_Parameter_SetVoidPointer
NVSDK_NGX_UpdateFeature
NvOptimusEnablement

Sections

.text
Size: 23.2MB - Virtual size: 23.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6.1MB - Virtual size: 110.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7.4MB - Virtual size: 7.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

780d0a39830e426e0077321faadf2d57

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:37:77:3d:9d:48:b9:fa:17:7b:dd:ec:c2:5d:67:4cCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

f4:af:20:74:d9:56:d5:02:67:51:54:b7:f1:5c:e6:fb:03:49:1d:00Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

usp10

gdi32

advapi32

shell32

ole32

shlwapi

setupapi

dbghelp

winhttp

api-ms-win-core-synch-l1-2-0

hid

winmm

faultrep

bcrypt

crypt32

steam_api64

uxtheme

ws2_32

Exports

Exports

Sections

.text Size: 23.2MB - Virtual size: 23.2MB

.rdata Size: 5.3MB - Virtual size: 5.3MB

.data Size: 6.1MB - Virtual size: 110.9MB

.pdata Size: 1.2MB - Virtual size: 1.2MB

_RDATA Size: 78KB - Virtual size: 78KB

.rsrc Size: 7.4MB - Virtual size: 7.4MB

.reloc Size: 478KB - Virtual size: 477KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:37:77:3d:9d:48:b9:fa:17:7b:dd:ec:c2:5d:67:4c
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

f4:af:20:74:d9:56:d5:02:67:51:54:b7:f1:5c:e6:fb:03:49:1d:00
Signer

.text
Size: 23.2MB - Virtual size: 23.2MB

.rdata
Size: 5.3MB - Virtual size: 5.3MB

.data
Size: 6.1MB - Virtual size: 110.9MB

.pdata
Size: 1.2MB - Virtual size: 1.2MB

_RDATA
Size: 78KB - Virtual size: 78KB

.rsrc
Size: 7.4MB - Virtual size: 7.4MB

.reloc
Size: 478KB - Virtual size: 477KB