Recroom_Release[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Recroom_Release.exe
Size

22.4MB
MD5

965f5439512b5a574b87b899df95f723
SHA1

f6e5dc121197cf0a379867b663d8285fe84383bd
SHA256

4aff6f9509b779732b7ff0206becc9a08de22a05fcd5bcee471114690f9c24fa
SHA512

e0af4c57554b5e7ee22a170ff4d6830ca428f26ae785a4969366521b611615c086ea685224c6f06d5748c4ffc08ddc577a725b8c1d83012c503bf951c5c71dd6
SSDEEP

393216:/otZFbb8ubi83T97+rOA4AWGABPMtYa4pGDZCbpX:3p7NZ2B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Recroom_Release.exe

Files

Recroom_Release.exe
.exe windows:5 windows x64 arch:x64

9f757e174d6c61d7db8103a4b1eba336

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\buildslave\unity\build\artifacts\win64_release_StandalonePlayer_mono_0\player_win_x64.pdb

Imports

hid

HidD_GetPreparsedData
HidD_GetHidGuid
HidD_GetProductString
HidD_GetManufacturerString
HidD_GetSerialNumberString
HidD_GetIndexedString
HidP_GetButtonCaps
HidP_GetCaps
HidP_MaxDataListLength
HidD_FreePreparsedData
HidP_GetValueCaps
HidD_GetAttributes
HidP_GetData

kernel32

MoveFileExW
GetFileAttributesExW
SetFileTime
SystemTimeToFileTime
GetSystemTime
CreateFileW
CopyFileW
FindClose
FindNextFileW
FindFirstFileW
FindFirstFileExW
SetFilePointer
ReplaceFileW
GetTempFileNameW
GetModuleFileNameW
VerifyVersionInfoW
VerSetConditionMask
GetVersionExW
GetSystemPowerStatus
GetSystemInfo
GetModuleHandleW
GlobalMemoryStatusEx
GetCurrentProcess
GetUserDefaultUILanguage
GetModuleHandleA
GetTickCount
LoadLibraryW
LocalAlloc
GetCurrentProcessId
SetUnhandledExceptionFilter
CreateThread
OpenEventW
DebugBreak
GetCurrentDirectoryW
GetComputerNameW
GetCommandLineW
GetTempPathW
CreateSemaphoreA
ResetEvent
GetOverlappedResult
SetEvent
CreateEventA
CreateEventW
CancelIo
WaitForMultipleObjects
GetStartupInfoA
VirtualProtect
VirtualFree
VirtualAlloc
IsDebuggerPresent
SetDllDirectoryW
GetFullPathNameW
ReleaseMutex
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateIoCompletionPort
GetQueuedCompletionStatus
GetWindowsDirectoryW
SleepEx
RaiseException
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
SetThreadPriority
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
SetHandleInformation
GetLocalTime
GetTimeZoneInformation
InitializeCriticalSection
LoadLibraryExW
GetFileSize
FileTimeToDosDateTime
FileTimeToLocalFileTime
GlobalLock
GetFileTime
VirtualQuery
GlobalMemoryStatus
SetErrorMode
FlushConsoleInputBuffer
GetStdHandle
DeleteFileW
SetThreadAffinityMask
WaitForSingleObject
GetProcessAffinityMask
ExitThread
InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList
InterlockedFlushSList
CreateFileA
OpenEventA
SetWaitableTimer
CreateWaitableTimerA
GetSystemDirectoryA
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetProcessHeap
GetDriveTypeW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
IsValidCodePage
GetOEMCP
GetACP
SetStdHandle
GetConsoleCP
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
SetHandleCount
HeapCreate
HeapSetInformation
TerminateProcess
UnhandledExceptionFilter
CompareStringW
GetCPInfo
LCMapStringW
PeekNamedPipe
GetFileInformationByHandle
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
GetFullPathNameA
GetTimeFormatA
GetDateFormatA
FindFirstFileExA
GetDriveTypeA
FileTimeToSystemTime
GetStartupInfoW
GetCommandLineA
SetConsoleCtrlHandler
DuplicateHandle
HeapSize
HeapQueryInformation
ExitProcess
RtlUnwindEx
RtlPcToFileHeader
HeapAlloc
HeapReAlloc
HeapFree
GetStringTypeW
GetLocaleInfoW
DecodePointer
EncodePointer
CreateMutexW
FlushInstructionCache
CreateSemaphoreW
SignalObjectAndWait
GetModuleHandleExA
LoadLibraryExA
GetThreadLocale
VerifyVersionInfoA
ExpandEnvironmentStringsA
GetFileType
GetVersion
GlobalUnlock
GetVersionExA
GetModuleFileNameA
GetFileAttributesA
GetEnvironmentVariableA
LoadLibraryA
RemoveDirectoryW
SwitchToThread
CreateDirectoryW
GetProcAddress
SetEndOfFile
WriteFile
GetCurrentThreadId
CreateMutexA
ExpandEnvironmentStringsW
GetDiskFreeSpaceExA
FormatMessageW
GetCurrentDirectoryA
lstrcpynW
GlobalAlloc
CloseHandle
SetFilePointerEx
ReadFile
OutputDebugStringA
SetEnvironmentVariableA
GetCurrentThread
RtlCaptureContext
SuspendThread
GetThreadContext
ResumeThread
RtlLookupFunctionEntry
RtlVirtualUnwind
SetLastError
FreeLibrary
lstrcpyA
lstrcpynA
GetFileAttributesW
SetFileAttributesW
LocalFree
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
WideCharToMultiByte
MultiByteToWideChar
GetLastError
ReleaseSemaphore
WaitForSingleObjectEx
Sleep
FormatMessageA
QueryPerformanceFrequency
QueryPerformanceCounter
lstrlenA

