adf827194146b6bf6110128888181efce859014efe4ff9c5f7ea38851b711b9f

Sharing

Copy URL Twitter E-mail

General

Target

adf827194146b6bf6110128888181efce859014efe4ff9c5f7ea38851b711b9f
Size

241KB
MD5

3daf639662ff29dd28eee674f04d9e9e
SHA1

fc1c37f4eb42a4dc91914c8c28db42106ca884ef
SHA256

adf827194146b6bf6110128888181efce859014efe4ff9c5f7ea38851b711b9f
SHA512

03a10ac2e34d4d2203a04680bdd933b557dfd03a5a0181ce10b8b9baaa02e3587344fcd333a01ee98ee6dde645225064dec1364a7b396210ab4c803124e28032
SSDEEP

6144:wdsvD+DkejbnhyM61X53UIV0AGz++PMd2g9ON8UzTP2RiSLQewFc1LLaP3L67a:wdsvD+DkejbnhyM61X53UK0AGzid2g9X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
adf827194146b6bf6110128888181efce859014efe4ff9c5f7ea38851b711b9f

Files

adf827194146b6bf6110128888181efce859014efe4ff9c5f7ea38851b711b9f
.dll windows:5 windows x86 arch:x86

13f64f3801c4671aed830dfff0dc6521

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\builds\build-mmsource\windows-2.0\OUTPUT\core\metamod.2.tf2\windows-x86\metamod.2.tf2.pdb

Imports

kernel32

FindClose
FindFirstFileA
FindNextFileA
GetLastError
FormatMessageA
VirtualQuery
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemInfo
VirtualProtect
VirtualFree
IsBadReadPtr
VirtualAlloc
DecodePointer
SetEndOfFile
ReadConsoleW
ReadFile
HeapReAlloc
HeapSize
GetStringTypeW
SetFilePointerEx
GetFileSizeEx
CreateFileW
SetStdHandle
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
RtlUnwind
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetFullPathNameW
GetStdHandle
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
GetDriveTypeW
GetCurrentDirectoryW
ExitProcess
HeapAlloc
HeapFree
LCMapStringW
CloseHandle
GetFileAttributesExW
WriteFile
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode

tier0

_AssertValidWritePtr
_AssertValidReadPtr
CommandLine_Tier0
MemFreeScratch
MemAllocScratch
?ConMsg@@YAXPBDZZ
?DevMsg@@YAXPBDZZ
Error
AssertValidStringPtr
Warning
g_pMemAlloc

vstdlib

KeyValuesSystem

Exports

Exports

GetGameDllBridge
GetVspBridge
cvar

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

13f64f3801c4671aed830dfff0dc6521

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

tier0

vstdlib

Exports

Exports

Sections

.text Size: 181KB - Virtual size: 180KB

.rdata Size: 41KB - Virtual size: 41KB

.data Size: 7KB - Virtual size: 22KB

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 181KB - Virtual size: 180KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 7KB - Virtual size: 22KB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 9KB - Virtual size: 9KB