user32

WindowFromPoint
UpdateWindow
LoadImageW
DialogBoxParamA
GetCaretBlinkTime
CreateDialogParamW
PeekMessageW
IsDialogMessageW
DispatchMessageW
MsgWaitForMultipleObjects
ValidateRect
SetTimer
EnableWindow
EnumDisplayDevicesA
EnumDisplaySettingsA
RegisterClassW
PeekMessageA
GetMessageA
KillTimer
wvsprintfA
MessageBoxW
EnumWindows
RegisterWindowMessageA
IsClipboardFormatAvailable
GetClipboardData
GetSystemMetrics
OpenClipboard
SetClipboardData
CloseClipboard
CheckDlgButton
GetUserObjectInformationA
GetThreadDesktop
SetCursor
LoadCursorA
DestroyCursor
DestroyIcon
SendMessageA
GetParent
GetWindowRect
GetWindowLongA
SetWindowPos
GetClientRect
GetWindowLongPtrA
DefWindowProcW
DestroyWindow
CreateDialogParamA
SetWindowLongPtrA
GetDlgItem
ChangeDisplaySettingsW
SetWindowLongA
MonitorFromWindow
EnumDisplaySettingsW
GetMonitorInfoW
UnregisterClassW
GetAncestor
OffsetRect
CopyRect
GetDesktopWindow
MessageBoxA
GetWindowPlacement
AdjustWindowRectEx
SetDlgItemTextW
SetDlgItemTextA
SendDlgItemMessageW
LoadIconA
EndDialog
DialogBoxParamW
RegisterClassExW
EnumDisplayMonitors
SetCapture
ReleaseCapture
UnregisterDeviceNotification
DispatchMessageA
TranslateMessage
PtInRect
GetMessageExtraInfo
GetAsyncKeyState
GetKeyState
RegisterRawInputDevices
EmptyClipboard
GetMessageTime
GetMessagePos
RegisterDeviceNotificationW
SystemParametersInfoW
GetRawInputData
GetFocus
IsWindowVisible
GetCursorPos
ClientToScreen
GetKeyNameTextW
GetProcessWindowStation
GetUserObjectInformationW
GetRawInputDeviceInfoW
GetRawInputDeviceList
GetWindowLongPtrW
SetWindowLongPtrW
PostQuitMessage
GetMonitorInfoA
SetFocus
ShowCursor
SetWindowTextW
SendMessageTimeoutA
IsIconic
ShowWindow
SetForegroundWindow
wsprintfA
GetDC
ReleaseDC
CreateIconIndirect
ScreenToClient
CreateWindowExW
MonitorFromPoint
ClipCursor
SetCursorPos
MonitorFromRect
CopyImage
IsDlgButtonChecked

version

GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeA

ole32

CoUninitialize
CoSetProxyBlanket
PropVariantClear
CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid
StringFromGUID2
CoInitialize
CoCreateInstance

shlwapi

SHDeleteKeyW
PathCanonicalizeW
PathFileExistsW

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW

advapi32

CryptReleaseContext
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegDeleteValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyW
OpenProcessToken
GetTokenInformation
GetSidSubAuthority
GetUserNameA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptGetHashParam
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW

gdi32

GetObjectA
SwapBuffers
ChoosePixelFormat
SetPixelFormat
DeleteObject
CreateBitmap
CreateDIBSection
GetDeviceCaps

shell32

ShellExecuteW
SHFileOperationW
CommandLineToArgvW
SHGetFolderPathW

opengl32

wglGetProcAddress
wglDeleteContext
wglMakeCurrent
wglCreateContext
wglGetCurrentContext
wglGetCurrentDC

winmm

waveInGetNumDevs
timeBeginPeriod
timeGetTime
waveOutGetNumDevs
waveOutGetDevCapsA
waveOutGetDevCapsW
waveOutClose
waveOutOpen
waveOutUnprepareHeader
waveOutWrite
waveOutReset
waveOutGetPosition
waveInAddBuffer
waveInPrepareHeader
waveInUnprepareHeader
waveInGetDevCapsA
waveInGetDevCapsW
waveInStart
waveInOpen
waveInClose
waveInReset
waveOutPrepareHeader
timeEndPeriod

ws2_32

listen
connect
closesocket
socket
bind
inet_addr
__WSAFDIsSet
setsockopt
send
select
getsockname
gethostname
gethostbyname
ntohl
htonl
ntohs
htons
getprotobyname
accept
WSAGetLastError
WSAStartup
getpeername
recvfrom
WSACleanup
shutdown
WSAIoctl
WSARecvFrom
ioctlsocket
WSASetLastError
WSASocketA
freeaddrinfo
sendto
getaddrinfo
getnameinfo
WSASetEvent
WSAEnumNetworkEvents
WSAResetEvent
WSAWaitForMultipleEvents
WSACloseEvent
WSACreateEvent
WSAEventSelect
getsockopt
WSACancelAsyncRequest
WSAAsyncGetHostByName
recv
inet_ntoa

oleaut32

VariantChangeType
VariantClear
VariantInit
SysFreeString
SysAllocString

imm32

ImmReleaseContext
ImmSetOpenStatus
ImmGetCompositionStringW
ImmGetConversionStatus
ImmAssociateContextEx
ImmAssociateContext
ImmGetContext
ImmSetCompositionStringW

dnsapi

DnsQuery_A
DnsFree

iphlpapi

GetIpAddrTable

winhttp

WinHttpGetIEProxyConfigForCurrentUser

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 17.0MB - Virtual size: 17.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 700KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 892KB - Virtual size: 896KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.trace
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data1
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 554KB - Virtual size: 556KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 174KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f757e174d6c61d7db8103a4b1eba336

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

hid

kernel32

user32

version

ole32

shlwapi

setupapi

advapi32

gdi32

shell32

opengl32

winmm

ws2_32

oleaut32

imm32

dnsapi

iphlpapi

winhttp

Exports

Exports

Sections

.text Size: 17.0MB - Virtual size: 17.0MB

.rdata Size: 3.0MB - Virtual size: 3.0MB

.data Size: 700KB - Virtual size: 1.4MB

.pdata Size: 892KB - Virtual size: 896KB

.rodata Size: 3KB - Virtual size: 4KB

.trace Size: 38KB - Virtual size: 40KB

.data1 Size: 512B - Virtual size: 4KB

_RDATA Size: 4KB - Virtual size: 8KB

.rsrc Size: 554KB - Virtual size: 556KB

.reloc Size: 174KB - Virtual size: 176KB

.text
Size: 17.0MB - Virtual size: 17.0MB

.rdata
Size: 3.0MB - Virtual size: 3.0MB

.data
Size: 700KB - Virtual size: 1.4MB

.pdata
Size: 892KB - Virtual size: 896KB

.rodata
Size: 3KB - Virtual size: 4KB

.trace
Size: 38KB - Virtual size: 40KB

.data1
Size: 512B - Virtual size: 4KB

_RDATA
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 554KB - Virtual size: 556KB

.reloc
Size: 174KB - Virtual size: 176KB